Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win xp startet mit fast leerem Desktop

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.11.2012, 14:45   #31
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Das erste log (der Durchlauf bei dem gelöscht wurde):

Code:
ATTFilter
14:24:10.0156 3952  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:24:10.0250 3952  ============================================================
14:24:10.0250 3952  Current date / time: 2012/11/08 14:24:10.0250
14:24:10.0250 3952  SystemInfo:
14:24:10.0250 3952  
14:24:10.0250 3952  OS Version: 5.1.2600 ServicePack: 2.0
14:24:10.0250 3952  Product type: Workstation
14:24:10.0250 3952  ComputerName: PC132431016427
14:24:10.0250 3952  UserName: ***
14:24:10.0250 3952  Windows directory: C:\WINDOWS
14:24:10.0250 3952  System windows directory: C:\WINDOWS
14:24:10.0250 3952  Processor architecture: Intel x86
14:24:10.0250 3952  Number of processors: 1
14:24:10.0250 3952  Page size: 0x1000
14:24:10.0250 3952  Boot type: Normal boot
14:24:10.0250 3952  ============================================================
14:24:19.0359 3952  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:24:19.0390 3952  ============================================================
14:24:19.0390 3952  \Device\Harddisk0\DR0:
14:24:19.0390 3952  MBR partitions:
14:24:19.0390 3952  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
14:24:19.0390 3952  ============================================================
14:24:19.0437 3952  C: <-> \Device\Harddisk0\DR0\Partition1
14:24:19.0453 3952  ============================================================
14:24:19.0453 3952  Initialize success
14:24:19.0453 3952  ============================================================
14:24:34.0171 2096  ============================================================
14:24:34.0171 2096  Scan started
14:24:34.0171 2096  Mode: Manual; SigCheck; TDLFS; 
14:24:34.0171 2096  ============================================================
14:24:36.0906 2096  ================ Scan system memory ========================
14:24:48.0109 2096  System memory - ok
14:24:48.0125 2096  ================ Scan services =============================
14:24:48.0234 2096  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
14:24:48.0453 2096  AAV UpdateService - ok
14:24:48.0625 2096  Abiosdsk - ok
14:24:48.0640 2096  abp480n5 - ok
14:24:48.0703 2096  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:24:48.0984 2096  ACPI - ok
14:24:49.0015 2096  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:24:49.0250 2096  ACPIEC - ok
14:24:49.0328 2096  [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:24:49.0453 2096  AdobeFlashPlayerUpdateSvc - ok
14:24:49.0468 2096  adpu160m - ok
14:24:49.0546 2096  [ 1EE7B434BA961EF845DE136224C30FEC ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:24:50.0031 2096  aec - ok
14:24:50.0078 2096  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:24:50.0609 2096  AFD - ok
14:24:50.0625 2096  Aha154x - ok
14:24:50.0656 2096  aic78u2 - ok
14:24:50.0671 2096  aic78xx - ok
14:24:50.0703 2096  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:24:50.0921 2096  Alerter - ok
14:24:50.0968 2096  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG             C:\WINDOWS\System32\alg.exe
14:24:51.0187 2096  ALG - ok
14:24:51.0234 2096  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
14:24:51.0468 2096  AliIde - ok
14:24:51.0531 2096  [ 769844EB65DF6A62AA51B886290FE51D ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:24:51.0671 2096  AmdK8 - ok
14:24:51.0687 2096  amsint - ok
14:24:51.0796 2096  [ 69DA2BB73AC426CDEEBDACC68438BA3D ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:24:51.0906 2096  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
14:24:51.0906 2096  Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
14:24:51.0921 2096  AppMgmt - ok
14:24:51.0984 2096  [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:24:52.0171 2096  Arp1394 - ok
14:24:52.0187 2096  asc - ok
14:24:52.0218 2096  asc3350p - ok
14:24:52.0234 2096  asc3550 - ok
14:24:52.0328 2096  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
14:24:52.0531 2096  aspnet_state ( UnsignedFile.Multi.Generic ) - warning
14:24:52.0531 2096  aspnet_state - detected UnsignedFile.Multi.Generic (1)
14:24:52.0562 2096  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:24:52.0734 2096  AsyncMac - ok
14:24:52.0781 2096  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:24:53.0000 2096  atapi - ok
14:24:53.0000 2096  Atdisk - ok
14:24:53.0078 2096  [ E548EB303255721145418F85B77B9D8A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:24:53.0265 2096  Ati HotKey Poller - ok
14:24:53.0359 2096  [ 6EF070828E7B8C6F45D8F0E9CE28CA8B ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:24:53.0812 2096  ati2mtag - ok
14:24:53.0890 2096  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:24:54.0281 2096  Atmarpc - ok
14:24:54.0328 2096  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:24:54.0531 2096  AudioSrv - ok
14:24:54.0578 2096  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:24:54.0843 2096  audstub - ok
14:24:54.0937 2096  [ FA4A4A50B4B2647AFEDC676CC68C69CC ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:24:55.0171 2096  BCM43XX - ok
14:24:55.0187 2096  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:24:55.0546 2096  Beep - ok
14:24:55.0625 2096  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll
14:24:58.0828 2096  BITS - ok
14:24:58.0953 2096  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser         C:\WINDOWS\System32\browser.dll
14:24:59.0125 2096  Browser - ok
14:24:59.0171 2096  [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
14:24:59.0281 2096  BTWUSB ( UnsignedFile.Multi.Generic ) - warning
14:24:59.0281 2096  BTWUSB - detected UnsignedFile.Multi.Generic (1)
14:24:59.0328 2096  [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD         C:\WINDOWS\system32\drivers\camc6aud.sys
14:24:59.0453 2096  CAMCAUD - ok
14:24:59.0500 2096  [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA        C:\WINDOWS\system32\drivers\camc6hal.sys
14:24:59.0687 2096  CAMCHALA - ok
14:24:59.0703 2096  catchme - ok
14:24:59.0765 2096  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:25:00.0000 2096  cbidf2k - ok
14:25:00.0046 2096  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:25:00.0234 2096  CCDECODE - ok
14:25:00.0250 2096  cd20xrnt - ok
14:25:00.0296 2096  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:25:00.0796 2096  Cdaudio - ok
14:25:00.0859 2096  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:25:01.0046 2096  Cdfs - ok
14:25:01.0078 2096  [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv        C:\WINDOWS\system32\drivers\cdrbsdrv.sys
14:25:01.0125 2096  cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
14:25:01.0125 2096  cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
14:25:01.0171 2096  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:25:01.0343 2096  Cdrom - ok
14:25:01.0359 2096  Changer - ok
14:25:01.0406 2096  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:25:01.0656 2096  CiSvc - ok
14:25:01.0687 2096  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:25:01.0890 2096  ClipSrv - ok
14:25:01.0937 2096  [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:25:02.0125 2096  CmBatt - ok
14:25:02.0156 2096  CmdIde - ok
14:25:02.0203 2096  [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:25:02.0437 2096  Compbatt - ok
14:25:02.0453 2096  COMSysApp - ok
14:25:02.0484 2096  Cpqarray - ok
14:25:02.0531 2096  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:25:02.0718 2096  CryptSvc - ok
14:25:02.0734 2096  dac2w2k - ok
14:25:02.0750 2096  dac960nt - ok
14:25:02.0828 2096  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:25:03.0062 2096  DcomLaunch - ok
14:25:03.0109 2096  [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:25:03.0718 2096  Dhcp - ok
14:25:03.0796 2096  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:25:03.0984 2096  Disk - ok
14:25:04.0000 2096  dmadmin - ok
14:25:04.0093 2096  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:25:04.0359 2096  dmboot - ok
14:25:04.0406 2096  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:25:04.0593 2096  dmio - ok
14:25:04.0640 2096  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:25:04.0859 2096  dmload - ok
14:25:04.0906 2096  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:25:05.0156 2096  dmserver - ok
14:25:05.0187 2096  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:25:05.0390 2096  DMusic - ok
14:25:05.0421 2096  [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:25:05.0984 2096  Dnscache - ok
14:25:06.0000 2096  dpti2o - ok
14:25:06.0046 2096  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:25:06.0218 2096  drmkaud - ok
14:25:06.0265 2096  [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr        C:\WINDOWS\system32\drivers\EABFiltr.sys
14:25:06.0437 2096  eabfiltr - ok
14:25:06.0468 2096  [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb          C:\WINDOWS\system32\drivers\eabusb.sys
14:25:06.0562 2096  eabusb - ok
14:25:06.0609 2096  [ 59C9E1336A4508F059827D638E924C62 ] ElbyCDFL        C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
14:25:06.0687 2096  ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
14:25:06.0687 2096  ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
14:25:06.0734 2096  [ 389823DB299B350F2EE830D47376EEAC ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
14:25:06.0843 2096  ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
14:25:06.0843 2096  ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
14:25:06.0890 2096  [ C4143FC2F7D39A5A8B1CFE0BC4BD8A9E ] ElbyVCD         C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
14:25:06.0937 2096  ElbyVCD ( UnsignedFile.Multi.Generic ) - warning
14:25:06.0937 2096  ElbyVCD - detected UnsignedFile.Multi.Generic (1)
14:25:07.0000 2096  [ 877A4512CC9074D6954776AF47021766 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:25:07.0203 2096  ERSvc - ok
14:25:07.0265 2096  [ A07CA23EA361A01E627D911CF139B950 ] Eventlog        C:\WINDOWS\system32\services.exe
14:25:07.0468 2096  Eventlog - ok
14:25:07.0531 2096  [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem     C:\WINDOWS\system32\es.dll
14:25:07.0625 2096  EventSystem - ok
14:25:07.0734 2096  [ 4A076E190BB9DC3202D95D496878923C ] F-Secure Filter C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys
14:25:07.0796 2096  F-Secure Filter - ok
14:25:07.0859 2096  [ C5D80C3A419BA6BED9AAB9385031A308 ] F-Secure Gatekeeper C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys
14:25:07.0921 2096  F-Secure Gatekeeper - ok
14:25:07.0968 2096  [ 45A0A9A8415DF0C22D0A683D798968CD ] F-Secure Gatekeeper Handler Starter C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
14:25:08.0062 2096  F-Secure Gatekeeper Handler Starter - ok
14:25:08.0140 2096  [ 51B6194B06F8373C7BE83F507F94F405 ] F-Secure HIPS   C:\Programme\F-Secure\HIPS\drivers\fshs.sys
14:25:08.0187 2096  F-Secure HIPS - ok
14:25:08.0281 2096  [ 3F3EC2023F3F5C8ADEE89FC21D67FA8B ] F-Secure Network Request Broker C:\Programme\F-Secure\Common\FNRB32.EXE
14:25:08.0359 2096  F-Secure Network Request Broker - ok
14:25:08.0390 2096  [ 958C6C79676E34582CFD3DA2B32CB343 ] F-Secure Recognizer C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys
14:25:08.0437 2096  F-Secure Recognizer - ok
14:25:08.0468 2096  [ E3B0CD18146F9D51A34969E9BC2458D2 ] FANTOM          C:\WINDOWS\system32\DRIVERS\fantom.sys
14:25:08.0562 2096  FANTOM ( UnsignedFile.Multi.Generic ) - warning
14:25:08.0562 2096  FANTOM - detected UnsignedFile.Multi.Generic (1)
14:25:08.0593 2096  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:25:08.0828 2096  Fastfat - ok
14:25:08.0921 2096  [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:25:09.0500 2096  FastUserSwitchingCompatibility - ok
14:25:09.0531 2096  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:25:09.0718 2096  Fdc - ok
14:25:09.0765 2096  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:25:09.0968 2096  Fips - ok
14:25:10.0015 2096  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:25:10.0187 2096  Flpydisk - ok
14:25:10.0265 2096  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:25:10.0796 2096  FltMgr - ok
14:25:10.0859 2096  [ 18DA737DD5122A475DA4948ED4643675 ] fsbts           C:\WINDOWS\system32\Drivers\fsbts.sys
14:25:10.0906 2096  fsbts - ok
14:25:11.0000 2096  [ 00F5156562FEA93C8CAF5EACC0B9524F ] fsdevcon        C:\Programme\F-Secure\Device Control\\fsdevcon32.exe
14:25:11.0218 2096  fsdevcon - ok
14:25:11.0343 2096  [ AA59C15C31B53A4F26B165737B2E4FEB ] FSDFWD          C:\Programme\F-Secure\FWES\Program\fsdfwd.exe
14:25:11.0625 2096  FSDFWD - ok
