| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weisser Bildschirm nach Anmeldung Windows XP, GVU-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.05.2013, 00:27
| #1 |
 |  Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner Hallo, auch ich habe mir den GVU-Trojaner eingefangen. Nachdem ich die Internetverbindung gekappt habe, ist der Bildschirm nur noch weiss. Betriebssystem: Windows XP SP3, Vers. 5.1.2600 Ich habe im abgesicherten Modus FRST.EXE laufen lassen. Die beiden logs im folgenden. Kann mir jemand helfen ?! Im voraus vielen Dank ! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-05-2013 Ran by Administrator (administrator) on 15-05-2013 00:52:51 Running from F:\ Microsoft Windows XP Service Pack 3 (X86) OS Language: German Standard Internet Explorer Version 6 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe (Farbar) f:\FRST.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [8466432 2007-09-04] (NVIDIA Corporation) HKLM\...\Run: [nwiz] nwiz.exe /install [x] HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-09-04] (NVIDIA Corporation) HKLM\...\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2007-07-23] (AMD) HKLM\...\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe [318488 2008-04-07] (PDF Complete Inc) HKLM\...\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company) HKLM\...\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe [1138688 2006-05-12] () HKLM\...\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe [761856 2006-03-31] () HKLM\...\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe [872448 2006-07-10] () HKLM\...\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe [955976 2008-10-29] (G DATA Software AG) HKLM\...\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305) [53248 2005-02-28] (Vimicro) HKLM\...\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup [229376 2006-06-15] (Nokia) HKLM\...\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe [283136 2007-02-02] (AVM Berlin) HKLM\...\Run: [APSDaemon] "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM\...\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe -b [2983088 2012-07-25] (INNOVA-engineering GmbH Dresden) HKLM\...\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] () HKLM\...\Run: [] [x] HKLM\...\Run: [ApnUpdater] "C:\Programme\Ask.com\Updater\Updater.exe" [1644680 2013-02-08] (Ask) HKLM\...\Run: [Device Detector] DevDetect.exe -autorun [x] HKLM\...\Run: [NPSStartup] [x] HKLM\...\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM\...\RunOnce: [(4) HWRestore] "C:\Sage\KHK\Handwerk\HWRESTORE.EXE" -Server: COMPUTERHANS -Benutzer: sa -Backup: "C:\Sage\KHK\Handwerk\Daten\Vorlagen\HW_LEER.KHK" -Daten: "C:\Sage\KHK\Handwerk\Daten\HANDWERK.MDF" -Log: "C:\Sage\KHK\Handwerk\Daten\HANDWERK.LDF" -Datenbank: HW_Database -Auto [1048576 2013-05-12] () HKLM Groop Policy restriction on software: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* <====== ATTENTION HKLM\...\Winlogon: [System] Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) HKCU\...\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation) HKCU\...\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [1449984 2006-06-27] (Time Information Services Ltd.) HKCU\...\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe [x] HKCU\...\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKCU\...\Winlogon: [Shell] explorer.exe,C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat <==== ATTENTION MountPoints2: {1ba73a2b-60fb-11df-bb73-002264278107} - F:\pushinst.exe SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) URLSearchHook: (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File SearchScopes: HKLM - DefaultScope value is missing. HKCU SearchScopes: DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49 SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49 BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll () BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll () Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) PDF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 04 C:\Programme\FRITZ!DSL\\sarah.dll [247296] (Microsoft Corporation) Winsock: Catalog5 05 C:\Programme\Bonjour\mdnsNSP.dll [247296] (Microsoft Corporation) Winsock: Catalog9 01 C:\Programme\FRITZ!DSL\\sarah.dll [247296] (Microsoft Corporation) Winsock: Catalog9 02 C:\Programme\FRITZ!DSL\\sarah.dll [247296] (Microsoft Corporation) Winsock: Catalog9 03 C:\Programme\FRITZ!DSL\\sarah.dll [247296] (Microsoft Corporation) Winsock: Catalog9 09 C:\Programme\FRITZ!DSL\\sarah.dll [92672] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default FF SearchEngine: Yahoo FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: wtxpcom - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\Extensions\wtxpcom@mybrowserbar.com FF Extension: youtubedownloader - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\Extensions\youtubedownloader@mybrowserbar.com ========================== Services (Whitelisted) ================= S2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008 2012-12-21] (Apple Inc.) S2 AVKProxy; C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [1089608 2008-10-29] (G DATA Software AG) S2 AVKService; C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe [386120 2008-08-19] (G DATA Software AG) S2 AVKWCtl; C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe [1185496 2008-09-08] (G DATA Software AG) S2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-31] (Apple Inc.) S2 CCALib8; C:\Programme\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.) S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2011-04-24] (Google Inc.) S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2011-04-24] (Google Inc.) S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) S2 IGDCTRL; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin) S3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [553288 2013-02-20] (Apple Inc.) S2 LiveUpdateInstaller; C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe [516096 2003-07-02] (Sage KHK Software) S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [115608 2013-04-13] (Mozilla Foundation) S2 MSSQLSERVER; C:\Programme\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) S3 MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks) S2 pdfcDispatcher; C:\Programme\PDF Complete\pdfsvc.exe [576024 2008-04-07] (PDF Complete Inc) S2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe [175104 2011-06-20] (Samsung Electronics Co., Ltd.) S3 ServiceLayer; C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.) S3 SQLSERVERAGENT; C:\Programme\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) S2 UleadBurningHelper; C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-02-26] (Ulead Systems, Inc.) S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation) S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] S2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x] S2 SENS; C:\DOKUME~1\ALLUSE~1\ANWEND~1\wi3232exe.dat [x] ==================== Drivers (Whitelisted) ==================== S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation) S1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices) R3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S1 FSLX; C:\WINDOWS\system32\drivers\fslx.sys [191872 2008-07-11] (Altiris, Inc.) S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH) S3 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [48712 2009-05-21] (G DATA Software AG) S2 GDTdiInterceptor; C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [51016 2009-05-21] (G DATA Software AG) S1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [68424 2009-05-27] (G DATA Software) R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider) S3 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [32328 2009-05-21] (G DATA Software AG) S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel(R) Corporation) S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel(R) Corporation) S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel(R) Corporation) S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel(R) Corporation) S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel(R) Corporation) S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel(R) Corporation) S3 iAimFP5; C:\Windows\System32\DRIVERS\wADV07nt.sys [11807 2004-08-04] (Intel(R) Corporation) S3 iAimFP6; C:\Windows\System32\DRIVERS\wADV08nt.sys [11295 2004-08-04] (Intel(R) Corporation) S3 iAimFP7; C:\Windows\System32\DRIVERS\wADV09nt.sys [11871 2004-08-04] (Intel(R) Corporation) S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel(R) Corporation) S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel(R) Corporation) S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel(R) Corporation) S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