14:25:11.0687 2096  [ D7261B0876E4238D680E96B69292B9E0 ] FSFW            C:\WINDOWS\system32\drivers\fsdfw.sys
14:25:11.0765 2096  FSFW - ok
14:25:11.0859 2096  [ E0229353879FD33E15462B862A064FD6 ] FSMA            C:\Programme\F-Secure\Common\FSMA32.EXE
14:25:11.0984 2096  FSMA - ok
14:25:12.0078 2096  [ DD4A7ECF77AD120310648602C0B262EC ] FSORSPClient    C:\Programme\F-Secure\ORSP Client\fsorsp.exe
14:25:12.0171 2096  FSORSPClient - ok
14:25:12.0234 2096  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:25:12.0531 2096  Fs_Rec - ok
14:25:12.0578 2096  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:25:12.0796 2096  Ftdisk - ok
14:25:12.0875 2096  [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB        C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
14:25:13.0015 2096  FWLANUSB - ok
14:25:13.0062 2096  [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:25:13.0125 2096  GEARAspiWDM - ok
14:25:13.0187 2096  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:25:13.0328 2096  Gpc - ok
14:25:13.0421 2096  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:25:13.0609 2096  helpsvc - ok
14:25:13.0656 2096  [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:25:13.0843 2096  HidServ - ok
14:25:13.0890 2096  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:25:14.0109 2096  HidUsb - ok
14:25:14.0125 2096  hpn - ok
14:25:14.0203 2096  [ 7463E7CBDF29B50ACB90574D5769A160 ] hpqwmi          C:\Programme\HPQ\SHARED\HPQWMI.exe
14:25:14.0312 2096  hpqwmi ( UnsignedFile.Multi.Generic ) - warning
14:25:14.0312 2096  hpqwmi - detected UnsignedFile.Multi.Generic (1)
14:25:14.0375 2096  [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI        C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
14:25:14.0484 2096  HSFHWATI - ok
14:25:14.0578 2096  [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:25:15.0046 2096  HSF_DP - ok
14:25:15.0125 2096  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:25:15.0359 2096  HTTP - ok
14:25:15.0406 2096  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:25:15.0734 2096  HTTPFilter - ok
14:25:15.0750 2096  i2omgmt - ok
14:25:15.0765 2096  i2omp - ok
14:25:15.0828 2096  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:25:16.0015 2096  i8042prt - ok
14:25:16.0140 2096  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:25:16.0343 2096  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:25:16.0343 2096  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:25:16.0390 2096  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:25:16.0578 2096  Imapi - ok
14:25:16.0640 2096  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:25:16.0859 2096  ImapiService - ok
14:25:16.0875 2096  ini910u - ok
14:25:16.0921 2096  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:25:17.0093 2096  IntelIde - ok
14:25:17.0156 2096  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:25:17.0328 2096  Ip6Fw - ok
14:25:17.0375 2096  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:25:17.0578 2096  IpFilterDriver - ok
14:25:17.0609 2096  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:25:17.0796 2096  IpInIp - ok
14:25:17.0859 2096  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:25:18.0484 2096  IpNat - ok
14:25:18.0562 2096  [ E1BD28CA09EE8F30E8EDBD6C19F5579D ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
14:25:18.0765 2096  iPod Service - ok
14:25:18.0812 2096  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:25:19.0093 2096  IPSec - ok
14:25:19.0140 2096  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:25:19.0312 2096  IRENUM - ok
14:25:19.0359 2096  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:25:19.0593 2096  isapnp - ok
14:25:19.0609 2096  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:25:19.0796 2096  Kbdclass - ok
14:25:19.0859 2096  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:25:20.0406 2096  kmixer - ok
14:25:20.0468 2096  [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:25:20.0609 2096  KSecDD - ok
14:25:20.0671 2096  [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:25:21.0281 2096  lanmanserver - ok
14:25:21.0328 2096  [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:25:21.0437 2096  lanmanworkstation - ok
14:25:21.0453 2096  lbrtfdc - ok
14:25:21.0531 2096  [ C12476DE1AFFB1BBA1A48A459CEB3D39 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
14:25:21.0593 2096  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:25:21.0593 2096  LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:25:21.0640 2096  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:25:21.0828 2096  LmHosts - ok
14:25:21.0875 2096  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:25:21.0937 2096  mdmxsdk - ok
14:25:21.0968 2096  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:25:22.0171 2096  Messenger - ok
14:25:22.0234 2096  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:25:22.0437 2096  mnmdd - ok
14:25:22.0468 2096  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:25:22.0734 2096  mnmsrvc - ok
14:25:22.0812 2096  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:25:23.0015 2096  Modem - ok
14:25:23.0062 2096  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:25:23.0265 2096  Mouclass - ok
14:25:23.0312 2096  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:25:23.0546 2096  mouhid - ok
14:25:23.0593 2096  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:25:23.0796 2096  MountMgr - ok
14:25:23.0875 2096  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:25:23.0937 2096  MozillaMaintenance - ok
14:25:23.0968 2096  mraid35x - ok
14:25:24.0015 2096  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:25:24.0625 2096  MRxDAV - ok
14:25:24.0687 2096  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:25:25.0156 2096  MRxSmb - ok
14:25:25.0156 2096  MSCSPTISRV - ok
14:25:25.0203 2096  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:25:25.0421 2096  MSDTC - ok
14:25:25.0453 2096  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:25:25.0656 2096  Msfs - ok
14:25:25.0671 2096  MSIServer - ok
14:25:25.0718 2096  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:25:25.0890 2096  MSKSSRV - ok
14:25:25.0921 2096  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:25:26.0125 2096  MSPCLOCK - ok
14:25:26.0156 2096  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:25:26.0343 2096  MSPQM - ok
14:25:26.0375 2096  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:25:26.0562 2096  mssmbios - ok
14:25:26.0609 2096  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
14:25:26.0781 2096  MSTEE - ok
14:25:26.0890 2096  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:25:27.0328 2096  Mup - ok
14:25:27.0390 2096  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:25:27.0984 2096  NABTSFEC - ok
14:25:28.0031 2096  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:25:28.0421 2096  NDIS - ok
14:25:28.0484 2096  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:25:28.0796 2096  NdisIP - ok
14:25:28.0859 2096  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:25:29.0109 2096  NdisTapi - ok
14:25:29.0140 2096  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:25:29.0359 2096  Ndisuio - ok
14:25:29.0406 2096  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:25:29.0593 2096  NdisWan - ok
14:25:29.0625 2096  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:25:29.0828 2096  NDProxy - ok
14:25:29.0875 2096  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:25:30.0062 2096  NetBIOS - ok
14:25:30.0109 2096  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:25:30.0359 2096  NetBT - ok
14:25:30.0421 2096  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:25:30.0656 2096  NetDDE - ok
14:25:30.0671 2096  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:25:30.0859 2096  NetDDEdsdm - ok
14:25:30.0890 2096  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:25:31.0093 2096  Netlogon - ok
14:25:31.0140 2096  [ 1E5218FBE323C375B488318950E10FB4 ] Netman          C:\WINDOWS\System32\netman.dll
14:25:31.0750 2096  Netman - ok
14:25:31.0812 2096  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:25:32.0000 2096  NIC1394 - ok
14:25:32.0046 2096  [ 774274C487493452DF3B0126DBE7FF3B ] Nla             C:\WINDOWS\System32\mswsock.dll
14:25:32.0218 2096  Nla - ok
14:25:32.0265 2096  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:25:32.0453 2096  Npfs - ok
14:25:32.0515 2096  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:25:33.0234 2096  Ntfs - ok
14:25:33.0281 2096  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:25:33.0437 2096  NtLmSsp - ok
14:25:33.0500 2096  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:25:33.0890 2096  NtmsSvc - ok
14:25:33.0937 2096  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:25:34.0203 2096  Null - ok
14:25:34.0250 2096  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:25:34.0515 2096  NwlnkFlt - ok
14:25:34.0546 2096  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:25:34.0781 2096  NwlnkFwd - ok
14:25:34.0875 2096  [ 197DDF60B254A84D8656850397B5F923 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:25:35.0484 2096  ohci1394 - ok
14:25:35.0500 2096  PACSPTISVR - ok
14:25:35.0562 2096  [ B2F17A2EDB5450E61973A037F63A595B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:25:35.0750 2096  Parport - ok
14:25:35.0781 2096  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:25:35.0968 2096  PartMgr - ok
14:25:36.0015 2096  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:25:36.0218 2096  ParVdm - ok
14:25:36.0265 2096  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:25:36.0453 2096  PCI - ok
14:25:36.0468 2096  PCIDump - ok
14:25:36.0500 2096  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:25:36.0687 2096  PCIIde - ok
14:25:36.0718 2096  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:25:36.0937 2096  Pcmcia - ok
14:25:36.0953 2096  PDCOMP - ok
14:25:36.0968 2096  PDFRAME - ok
14:25:36.0984 2096  PDRELI - ok
14:25:37.0000 2096  PDRFRAME - ok
14:25:37.0015 2096  perc2 - ok
14:25:37.0031 2096  perc2hib - ok
14:25:37.0109 2096  [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:25:37.0218 2096  PlugPlay - ok
14:25:37.0250 2096  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:25:37.0421 2096  PolicyAgent - ok
14:25:37.0468 2096  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:25:37.0656 2096  PptpMiniport - ok
14:25:37.0703 2096  [ F04317FB351B75233979DC65D4CEAD54 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
14:25:38.0281 2096  Processor - ok
14:25:38.0328 2096  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:25:38.0500 2096  ProtectedStorage - ok
14:25:38.0562 2096  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:25:38.0734 2096  PSched - ok
14:25:38.0812 2096  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:25:39.0031 2096  Ptilink - ok
14:25:39.0093 2096  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:25:39.0140 2096  PxHelp20 - ok
14:25:39.0156 2096  ql1080 - ok
14:25:39.0171 2096  Ql10wnt - ok
14:25:39.0187 2096  ql12160 - ok
14:25:39.0218 2096  ql1240 - ok
14:25:39.0234 2096  ql1280 - ok
14:25:39.0281 2096  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:25:39.0500 2096  RasAcd - ok
14:25:39.0515 2096  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:25:39.0750 2096  RasAuto - ok
14:25:39.0796 2096  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:25:39.0968 2096  Rasirda - ok
14:25:40.0000 2096  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:25:40.0171 2096  Rasl2tp - ok
14:25:40.0218 2096  [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:25:40.0828 2096  RasMan - ok
14:25:40.0875 2096  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:25:41.0078 2096  RasPppoe - ok
14:25:41.0140 2096  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:25:41.0343 2096  Raspti - ok
14:25:41.0390 2096  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:25:42.0031 2096  Rdbss - ok
14:25:42.0046 2096  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:25:42.0250 2096  RDPCDD - ok
14:25:42.0312 2096  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:25:42.0921 2096  RDPWD - ok
14:25:42.0968 2096  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:25:43.0328 2096  RDSessMgr - ok
14:25:43.0390 2096  [ AA56702E230860565CB8D43680F57F33 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:25:43.0578 2096  redbook - ok
14:25:43.0609 2096  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:25:43.0828 2096  RemoteAccess - ok
14:25:43.0906 2096  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:25:44.0062 2096  RpcLocator - ok
14:25:44.0109 2096  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
14:25:44.0406 2096  RpcSs - ok
14:25:44.0484 2096  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:25:44.0750 2096  RSVP - ok
14:25:44.0828 2096  [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
14:25:44.0953 2096  RTL8023xp - ok
14:25:44.0984 2096  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:25:45.0156 2096  SamSs - ok
14:25:45.0203 2096  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:25:45.0453 2096  SCardSvr - ok
14:25:45.0500 2096  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:25:45.0718 2096  Schedule - ok
14:25:45.0765 2096  [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:25:45.0953 2096  sdbus - ok
14:25:46.0000 2096  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:25:46.0625 2096  Secdrv - ok
14:25:46.0671 2096  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:25:46.0859 2096  seclogon - ok
14:25:46.0953 2096  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll
14:25:47.0609 2096  SENS - ok
14:25:47.0671 2096  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:25:47.0968 2096  serenum - ok
14:25:48.0015 2096  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:25:48.0218 2096  Serial - ok
14:25:48.0265 2096  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:25:48.0437 2096  Sfloppy - ok
14:25:48.0500 2096  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:25:48.0796 2096  SharedAccess - ok
14:25:48.0921 2096  [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:25:49.0593 2096  ShellHWDetection - ok
14:25:49.0609 2096  Simbad - ok
14:25:49.0656 2096  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:25:49.0828 2096  SLIP - ok
14:25:49.0890 2096  [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA         C:\WINDOWS\system32\DRIVERS\smcirda.sys
14:25:50.0078 2096  SMCIRDA - ok
14:25:50.0156 2096  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:25:50.0375 2096  SONYPVU1 - ok
14:25:50.0390 2096  Sparrow - ok
14:25:50.0437 2096  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:25:51.0031 2096  splitter - ok
14:25:51.0078 2096  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:25:52.0093 2096  Spooler - ok
14:25:52.0109 2096  SPTISRV - ok
14:25:52.0187 2096  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:25:52.0562 2096  sr - ok
14:25:52.0625 2096  [ E150E7618328562598F4CE0B5851B5CD ] srservice       C:\WINDOWS\system32\srsvc.dll
14:25:53.0343 2096  srservice - ok
14:25:53.0406 2096  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:25:53.0656 2096  Srv - ok
14:25:53.0703 2096  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:25:53.0890 2096  SSDPSRV - ok
14:25:53.0953 2096  [ 5FFB52404158ABC5D9FF4081BCD67033 ] SSHDRV62        C:\WINDOWS\system32\drivers\SSHDRV62.sys
14:25:54.0062 2096  SSHDRV62 ( UnsignedFile.Multi.Generic ) - warning
14:25:54.0062 2096  SSHDRV62 - detected UnsignedFile.Multi.Generic (1)
14:25:54.0078 2096  [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:25:54.0156 2096  ssmdrv ( UnsignedFile.Multi.Generic ) - warning
14:25:54.0156 2096  ssmdrv - detected UnsignedFile.Multi.Generic (1)
14:25:54.0218 2096  [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:25:54.0984 2096  stisvc - ok
14:25:55.0015 2096  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:25:55.0187 2096  streamip - ok
14:25:55.0265 2096  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:25:55.0453 2096  swenum - ok
14:25:55.0500 2096  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:25:55.0718 2096  swmidi - ok
14:25:55.0734 2096  SwPrv - ok
14:25:55.0765 2096  symc810 - ok
14:25:55.0781 2096  symc8xx - ok
14:25:55.0796 2096  sym_hi - ok
14:25:55.0812 2096  sym_u3 - ok
14:25:55.0859 2096  [ F484C77F748729129D5CC9C965D9F701 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:25:56.0015 2096  SynTP - ok
14:25:56.0062 2096  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:25:56.0265 2096  sysaudio - ok
14:25:56.0328 2096  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:25:56.0593 2096  SysmonLog - ok
14:25:56.0656 2096  [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:25:57.0390 2096  TapiSrv - ok
14:25:57.0437 2096  [ 0A396237C3C4164DE12D7C26450BD69C ] tbhsd           C:\WINDOWS\system32\drivers\tbhsd.sys
14:25:57.0484 2096  tbhsd - ok
14:25:57.0546 2096  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:25:57.0796 2096  Tcpip - ok
14:25:57.0859 2096  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:25:58.0046 2096  TDPIPE - ok
14:25:58.0078 2096  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:25:58.0265 2096  TDTCP - ok
14:25:58.0296 2096  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:25:58.0515 2096  TermDD - ok
14:25:58.0562 2096  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService     C:\WINDOWS\System32\termsrv.dll
14:25:58.0968 2096  TermService - ok
14:25:59.0000 2096  [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:25:59.0671 2096  Themes - ok
14:25:59.0734 2096  [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21          C:\WINDOWS\system32\drivers\tifm21.sys
14:25:59.0859 2096  tifm21 - ok
14:25:59.0890 2096  TosIde - ok
14:25:59.0921 2096  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:26:00.0109 2096  TrkWks - ok
14:26:00.0203 2096  [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag   C:\WINDOWS\System32\TuneUpDefragService.exe
14:26:00.0406 2096  TuneUp.Defrag - ok
14:26:00.0468 2096  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:26:00.0656 2096  Udfs - ok
14:26:00.0671 2096  ultra - ok
14:26:00.0718 2096  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
14:26:00.0843 2096  UMWdf - ok
14:26:00.0921 2096  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:26:01.0265 2096  Update - ok
14:26:01.0281 2096  [ BA85BCF1A2BCF927C3600574173403E0 ] uploadmgr       C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:26:01.0484 2096  uploadmgr - ok
14:26:01.0531 2096  [ 855790C1BACED245A6B210AF430ED17B ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:26:02.0203 2096  upnphost - ok
14:26:02.0265 2096  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS             C:\WINDOWS\System32\ups.exe
14:26:02.0437 2096  UPS - ok
14:26:02.0500 2096  [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
14:26:02.0609 2096  USBAAPL - ok
14:26:02.0671 2096  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
14:26:02.0843 2096  usbaudio - ok
14:26:02.0890 2096  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:26:03.0078 2096  usbccgp - ok
14:26:03.0109 2096  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:26:03.0281 2096  usbehci - ok
14:26:03.0312 2096  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:26:03.0500 2096  usbhub - ok
14:26:03.0531 2096  [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:26:03.0703 2096  usbohci - ok
14:26:03.0750 2096  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:26:03.0953 2096  usbprint - ok
14:26:03.0984 2096  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:26:04.0156 2096  usbscan - ok
14:26:04.0203 2096  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:26:04.0406 2096  USBSTOR - ok
14:26:04.0453 2096  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:26:04.0593 2096  usbuhci - ok
14:26:04.0656 2096  [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
14:26:04.0828 2096  usbvideo - ok
14:26:04.0968 2096  [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp        C:\WINDOWS\System32\uxtuneup.dll
14:26:05.0000 2096  UxTuneUp - ok
14:26:05.0062 2096  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:26:05.0234 2096  VgaSave - ok
14:26:05.0281 2096  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
14:26:05.0453 2096  ViaIde - ok
14:26:05.0484 2096  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:26:05.0718 2096  VolSnap - ok
14:26:05.0828 2096  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS             C:\WINDOWS\System32\vssvc.exe
14:26:06.0281 2096  VSS - ok
14:26:06.0359 2096  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time         C:\WINDOWS\system32\w32time.dll
14:26:06.0546 2096  W32Time - ok
14:26:06.0609 2096  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:26:06.0828 2096  Wanarp - ok
14:26:06.0843 2096  WDICA - ok
14:26:06.0890 2096  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:26:07.0562 2096  wdmaud - ok
14:26:07.0609 2096  [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:26:08.0187 2096  WebClient - ok
14:26:08.0250 2096  [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:26:08.0468 2096  winachsf - ok
14:26:08.0562 2096  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:26:08.0750 2096  winmgmt - ok
14:26:08.0828 2096  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
14:26:08.0937 2096  WmdmPmSN - ok
14:26:09.0000 2096  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:26:09.0171 2096  WmiAcpi - ok
14:26:09.0250 2096  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:26:09.0531 2096  WmiApSrv - ok
14:26:09.0625 2096  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:26:09.0828 2096  wscsvc - ok
14:26:09.0875 2096  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:26:10.0062 2096  WSTCODEC - ok
14:26:10.0093 2096  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:26:10.0296 2096  wuauserv - ok
14:26:10.0359 2096  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:26:10.0656 2096  WZCSVC - ok
14:26:10.0703 2096  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:26:10.0875 2096  xmlprov - ok
14:26:10.0921 2096  ================ Scan global ===============================
14:26:10.0968 2096  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
14:26:11.0031 2096  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:26:11.0062 2096  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:26:11.0093 2096  [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe
14:26:11.0109 2096  [Global] - ok
14:26:11.0109 2096  ================ Scan MBR ==================================
14:26:11.0140 2096  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:26:11.0343 2096  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:26:11.0343 2096  \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:26:11.0343 2096  ================ Scan VBR ==================================
14:26:11.0359 2096  [ BB5271B3CA9D84C96B48592682BEBF32 ] \Device\Harddisk0\DR0\Partition1
14:26:11.0359 2096  \Device\Harddisk0\DR0\Partition1 - ok
14:26:11.0359 2096  ============================================================
14:26:11.0359 2096  Scan finished
14:26:11.0359 2096  ============================================================
14:26:11.0515 2088  Detected object count: 14
14:26:11.0515 2088  Actual detected object count: 14
14:27:03.0281 2088  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0281 2088  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0296 2088  aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0296 2088  aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0296 2088  BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0296 2088  BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0312 2088  cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0312 2088  cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0312 2088  ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0312 2088  ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0328 2088  ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0328 2088  ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0328 2088  ElbyVCD ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0328 2088  ElbyVCD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0328 2088  FANTOM ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0328 2088  FANTOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0343 2088  hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0343 2088  hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0343 2088  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0343 2088  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0359 2088  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0359 2088  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0359 2088  SSHDRV62 ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0359 2088  SSHDRV62 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0375 2088  ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0375 2088  ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:27:03.0437 2088  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:27:03.0453 2088  \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
14:27:03.0453 2088  \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
14:27:03.0453 2088  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
14:27:03.0453 2088  \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
14:27:03.0531 2088  \Device\Harddisk0\DR0\TDLFS - deleted
14:27:03.0531 2088  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 
14:27:23.0187 3864  Deinitialize success
         
Und das zweite nach dem Neustart:

Code:
ATTFilter
14:29:35.0093 3528  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:29:35.0203 3528  ============================================================
14:29:35.0203 3528  Current date / time: 2012/11/08 14:29:35.0203
14:29:35.0203 3528  SystemInfo:
14:29:35.0203 3528  
14:29:35.0203 3528  OS Version: 5.1.2600 ServicePack: 2.0
14:29:35.0203 3528  Product type: Workstation
14:29:35.0203 3528  ComputerName: PC132431016427
14:29:35.0203 3528  UserName: ***
14:29:35.0203 3528  Windows directory: C:\WINDOWS
14:29:35.0203 3528  System windows directory: C:\WINDOWS
14:29:35.0203 3528  Processor architecture: Intel x86
14:29:35.0203 3528  Number of processors: 1
14:29:35.0203 3528  Page size: 0x1000
14:29:35.0203 3528  Boot type: Normal boot
14:29:35.0203 3528  ============================================================
14:29:37.0531 3528  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:29:37.0531 3528  ============================================================
14:29:37.0531 3528  \Device\Harddisk0\DR0:
14:29:37.0531 3528  MBR partitions:
14:29:37.0531 3528  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
14:29:37.0531 3528  ============================================================
14:29:37.0546 3528  C: <-> \Device\Harddisk0\DR0\Partition1
14:29:37.0562 3528  ============================================================
14:29:37.0562 3528  Initialize success
14:29:37.0562 3528  ============================================================
14:30:20.0203 1820  ============================================================
14:30:20.0203 1820  Scan started
14:30:20.0203 1820  Mode: Manual; SigCheck; TDLFS; 
14:30:20.0203 1820  ============================================================
14:30:20.0343 1820  ================ Scan system memory ========================
14:30:36.0984 1820  System memory - ok
14:30:36.0984 1820  ================ Scan services =============================
14:30:37.0109 1820  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
14:30:38.0875 1820  AAV UpdateService - ok
14:30:39.0046 1820  Abiosdsk - ok
14:30:39.0062 1820  abp480n5 - ok
14:30:39.0109 1820  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:30:39.0718 1820  ACPI - ok
14:30:39.0781 1820  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:30:41.0046 1820  ACPIEC - ok
14:30:41.0187 1820  [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:30:42.0359 1820  AdobeFlashPlayerUpdateSvc - ok
14:30:42.0375 1820  adpu160m - ok
14:30:42.0468 1820  [ 1EE7B434BA961EF845DE136224C30FEC ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:30:43.0312 1820  aec - ok
14:30:43.0375 1820  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:30:44.0406 1820  AFD - ok
14:30:44.0421 1820  Aha154x - ok
14:30:44.0437 1820  aic78u2 - ok
14:30:44.0468 1820  aic78xx - ok
14:30:44.0500 1820  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:30:45.0625 1820  Alerter - ok
14:30:45.0671 1820  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG             C:\WINDOWS\System32\alg.exe
14:30:46.0671 1820  ALG - ok
14:30:46.0703 1820  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
14:30:47.0046 1820  AliIde - ok
14:30:47.0109 1820  [ 769844EB65DF6A62AA51B886290FE51D ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:30:47.0703 1820  AmdK8 - ok
14:30:47.0718 1820  amsint - ok
14:30:47.0875 1820  [ 69DA2BB73AC426CDEEBDACC68438BA3D ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:30:48.0046 1820  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
14:30:48.0046 1820  Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
14:30:48.0062 1820  AppMgmt - ok
14:30:48.0125 1820  [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:30:48.0875 1820  Arp1394 - ok
14:30:48.0890 1820  asc - ok
14:30:48.0906 1820  asc3350p - ok
14:30:48.0921 1820  asc3550 - ok
14:30:49.0031 1820  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
14:30:49.0562 1820  aspnet_state ( UnsignedFile.Multi.Generic ) - warning
14:30:49.0562 1820  aspnet_state - detected UnsignedFile.Multi.Generic (1)
14:30:49.0593 1820  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:30:50.0140 1820  AsyncMac - ok
14:30:50.0187 1820  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:30:50.0421 1820  atapi - ok
14:30:50.0437 1820  Atdisk - ok
14:30:50.0515 1820  [ E548EB303255721145418F85B77B9D8A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:30:51.0109 1820  Ati HotKey Poller - ok
14:30:51.0250 1820  [ 6EF070828E7B8C6F45D8F0E9CE28CA8B ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:30:52.0046 1820  ati2mtag - ok
14:30:52.0187 1820  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:30:52.0750 1820  Atmarpc - ok
14:30:52.0812 1820  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:30:53.0062 1820  AudioSrv - ok
14:30:53.0125 1820  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:30:53.0421 1820  audstub - ok
14:30:53.0500 1820  [ FA4A4A50B4B2647AFEDC676CC68C69CC ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:30:53.0859 1820  BCM43XX - ok
14:30:53.0906 1820  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:30:54.0437 1820  Beep - ok
14:30:54.0500 1820  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll
14:30:57.0671 1820  BITS - ok
14:30:57.0734 1820  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser         C:\WINDOWS\System32\browser.dll
14:30:58.0093 1820  Browser - ok
14:30:58.0156 1820  [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
14:30:58.0671 1820  BTWUSB ( UnsignedFile.Multi.Generic ) - warning
14:30:58.0671 1820  BTWUSB - detected UnsignedFile.Multi.Generic (1)
14:30:58.0718 1820  [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD         C:\WINDOWS\system32\drivers\camc6aud.sys
14:30:58.0906 1820  CAMCAUD - ok
14:30:59.0000 1820  [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA        C:\WINDOWS\system32\drivers\camc6hal.sys
14:30:59.0453 1820  CAMCHALA - ok
14:30:59.0484 1820  catchme - ok
14:30:59.0515 1820  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:31:00.0062 1820  cbidf2k - ok
14:31:00.0109 1820  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:31:00.0328 1820  CCDECODE - ok
14:31:00.0328 1820  cd20xrnt - ok
14:31:00.0375 1820  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:31:00.0968 1820  Cdaudio - ok
14:31:01.0093 1820  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:31:01.0640 1820  Cdfs - ok
14:31:01.0687 1820  [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv        C:\WINDOWS\system32\drivers\cdrbsdrv.sys
14:31:01.0859 1820  cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
14:31:01.0859 1820  cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
14:31:01.0906 1820  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:31:02.0234 1820  Cdrom - ok
14:31:02.0250 1820  Changer - ok
14:31:02.0281 1820  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:31:02.0531 1820  CiSvc - ok
14:31:02.0562 1820  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:31:03.0109 1820  ClipSrv - ok
14:31:03.0203 1820  [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:31:03.0453 1820  CmBatt - ok
14:31:03.0468 1820  CmdIde - ok
14:31:03.0531 1820  [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:31:03.0859 1820  Compbatt - ok
14:31:03.0875 1820  COMSysApp - ok
14:31:03.0890 1820  Cpqarray - ok
14:31:03.0937 1820  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:31:04.0500 1820  CryptSvc - ok
14:31:04.0515 1820  dac2w2k - ok
14:31:04.0515 1820  dac960nt - ok
14:31:04.0593 1820  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:31:04.0921 1820  DcomLaunch - ok
14:31:04.0984 1820  [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:31:05.0656 1820  Dhcp - ok
14:31:05.0718 1820  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:31:05.0875 1820  Disk - ok
14:31:05.0890 1820  dmadmin - ok
14:31:05.0968 1820  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:31:06.0281 1820  dmboot - ok
14:31:06.0312 1820  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:31:06.0546 1820  dmio - ok
14:31:06.0593 1820  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:31:07.0703 1820  dmload - ok
14:31:07.0796 1820  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:31:08.0156 1820  dmserver - ok
14:31:08.0203 1820  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:31:08.0390 1820  DMusic - ok
14:31:08.0421 1820  [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:31:09.0062 1820  Dnscache - ok
14:31:09.0078 1820  dpti2o - ok
14:31:09.0125 1820  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:31:09.0312 1820  drmkaud - ok
14:31:09.0343 1820  [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr        C:\WINDOWS\system32\drivers\EABFiltr.sys
14:31:09.0578 1820  eabfiltr - ok
14:31:09.0609 1820  [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb          C:\WINDOWS\system32\drivers\eabusb.sys
14:31:09.0703 1820  eabusb - ok
14:31:09.0765 1820  [ 59C9E1336A4508F059827D638E924C62 ] ElbyCDFL        C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
14:31:09.0921 1820  ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
14:31:09.0921 1820  ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
14:31:09.0968 1820  [ 389823DB299B350F2EE830D47376EEAC ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
14:31:10.0046 1820  ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
14:31:10.0046 1820  ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
14:31:10.0093 1820  [ C4143FC2F7D39A5A8B1CFE0BC4BD8A9E ] ElbyVCD         C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
14:31:10.0156 1820  ElbyVCD ( UnsignedFile.Multi.Generic ) - warning
14:31:10.0156 1820  ElbyVCD - detected UnsignedFile.Multi.Generic (1)
14:31:10.0203 1820  [ 877A4512CC9074D6954776AF47021766 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:31:10.0375 1820  ERSvc - ok
14:31:10.0421 1820  [ A07CA23EA361A01E627D911CF139B950 ] Eventlog        C:\WINDOWS\system32\services.exe
14:31:10.0687 1820  Eventlog - ok
14:31:10.0750 1820  [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem     C:\WINDOWS\system32\es.dll
14:31:10.0937 1820  EventSystem - ok
14:31:11.0078 1820  [ 4A076E190BB9DC3202D95D496878923C ] F-Secure Filter C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys
14:31:11.0203 1820  F-Secure Filter - ok
14:31:11.0265 1820  [ C5D80C3A419BA6BED9AAB9385031A308 ] F-Secure Gatekeeper C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys
14:31:11.0375 1820  F-Secure Gatekeeper - ok
14:31:11.0406 1820  [ 45A0A9A8415DF0C22D0A683D798968CD ] F-Secure Gatekeeper Handler Starter C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
14:31:11.0500 1820  F-Secure Gatekeeper Handler Starter - ok
14:31:11.0578 1820  [ 51B6194B06F8373C7BE83F507F94F405 ] F-Secure HIPS   C:\Programme\F-Secure\HIPS\drivers\fshs.sys
14:31:11.0625 1820  F-Secure HIPS - ok
14:31:11.0703 1820  [ 3F3EC2023F3F5C8ADEE89FC21D67FA8B ] F-Secure Network Request Broker C:\Programme\F-Secure\Common\FNRB32.EXE
14:31:11.0781 1820  F-Secure Network Request Broker - ok
14:31:11.0843 1820  [ 958C6C79676E34582CFD3DA2B32CB343 ] F-Secure Recognizer C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys
14:31:11.0921 1820  F-Secure Recognizer - ok
14:31:11.0968 1820  [ E3B0CD18146F9D51A34969E9BC2458D2 ] FANTOM          C:\WINDOWS\system32\DRIVERS\fantom.sys
14:31:12.0125 1820  FANTOM ( UnsignedFile.Multi.Generic ) - warning
14:31:12.0125 1820  FANTOM - detected UnsignedFile.Multi.Generic (1)
14:31:12.0171 1820  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:31:12.0406 1820  Fastfat - ok
14:31:12.0453 1820  [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:31:13.0015 1820  FastUserSwitchingCompatibility - ok
14:31:13.0062 1820  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:31:13.0234 1820  Fdc - ok
14:31:13.0265 1820  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:31:13.0468 1820  Fips - ok
14:31:13.0515 1820  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:31:13.0812 1820  Flpydisk - ok
14:31:14.0015 1820  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:31:14.0656 1820  FltMgr - ok
14:31:14.0703 1820  [ 18DA737DD5122A475DA4948ED4643675 ] fsbts           C:\WINDOWS\system32\Drivers\fsbts.sys
14:31:14.0750 1820  fsbts - ok
14:31:14.0875 1820  [ 00F5156562FEA93C8CAF5EACC0B9524F ] fsdevcon        C:\Programme\F-Secure\Device Control\\fsdevcon32.exe
14:31:15.0062 1820  fsdevcon - ok
14:31:15.0156 1820  [ AA59C15C31B53A4F26B165737B2E4FEB ] FSDFWD          C:\Programme\F-Secure\FWES\Program\fsdfwd.exe
14:31:15.0406 1820  FSDFWD - ok
14:31:15.0437 1820  [ D7261B0876E4238D680E96B69292B9E0 ] FSFW            C:\WINDOWS\system32\drivers\fsdfw.sys
14:31:15.0515 1820  FSFW - ok
14:31:15.0562 1820  [ E0229353879FD33E15462B862A064FD6 ] FSMA            C:\Programme\F-Secure\Common\FSMA32.EXE
14:31:15.0640 1820  FSMA - ok
14:31:15.0718 1820  [ DD4A7ECF77AD120310648602C0B262EC ] FSORSPClient    C:\Programme\F-Secure\ORSP Client\fsorsp.exe
14:31:15.0781 1820  FSORSPClient - ok
14:31:15.0843 1820  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:31:16.0062 1820  Fs_Rec - ok
14:31:16.0109 1820  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:31:16.0390 1820  Ftdisk - ok
14:31:16.0437 1820  [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB        C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
14:31:16.0625 1820  FWLANUSB - ok
14:31:16.0656 1820  [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:31:16.0734 1820  GEARAspiWDM - ok
14:31:16.0812 1820  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:31:16.0984 1820  Gpc - ok
14:31:17.0093 1820  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:31:17.0296 1820  helpsvc - ok
14:31:17.0343 1820  [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:31:17.0562 1820  HidServ - ok
14:31:17.0609 1820  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:31:17.0843 1820  HidUsb - ok
14:31:17.0859 1820  hpn - ok
14:31:17.0953 1820  [ 7463E7CBDF29B50ACB90574D5769A160 ] hpqwmi          C:\Programme\HPQ\SHARED\HPQWMI.exe
14:31:18.0031 1820  hpqwmi ( UnsignedFile.Multi.Generic ) - warning
14:31:18.0031 1820  hpqwmi - detected UnsignedFile.Multi.Generic (1)
14:31:18.0093 1820  [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI        C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
14:31:18.0312 1820  HSFHWATI - ok
14:31:18.0390 1820  [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:31:18.0843 1820  HSF_DP - ok
14:31:19.0000 1820  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:31:19.0390 1820  HTTP - ok
14:31:19.0437 1820  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:31:19.0718 1820  HTTPFilter - ok
14:31:19.0734 1820  i2omgmt - ok
14:31:19.0750 1820  i2omp - ok
14:31:19.0812 1820  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:31:20.0000 1820  i8042prt - ok
14:31:20.0109 1820  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:31:20.0421 1820  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:31:20.0421 1820  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:31:20.0453 1820  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:31:20.0656 1820  Imapi - ok
14:31:20.0718 1820  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:31:20.0921 1820  ImapiService - ok
14:31:20.0953 1820  ini910u - ok
14:31:21.0015 1820  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:31:21.0203 1820  IntelIde - ok
14:31:21.0265 1820  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:31:21.0468 1820  Ip6Fw - ok
14:31:21.0515 1820  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:31:21.0703 1820  IpFilterDriver - ok
14:31:21.0750 1820  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:31:21.0921 1820  IpInIp - ok
14:31:21.0968 1820  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:31:22.0500 1820  IpNat - ok
14:31:22.0593 1820  [ E1BD28CA09EE8F30E8EDBD6C19F5579D ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
14:31:22.0781 1820  iPod Service - ok
14:31:22.0828 1820  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:31:23.0109 1820  IPSec - ok
14:31:23.0156 1820  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:31:23.0343 1820  IRENUM - ok
14:31:23.0406 1820  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:31:23.0640 1820  isapnp - ok
14:31:23.0671 1820  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:31:23.0859 1820  Kbdclass - ok
14:31:23.0906 1820  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:31:24.0531 1820  kmixer - ok
14:31:24.0578 1820  [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:31:24.0718 1820  KSecDD - ok
14:31:24.0812 1820  [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:31:25.0468 1820  lanmanserver - ok
14:31:25.0515 1820  [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:31:25.0671 1820  lanmanworkstation - ok
14:31:25.0671 1820  lbrtfdc - ok
14:31:25.0750 1820  [ C12476DE1AFFB1BBA1A48A459CEB3D39 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
14:31:25.0828 1820  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:31:25.0828 1820  LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:31:25.0859 1820  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:31:26.0046 1820  LmHosts - ok
14:31:26.0078 1820  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:31:26.0140 1820  mdmxsdk - ok
14:31:26.0203 1820  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:31:26.0406 1820  Messenger - ok
14:31:26.0453 1820  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:31:26.0656 1820  mnmdd - ok
14:31:26.0703 1820  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:31:27.0015 1820  mnmsrvc - ok
14:31:27.0093 1820  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:31:27.0296 1820  Modem - ok
14:31:27.0343 1820  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:31:27.0562 1820  Mouclass - ok
14:31:27.0609 1820  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:31:27.0859 1820  mouhid - ok
14:31:27.0906 1820  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:31:28.0250 1820  MountMgr - ok
14:31:28.0328 1820  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:31:28.0390 1820  MozillaMaintenance - ok
14:31:28.0406 1820  mraid35x - ok
14:31:28.0453 1820  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:31:29.0109 1820  MRxDAV - ok
14:31:29.0187 1820  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:31:29.0515 1820  MRxSmb - ok
14:31:29.0531 1820  MSCSPTISRV - ok
14:31:29.0578 1820  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:31:29.0796 1820  MSDTC - ok
14:31:29.0828 1820  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:31:30.0093 1820  Msfs - ok
14:31:30.0109 1820  MSIServer - ok
14:31:30.0140 1820  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:31:30.0312 1820  MSKSSRV - ok
14:31:30.0343 1820  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:31:30.0531 1820  MSPCLOCK - ok
14:31:30.0562 1820  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:31:30.0750 1820  MSPQM - ok
14:31:30.0796 1820  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:31:30.0984 1820  mssmbios - ok
14:31:31.0031 1820  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
14:31:31.0203 1820  MSTEE - ok
14:31:31.0218 1820  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:31:31.0671 1820  Mup - ok
14:31:31.0734 1820  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:31:31.0968 1820  NABTSFEC - ok
14:31:32.0000 1820  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:31:32.0296 1820  NDIS - ok
14:31:32.0343 1820  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:31:32.0515 1820  NdisIP - ok
14:31:32.0546 1820  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:31:32.0734 1820  NdisTapi - ok
14:31:32.0765 1820  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:31:32.0968 1820  Ndisuio - ok
14:31:33.0031 1820  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:31:33.0281 1820  NdisWan - ok
14:31:33.0312 1820  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:31:33.0531 1820  NDProxy - ok
14:31:33.0593 1820  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:31:33.0781 1820  NetBIOS - ok
14:31:33.0812 1820  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:31:34.0062 1820  NetBT - ok
14:31:34.0125 1820  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:31:34.0359 1820  NetDDE - ok
14:31:34.0375 1820  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:31:34.0578 1820  NetDDEdsdm - ok
14:31:34.0593 1820  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:31:34.0843 1820  Netlogon - ok
14:31:34.0875 1820  [ 1E5218FBE323C375B488318950E10FB4 ] Netman          C:\WINDOWS\System32\netman.dll
14:31:35.0562 1820  Netman - ok
14:31:35.0609 1820  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:31:35.0796 1820  NIC1394 - ok
14:31:35.0843 1820  [ 774274C487493452DF3B0126DBE7FF3B ] Nla             C:\WINDOWS\System32\mswsock.dll
14:31:36.0000 1820  Nla - ok
14:31:36.0031 1820  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:31:36.0218 1820  Npfs - ok
14:31:36.0281 1820  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:31:36.0984 1820  Ntfs - ok
14:31:37.0015 1820  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:31:37.0156 1820  NtLmSsp - ok
14:31:37.0218 1820  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:31:37.0484 1820  NtmsSvc - ok
14:31:37.0531 1820  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:31:37.0796 1820  Null - ok
14:31:37.0843 1820  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:31:38.0093 1820  NwlnkFlt - ok
14:31:38.0140 1820  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:31:38.0390 1820  NwlnkFwd - ok
14:31:38.0468 1820  [ 197DDF60B254A84D8656850397B5F923 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:31:39.0078 1820  ohci1394 - ok
14:31:39.0078 1820  PACSPTISVR - ok
14:31:39.0140 1820  [ B2F17A2EDB5450E61973A037F63A595B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:31:39.0328 1820  Parport - ok
14:31:39.0375 1820  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:31:39.0562 1820  PartMgr - ok
14:31:39.0609 1820  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:31:39.0796 1820  ParVdm - ok
14:31:39.0828 1820  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:31:40.0031 1820  PCI - ok
14:31:40.0031 1820  PCIDump - ok
14:31:40.0078 1820  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:31:40.0250 1820  PCIIde - ok
14:31:40.0296 1820  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:31:40.0515 1820  Pcmcia - ok
14:31:40.0531 1820  PDCOMP - ok
14:31:40.0546 1820  PDFRAME - ok
14:31:40.0562 1820  PDRELI - ok
14:31:40.0578 1820  PDRFRAME - ok
14:31:40.0593 1820  perc2 - ok
14:31:40.0609 1820  perc2hib - ok
14:31:40.0687 1820  [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:31:40.0812 1820  PlugPlay - ok
14:31:40.0843 1820  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:31:41.0000 1820  PolicyAgent - ok
14:31:41.0031 1820  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:31:41.0218 1820  PptpMiniport - ok
14:31:41.0250 1820  [ F04317FB351B75233979DC65D4CEAD54 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
14:31:41.0828 1820  Processor - ok
14:31:41.0843 1820  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:31:42.0000 1820  ProtectedStorage - ok
14:31:42.0031 1820  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:31:42.0265 1820  PSched - ok
14:31:42.0312 1820  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:31:42.0500 1820  Ptilink - ok
14:31:42.0562 1820  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:31:42.0609 1820  PxHelp20 - ok
14:31:42.0609 1820  ql1080 - ok
14:31:42.0625 1820  Ql10wnt - ok
14:31:42.0640 1820  ql12160 - ok
14:31:42.0656 1820  ql1240 - ok
14:31:42.0671 1820  ql1280 - ok
14:31:42.0734 1820  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:31:42.0937 1820  RasAcd - ok
14:31:42.0953 1820  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:31:43.0140 1820  RasAuto - ok
14:31:43.0171 1820  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:31:43.0359 1820  Rasirda - ok
14:31:43.0390 1820  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:31:43.0562 1820  Rasl2tp - ok
14:31:43.0609 1820  [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:31:44.0250 1820  RasMan - ok
14:31:44.0281 1820  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:31:44.0484 1820  RasPppoe - ok
14:31:44.0531 1820  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:31:44.0734 1820  Raspti - ok
14:31:44.0796 1820  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:31:45.0531 1820  Rdbss - ok
14:31:45.0578 1820  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:31:45.0765 1820  RDPCDD - ok
14:31:45.0859 1820  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:31:46.0562 1820  RDPWD - ok
14:31:46.0609 1820  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:31:46.0968 1820  RDSessMgr - ok
14:31:47.0015 1820  [ AA56702E230860565CB8D43680F57F33 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:31:47.0203 1820  redbook - ok
14:31:47.0250 1820  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:31:47.0453 1820  RemoteAccess - ok
14:31:47.0484 1820  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:31:47.0640 1820  RpcLocator - ok
14:31:47.0687 1820  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
14:31:48.0062 1820  RpcSs - ok
14:31:48.0125 1820  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:31:48.0421 1820  RSVP - ok
14:31:48.0468 1820  [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
14:31:48.0609 1820  RTL8023xp - ok
14:31:48.0640 1820  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:31:48.0812 1820  SamSs - ok
14:31:48.0937 1820  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:31:49.0140 1820  SCardSvr - ok
14:31:49.0218 1820  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:31:49.0406 1820  Schedule - ok
14:31:49.0453 1820  [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:31:49.0656 1820  sdbus - ok
14:31:49.0703 1820  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:31:50.0328 1820  Secdrv - ok
14:31:50.0375 1820  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:31:50.0546 1820  seclogon - ok
14:31:50.0593 1820  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll
14:31:51.0250 1820  SENS - ok
14:31:51.0296 1820  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:31:51.0593 1820  serenum - ok
14:31:51.0625 1820  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:31:51.0812 1820  Serial - ok
14:31:51.0859 1820  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:31:52.0031 1820  Sfloppy - ok
14:31:52.0093 1820  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:31:52.0406 1820  SharedAccess - ok
14:31:52.0437 1820  [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:31:53.0062 1820  ShellHWDetection - ok
14:31:53.0078 1820  Simbad - ok
14:31:53.0125 1820  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:31:53.0312 1820  SLIP - ok
14:31:53.0375 1820  [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA         C:\WINDOWS\system32\DRIVERS\smcirda.sys
14:31:53.0500 1820  SMCIRDA - ok
14:31:53.0562 1820  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:31:53.0765 1820  SONYPVU1 - ok
14:31:53.0765 1820  Sparrow - ok
14:31:53.0796 1820  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:31:54.0453 1820  splitter - ok
14:31:54.0484 1820  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:31:55.0531 1820  Spooler - ok
14:31:55.0546 1820  SPTISRV - ok
14:31:55.0609 1820  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:31:55.0921 1820  sr - ok
14:31:55.0968 1820  [ E150E7618328562598F4CE0B5851B5CD ] srservice       C:\WINDOWS\system32\srsvc.dll
14:31:56.0718 1820  srservice - ok
14:31:56.0843 1820  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:31:57.0281 1820  Srv - ok
14:31:57.0328 1820  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:31:57.0640 1820  SSDPSRV - ok
14:31:57.0718 1820  [ 5FFB52404158ABC5D9FF4081BCD67033 ] SSHDRV62        C:\WINDOWS\system32\drivers\SSHDRV62.sys
14:31:57.0781 1820  SSHDRV62 ( UnsignedFile.Multi.Generic ) - warning
14:31:57.0781 1820  SSHDRV62 - detected UnsignedFile.Multi.Generic (1)
14:31:57.0828 1820  [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:31:57.0890 1820  ssmdrv ( UnsignedFile.Multi.Generic ) - warning
14:31:57.0890 1820  ssmdrv - detected UnsignedFile.Multi.Generic (1)
14:31:57.0953 1820  [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:31:58.0671 1820  stisvc - ok
14:31:58.0703 1820  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:31:58.0875 1820  streamip - ok
14:31:58.0921 1820  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:31:59.0125 1820  swenum - ok
14:31:59.0156 1820  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:31:59.0390 1820  swmidi - ok
14:31:59.0406 1820  SwPrv - ok
14:31:59.0421 1820  symc810 - ok
14:31:59.0437 1820  symc8xx - ok
14:31:59.0453 1820  sym_hi - ok
14:31:59.0468 1820  sym_u3 - ok
14:31:59.0515 1820  [ F484C77F748729129D5CC9C965D9F701 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:31:59.0640 1820  SynTP - ok
14:31:59.0687 1820  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:31:59.0875 1820  sysaudio - ok
14:31:59.0921 1820  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:32:00.0156 1820  SysmonLog - ok
14:32:00.0218 1820  [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:32:00.0906 1820  TapiSrv - ok
14:32:00.0968 1820  [ 0A396237C3C4164DE12D7C26450BD69C ] tbhsd           C:\WINDOWS\system32\drivers\tbhsd.sys
14:32:01.0000 1820  tbhsd - ok
14:32:01.0062 1820  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:32:01.0265 1820  Tcpip - ok
14:32:01.0328 1820  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:32:01.0500 1820  TDPIPE - ok
14:32:01.0531 1820  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:32:01.0718 1820  TDTCP - ok
14:32:01.0765 1820  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:32:01.0968 1820  TermDD - ok
14:32:02.0046 1820  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService     C:\WINDOWS\System32\termsrv.dll
14:32:02.0359 1820  TermService - ok
14:32:02.0390 1820  [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:32:03.0062 1820  Themes - ok
14:32:03.0140 1820  [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21          C:\WINDOWS\system32\drivers\tifm21.sys
14:32:03.0281 1820  tifm21 - ok
14:32:03.0296 1820  TosIde - ok
14:32:03.0343 1820  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:32:03.0562 1820  TrkWks - ok
14:32:03.0625 1820  [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag   C:\WINDOWS\System32\TuneUpDefragService.exe
14:32:03.0828 1820  TuneUp.Defrag - ok
14:32:03.0890 1820  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:32:04.0078 1820  Udfs - ok
14:32:04.0093 1820  ultra - ok
14:32:04.0140 1820  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
14:32:04.0234 1820  UMWdf - ok
14:32:04.0281 1820  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:32:04.0578 1820  Update - ok
14:32:04.0609 1820  [ BA85BCF1A2BCF927C3600574173403E0 ] uploadmgr       C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:32:04.0781 1820  uploadmgr - ok
14:32:04.0859 1820  [ 855790C1BACED245A6B210AF430ED17B ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:32:05.0562 1820  upnphost - ok
14:32:05.0609 1820  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS             C:\WINDOWS\System32\ups.exe
14:32:05.0812 1820  UPS - ok
14:32:05.0859 1820  [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
14:32:05.0968 1820  USBAAPL - ok
14:32:06.0031 1820  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
14:32:06.0234 1820  usbaudio - ok
14:32:06.0265 1820  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:32:06.0453 1820  usbccgp - ok
14:32:06.0484 1820  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:32:06.0656 1820  usbehci - ok
14:32:06.0687 1820  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:32:06.0890 1820  usbhub - ok
14:32:06.0921 1820  [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:32:07.0078 1820  usbohci - ok
14:32:07.0109 1820  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:32:07.0281 1820  usbprint - ok
14:32:07.0312 1820  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:32:07.0500 1820  usbscan - ok
14:32:07.0531 1820  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:32:07.0734 1820  USBSTOR - ok
14:32:07.0781 1820  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:32:07.0953 1820  usbuhci - ok
14:32:08.0000 1820  [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
14:32:08.0250 1820  usbvideo - ok
14:32:08.0296 1820  [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp        C:\WINDOWS\System32\uxtuneup.dll
14:32:08.0343 1820  UxTuneUp - ok
14:32:08.0390 1820  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:32:08.0578 1820  VgaSave - ok
14:32:08.0609 1820  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
14:32:08.0781 1820  ViaIde - ok
14:32:08.0843 1820  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:32:09.0062 1820  VolSnap - ok
14:32:09.0140 1820  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS             C:\WINDOWS\System32\vssvc.exe
14:32:09.0546 1820  VSS - ok
14:32:09.0625 1820  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time         C:\WINDOWS\system32\w32time.dll
14:32:09.0812 1820  W32Time - ok
14:32:09.0859 1820  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:32:10.0046 1820  Wanarp - ok
14:32:10.0062 1820  WDICA - ok
14:32:10.0093 1820  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:32:10.0781 1820  wdmaud - ok
14:32:10.0843 1820  [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:32:11.0515 1820  WebClient - ok
14:32:11.0578 1820  [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:32:11.0765 1820  winachsf - ok
14:32:11.0875 1820  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:32:12.0109 1820  winmgmt - ok
14:32:12.0187 1820  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
14:32:12.0281 1820  WmdmPmSN - ok
14:32:12.0343 1820  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:32:12.0515 1820  WmiAcpi - ok
14:32:12.0562 1820  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:32:12.0812 1820  WmiApSrv - ok
14:32:12.0906 1820  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:32:13.0109 1820  wscsvc - ok
14:32:13.0140 1820  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:32:13.0328 1820  WSTCODEC - ok
14:32:13.0375 1820  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:32:13.0562 1820  wuauserv - ok
14:32:13.0609 1820  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:32:13.0937 1820  WZCSVC - ok
14:32:13.0968 1820  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:32:14.0156 1820  xmlprov - ok
14:32:14.0187 1820  ================ Scan global ===============================
14:32:14.0218 1820  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
14:32:14.0281 1820  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:32:14.0312 1820  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:32:14.0328 1820  [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe
14:32:14.0343 1820  [Global] - ok
14:32:14.0343 1820  ================ Scan MBR ==================================
14:32:14.0359 1820  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:32:14.0593 1820  \Device\Harddisk0\DR0 - ok
14:32:14.0593 1820  ================ Scan VBR ==================================
14:32:14.0593 1820  [ BB5271B3CA9D84C96B48592682BEBF32 ] \Device\Harddisk0\DR0\Partition1
14:32:14.0609 1820  \Device\Harddisk0\DR0\Partition1 - ok
14:32:14.0609 1820  ============================================================
14:32:14.0609 1820  Scan finished
14:32:14.0609 1820  ============================================================
14:32:14.0750 1772  Detected object count: 13
14:32:14.0750 1772  Actual detected object count: 13
14:32:33.0531 1772  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0531 1772  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:32:33.0546 1772  aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772  aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:32:33.0546 1772  BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772  BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:32:33.0546 1772  cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772  cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:32:33.0546 1772  ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772  ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:32:33.0546 1772  ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772  ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:32:33.0562 1772  ElbyVCD ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772  ElbyVCD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:32:33.0562 1772  FANTOM ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772  FANTOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:32:33.0562 1772  hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772  hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:32:33.0562 1772  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:32:33.0562 1772  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:32:33.0562 1772  SSHDRV62 ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0578 1772  SSHDRV62 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:32:33.0578 1772  ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0578 1772  ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:33:44.0000 3516  Deinitialize success
         

Alt 08.11.2012, 14:56   #32
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________

__________________

Alt 08.11.2012, 15:23   #33
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Bekomme f-secure nicht ausgeschaltet. Habe über Ausführen -> msconfig f-secure "abgestellt" und einen Neustart gemacht, habe jedoch trotzdem eine "Achtung!!" Meldung von CF bekommen, dass f-secure weiterhin aktiv ist.

Weißt du wie man f-secure ausbekommt?
__________________

Alt 08.11.2012, 16:38   #34
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Nien so aus dem Stehgreif nicht. F-Secure ist auch recht exotisch. Warum schaust du nicht einfach mal ins Handbuch nach?!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.11.2012, 16:57   #35
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Es hat sich scheinbar geändert. Ich konnte eigentlich immer f-secure auschalten, indem ich bei dem f-secure Symbol in der Taskleiste auf "Deaktivieren" geklickt habe. Diesen Befehl gibts inzwischen aber irgendwie nicht mehr...möglicherweise seit einigen Updates oder so...finde auch bei google, etc. keine hilfreichen Hinweise...


Alt 08.11.2012, 17:11   #36
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Dann deinstallier F-Secure. Kenn kaum einen der das nutzt, bei Problemen kannst du also so gut wie keinen fragen, weil das kaum einer nutzt oder willst du jedes Mal den Support von F-Secure anrufen?
__________________
--> Win xp startet mit fast leerem Desktop

Alt 08.11.2012, 17:39   #37
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Habs jetzt doch noch ausbekommen...wieso ist das eigentlich so exotisch? Zu welchem Virenschutz würdest du mir denn raten?

Das CF Log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-08.01 - *** 08.11.2012  17:13:44.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.1031.18.894.474 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***.PC132431016427\Desktop\ComboFix.exe
AV: F-Secure Client Security 9.32 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 9.32 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Hehou
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Hehou\iqdu.qis
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Oztavo
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Oztavo\poar.myx
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Qovo
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Qovo\buyml.uto
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Sky-Banners
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Sky-Banners\skb\log.xml
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Street-Ads
c:\dokumente und einstellungen\***.PC132431016427\WINDOWS
c:\programme\$NtUninstallWTF1012$
C:\SystemData
c:\systemdata\79228921F3FF2A4
c:\windows\$NtUninstallMTF1011$
c:\windows\IsUn0407.exe
c:\windows\offitems.log
c:\windows\system32\logs
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-08 bis 2012-11-08  ))))))))))))))))))))))))))))))
.
.
2012-11-08 13:27 . 2012-11-08 13:27	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-11-07 15:01 . 2012-11-07 15:01	--------	d-----w-	c:\dokumente und einstellungen\***.PC132431016427.alt
2012-11-07 14:53 . 2012-11-07 14:54	--------	d-----w-	c:\dokumente und einstellungen\***ie
2012-11-03 12:20 . 2012-11-03 12:20	--------	d-----w-	C:\Mozilla
2012-11-03 12:15 . 2012-11-07 14:52	--------	d-----w-	c:\dokumente und einstellungen\***.PC132431016427.002.OLD
2012-11-03 12:13 . 2012-11-03 12:14	--------	d-----w-	c:\dokumente und einstellungen\***.PC132431016427.001.OLD
2012-11-03 12:04 . 2012-11-03 12:05	--------	d-----w-	c:\dokumente und einstellungen\***.PC132431016427.000.OLD
2012-11-03 12:04 . 2012-11-03 12:04	--------	d-----w-	c:\dokumente und einstellungen\***.PC132431016427.OLD
2012-11-03 11:57 . 2012-11-03 12:20	--------	d-----w-	c:\dokumente und einstellungen\TEMP
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 17:32 . 2010-11-25 12:40	44240	----a-w-	c:\windows\system32\drivers\fsbts.sys
2012-11-01 19:10 . 2012-11-01 19:09	261600	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]
"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"HP Software Update"="c:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"eabconfg.cpl"="c:\programme\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]
"Cpqset"="c:\programme\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"F-Secure TNB"="c:\programme\F-Secure\FSGUI\TNBUtil.exe" [2012-06-26 1654512]
"F-Secure Manager"="c:\programme\F-Secure\Common\FSM32.EXE" [2012-06-26 306928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\dokumente und einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\
Microsoft-Indexerstellung.lnk - c:\programme\Microsoft Office\Office\FINDFAST.EXE [1996-12-14 111376]
Office-Start.lnk - c:\programme\Microsoft Office\Office\OSA.EXE [1996-12-14 51984]
.
c:\dokumente und einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\
Microsoft-Indexerstellung.lnk - c:\programme\Microsoft Office\Office\FINDFAST.EXE [1996-12-14 111376]
Office-Start.lnk - c:\programme\Microsoft Office\Office\OSA.EXE [1996-12-14 51984]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Gamma Loader.exe.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-20 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime
"CanonMyPrinter"=c:\programme\Canon\MyPrinter\BJMyPrt.exe /logon
"CloneCDTray"="c:\programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
"CloneCDElbyCDFL"="c:\programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"hpWirelessAssistant"=c:\programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 11:43 22016]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [25.11.2010 13:40 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [25.11.2010 13:40 82992]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programme\F-Secure\HIPS\drivers\fshs.sys [25.11.2010 13:39 71664]
R1 SSHDRV62;SSHDRV62;c:\windows\system32\drivers\SSHDRV62.sys [02.08.2006 10:54 108032]
R2 AAV UpdateService;AAV UpdateService;c:\programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 15:35 128296]
R2 fsdevcon;F-Secure Device Control Daemon;c:\programme\F-Secure\Device Control\fsdevcon32.exe [27.09.2012 18:21 403184]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programme\F-Secure\Anti-Virus\minifilter\fsgk.sys [25.11.2010 13:39 144440]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22.08.2005 10:06 231424]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [29.07.2008 14:09 39424]
S3 FSORSPClient;F-Secure ORSP Client;c:\programme\F-Secure\ORSP Client\fsorsp.exe [25.11.2010 13:39 61168]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [18.11.2009 12:16 264704]
S4 F-Secure Filter;F-Secure File System Filter;c:\programme\F-Secure\Anti-Virus\win2k\fsfilter.sys [27.09.2012 18:21 41072]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programme\F-Secure\Anti-Virus\win2k\fsrec.sys [27.09.2012 18:21 26352]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 09:55	7680	----a-w-	c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-08 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-11 09:54]
.
2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 06:55]
.
2012-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 145.254.22.10:8000
uInternet Settings,ProxyOverride = <local>
LSP: c:\programme\F-Secure\FSPS\program\fslsp.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214247387
FF - ProfilePath - c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-Canon PhotoStitch 3.1 - c:\windows\IsUn0407.exe
AddRemove-Easy-PhotoPrint - c:\windows\ISUN0407.EXE
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-PhotoRecord - c:\windows\IsUn0407.exe
AddRemove-ZoomBrowserEXDeInstall - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-08 17:22
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\programme\HPQ\Default Settings\cpqset.exe????????????8?3?8?6??????? ???B?????????????hLC???????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\programme\f-secure\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(756)
c:\programme\F-Secure\FSPS\program\fslsp.dll
c:\programme\f-secure\hips\fshook32.dll
.
Zeit der Fertigstellung: 2012-11-08  17:25:10
ComboFix-quarantined-files.txt  2012-11-08 16:24
ComboFix2.txt  2010-06-01 20:03
.
Vor Suchlauf: 793.137.152 Bytes frei
Nach Suchlauf: 894.676.992 Bytes frei
.
- - End Of File - - 3ED05CE8CAB76EC342AFEED67A329564
         
--- --- ---

Alt 08.11.2012, 19:09   #38
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Zitat:
Zu welchem Virenschutz würdest du mir denn raten?
Avast ist ganz brauchbar...und wenn überhaupt nur ein reiner Virenscanner, kein übertriebenes kontraproduktives Paket aus allem - belastet das System einfach nur zusätzlich ohne dass es besser wäre als das Gespann reiner Virenscanner und Windows-Firewall

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.11.2012, 21:24   #39
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Hier das Log:

Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 08/11/2012 um 21:18:19 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)
# Benutzer : *** - PC132431016427
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\ICQToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Client
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Script
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Server
Schlüssel Gefunden : HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [1586 octets] - [08/11/2012 21:18:19]

########## EOF - C:\AdwCleaner[R1].txt - [1646 octets] ##########
         

Alt 08.11.2012, 22:11   #40
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.11.2012, 22:51   #41
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Ok erledigt.

Total cool übrigens, dass du auch um diese Uhrzeit noch hilfst

Das adw log:
Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 08/11/2012 um 22:15:00 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)
# Benutzer : *** - PC132431016427
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Client
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Script
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Server

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [1715 octets] - [08/11/2012 21:18:19]
AdwCleaner[S1].txt - [1486 octets] - [08/11/2012 22:15:00]

########## EOF - C:\AdwCleaner[S1].txt - [1546 octets] ##########
         
Das otl log:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.11.2012 22:21:46 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***.PC132431016427\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,17 Mb Total Physical Memory | 449,32 Mb Available Physical Memory | 50,25% Memory free
2,12 Gb Paging File | 1,75 Gb Available in Paging File | 82,53% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 0,86 Gb Free Space | 0,93% Space Free | Partition Type: NTFS
 
Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSLAUNCHER0.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Device Control\fsdevcon32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Microsoft Office\Office\OSA.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - \\?\c:\programme\f-secure\hips\fsumi.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fm4av.dll ()
MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
MOD - C:\Programme\Microsoft Office\Office\MSO97.DLL ()
MOD - C:\Programme\Microsoft Office\Office\OSA.EXE ()
 
 
========== Services (SafeList) ==========
 
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe File not found
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe File not found
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (F-Secure Network Request Broker) -- C:\Programme\F-Secure\common\FNRB32.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (fsdevcon) -- C:\Programme\F-Secure\Device Control\\fsdevcon32.exe ()
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\***~1.PC~\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (SSHDRV62) -- C:\WINDOWS\system32\drivers\SSHDRV62.sys ()
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (Elaborate Bytes AG)
DRV - (ElbyVCD) -- C:\WINDOWS\system32\drivers\ElbyVCD.sys (Elaborate Bytes AG)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 145.254.22.10:8000
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2012.10.10 14:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.01 20:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.01 20:09:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.02.16 08:12:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.06.05 11:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Extensions
[2010.06.05 11:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.24 09:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\extensions
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.10 14:41:34 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- C:\PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
[2012.11.01 20:10:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.23 21:55:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 17:49:47 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.23 21:55:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 21:55:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 21:55:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 21:55:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.08 17:22:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214247387 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.08 17:25:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.11.08 15:50:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.11.08 14:59:22 | 004,998,107 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\ComboFix.exe
[2012.11.08 14:27:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.11.07 23:08:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\aswMBR.exe
[2012.11.07 22:56:04 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\tdsskiller.exe
[2012.11.07 22:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.11.07 14:30:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe
[2012.11.03 13:20:25 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012.11.01 20:09:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\CASC1PZI.
[2012.11.08 22:17:20 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.11.08 22:17:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.08 22:17:01 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.08 21:16:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.08 21:15:39 | 000,541,569 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\adwcleaner.exe
[2012.11.08 17:22:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.11.08 15:52:05 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012.11.08 14:59:35 | 004,998,107 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\ComboFix.exe
[2012.11.08 10:48:58 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\MBR.dat
[2012.11.07 23:08:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\aswMBR.exe
[2012.11.07 22:56:19 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\tdsskiller.exe
[2012.11.07 14:30:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe
[2012.11.04 10:13:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.31 20:22:54 | 000,029,513 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.10.31 19:40:50 | 000,158,720 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.31 15:10:29 | 004,081,428 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.31 15:10:29 | 002,982,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.31 15:10:29 | 001,904,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.31 15:10:28 | 002,171,622 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.15 06:23:39 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.10.12 19:11:42 | 000,070,663 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\stoffplan_ag_4_3_bf.pdf
[2012.10.12 14:34:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\CASC1PZI.
[2012.11.08 21:15:36 | 000,541,569 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\adwcleaner.exe
[2012.11.08 10:48:58 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\MBR.dat
[2012.10.12 19:11:42 | 000,070,663 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\stoffplan_ag_4_3_bf.pdf
[2012.07.05 00:10:31 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.03.24 23:32:35 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.11.25 13:40:55 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008.04.13 15:28:35 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\usb
[2006.10.21 15:09:11 | 000,001,112 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\ViewerApp.dat
[2006.03.05 22:32:50 | 000,158,720 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.03.03 20:20:09 | 000,001,954 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\.plugin141.trace
[2006.02.17 17:01:21 | 000,000,204 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\wklnhst.dat
[2006.02.17 16:51:55 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004.08.07 06:21:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.21 08:01:11 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:00:58 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004.08.04 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


Das extras log:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.11.2012 22:21:46 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***.PC132431016427\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,17 Mb Total Physical Memory | 449,32 Mb Available Physical Memory | 50,25% Memory free
2,12 Gb Paging File | 1,75 Gb Available in Paging File | 82,53% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 0,86 Gb Free Space | 0,93% Space Free | Partition Type: NTFS
 
Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{24638AD1-5F7E-9900-147E-B3EEA1B84EAE}" = Napster 5.0 Beta
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe  1.4.44.1
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 C1
"{43A6AA2A-74B5-4E1C-91DB-ECB2F99D9ED7}" = HP User Guides 0008
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5F2F0392-05F6-4D71-B0F9-0BE3733992FB}" = F-Secure Client Security
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 D2
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F7875264-810A-4ABB-B185-2C5A332E483B}" = F-Secure PSC Prerequisites
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE 
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneCD" = CloneCD
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"com.Rhapsody.Napster5" = Napster 5.0 Beta
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"F-Secure Anti-Virus" = F-Secure Client Security - AntiVirus & AntiSpy-Schutz
"F-Secure Device Control" = F-Secure Gerätesteuerung
"F-Secure E-mail Scanning" = F-Secure Client Security - E-Mail-Scanning
"F-Secure ExploitShield" = F-Secure Client Security - Browser-Schutz
"F-Secure HIPS" = F-Secure Client Security - DeepGuard
"F-Secure Internet Shield" = F-Secure Client Security - Internet-Schutzschild
"F-Secure Protocol Scanner" = F-Secure Client Security - Web-Datenverkehr-Scanning
"Guitar Pro 5_is1" = Guitar Pro 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"LastFM_is1" = Last.fm 1.5.4.27091
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnderCoverXP_is1" = UnderCoverXP 1.19
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR Archivierer
"XP Codec Pack" = XP Codec Pack
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 11  2012-11-07  15:24:48+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-20.
     
 
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 12  2012-11-07  15:24:49+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_USRCLASS_S-1-5-20.
     
 
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 13  2012-11-07  15:24:49+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-19.
     
 
Error - 07.11.2012 10:24:53 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 14  2012-11-07  15:24:53+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-21-3895385494-3161838611-3957656901-1006.
     
 
Error - 07.11.2012 10:24:54 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 15  2012-11-07  15:24:53+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_USRCLASS_S-1-5-21-3895385494-3161838611-3957656901-1006.
     
 
Error - 07.11.2012 10:25:00 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 16  2012-11-07  15:25:00+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SECURITY.
     
 
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 17  2012-11-07  15:25:06+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SOFTWARE.
     
 
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 18  2012-11-07  15:25:06+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SYSTEM.
     
 
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 19  2012-11-07  15:25:06+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SAM.
     
 
Error - 08.11.2012 09:27:16 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 1  2012-11-08  14:27:16+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus   Malicious code found in file C:\TDSSKiller_Quarantine\08.11.2012_14.24.10\tdlfs0000\tsk0004.dta.
    Infection: Trojan.Generic.4113645    Action: The file was deleted.     
 
[ System Events ]
Error - 08.11.2012 06:00:48 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 08.11.2012 09:15:17 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 08.11.2012 09:23:11 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 08.11.2012 09:28:57 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 08.11.2012 09:35:31 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 08.11.2012 10:06:07 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 08.11.2012 11:50:27 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 08.11.2012 12:29:01 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 08.11.2012 16:05:48 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
Error - 08.11.2012 17:17:10 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1079
 
 
< End of report >
         
--- --- ---

Alt 09.11.2012, 16:37   #42
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes evtl. Funde bitte entfernen - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.11.2012, 10:27   #43
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Was passiert denn eigentlich mit den Eset Funden? Die wurden ja jetzt nicht gelöscht oder in Quanratäne verschoben, oder?

Malware log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.09.08

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
*** :: PC132431016427 [Administrator]

10.11.2012 01:18:13
mbam-log-2012-11-10 (01-18-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 302224
Laufzeit: 7 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B} (Adware.Adrotator) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Eset log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=171009f9e8dda24aa36dd6dd8874a1e6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-10 02:26:45
# local_time=2012-11-10 03:26:45 (+0100, Westeuropäische Normalzeit)
# country="***"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 77172790 77172790 0 0
# compatibility_mode=2304 16777191 100 0 0 0 0 0
# compatibility_mode=6912 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3830 3830 0 0
# scanned=99887
# found=3
# cleaned=0
# scan_time=6629
C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\user.js	JS/SecurityDisabler.A.Gen application (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\***.PC132431016427\Eigene Dateien\Installationsprogramme\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\System Volume Information\_restore{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\A0016258.exe	Win32/InstallMonetizer.AC application (unable to clean)	00000000000000000000000000000000	I
         

Alt 11.11.2012, 20:04   #44
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Ein paar Überbleibsel sind da nur.

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:Files
C:\user.js
C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\user.js
C:\Dokumente und Einstellungen\***.PC132431016427\Eigene Dateien\Installationsprogramme\PDFCreator-1_2_3_setup.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.11.2012, 20:58   #45
Archivar
 
Win xp startet mit fast leerem Desktop - Standard

Win xp startet mit fast leerem Desktop



Hab beim ersten Mal vergessen, die Sternchen wieder umzubenennen...^^ Daher gibts jetzt zwei logs.

Der erste Versuch:
Code:
ATTFilter
All processes killed
========== FILES ==========
File\Folder C:\user.js not found.
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\user.js not found.
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Eigene Dateien\Installationsprogramme\PDFCreator-1_2_3_setup.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: ***.PC132431016427
->Temp folder emptied: 76419 bytes
->Temporary Internet Files folder emptied: 73172 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 153454827 bytes
->Flash cache emptied: 2114 bytes
 
User: ***.PC132431016427.000.OLD
 
User: ***.PC132431016427.001.OLD
 
User: ***.PC132431016427.002.OLD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***.PC132431016427.alt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***.PC132431016427.OLD
 
User: ***ie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1999566 bytes
RecycleBin emptied: 2322184 bytes
 
Total Files Cleaned = 151,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11112012_203837

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Und der zweite Versuch:
Code:
ATTFilter
All processes killed
========== FILES ==========
File\Folder C:\user.js not found.
C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\user.js moved successfully.
C:\Dokumente und Einstellungen\***.PC132431016427\Eigene Dateien\Installationsprogramme\PDFCreator-1_2_3_setup.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ***.PC132431016427
->Temp folder emptied: 1060 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7223256 bytes
->Flash cache emptied: 456 bytes
 
User: ***.PC132431016427.000.OLD
 
User: ***.PC132431016427.001.OLD
 
User: ***.PC132431016427.002.OLD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***.PC132431016427.alt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***.PC132431016427.OLD
 
User: ***ie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11112012_204709

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Antwort

Themen zu Win xp startet mit fast leerem Desktop
adobe flash player, amerika, application/pdf:, avira, bho, desktop, einstellungen, error, explorer, festplatte, firefox, flash player, format, helper, home, internet, internet explorer, launch, logfile, national, nodrives, ordner, plug-in, programm, realtek, registry, scan, sich automatisch, software, super, temp, tracker, usb, windows




Ähnliche Themen: Win xp startet mit fast leerem Desktop


  1. Windows startet den Standardbrowser mit fast jeder Anwendung
    Plagegeister aller Art und deren Bekämpfung - 13.04.2015 (9)
  2. Pc hängt sich dauerhaft auf und Startet fast nie Richtig
    Log-Analyse und Auswertung - 04.01.2014 (1)
  3. Nach Bluescreen Desktop fast leer und SQL Server nicht erreichbar
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (15)
  4. PC fast ganz gesperrt - schwarzer Desktop - Programme, Links + Co weg
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (36)
  5. Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (15)
  6. Windows system alert - Desktop schwarz - explorer und Startmenue fast leer
    Plagegeister aller Art und deren Bekämpfung - 31.05.2011 (32)
  7. Video aus Unterordner auf dem Desktop startet selbstständig
    Log-Analyse und Auswertung - 10.05.2011 (20)
  8. HDD Diagnostic entfernt,Desktop ist fast leer u. kein Zugriff auf Programme u. Dateien
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (36)
  9. Win XP startet (fast) und bringt Fehlermeldung - ( lsass.exe kann nicht gestartet werden )
    Plagegeister aller Art und deren Bekämpfung - 26.11.2010 (5)
  10. b.exe und msa.exe usw. , jetzt startet Rechner fast gar nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 04.11.2009 (1)
  11. PC startet in unregelmäßigen abständen neu + Active desktop
    Log-Analyse und Auswertung - 07.07.2009 (4)
  12. Fast 80 Logitech Desktop Messenger einträge ????
    Log-Analyse und Auswertung - 08.04.2009 (3)
  13. Desktop startet nicht richtig
    Alles rund um Windows - 07.11.2008 (6)
  14. Desktop startet nicht richtig!
    Mülltonne - 04.11.2008 (0)
  15. Ich auch Blauer Desktop, mir warnung, Auf fast nichts mehr zugriff
    Log-Analyse und Auswertung - 16.07.2008 (1)
  16. Desktop startet nicht
    Alles rund um Windows - 09.11.2007 (14)
  17. HILFEEEE Was war oder ist das ?? Ordner mit leerem Inhalt auf den Partitionen !!!!
    Plagegeister aller Art und deren Bekämpfung - 01.04.2004 (7)

Zum Thema Win xp startet mit fast leerem Desktop - Das erste log (der Durchlauf bei dem gelöscht wurde): Code: Alles auswählen Aufklappen ATTFilter 14:24:10.0156 3952 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 14:24:10.0250 3952 ============================================================ 14:24:10.0250 3952 - Win xp startet mit fast leerem Desktop...
Archiv
Du betrachtest: Win xp startet mit fast leerem Desktop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.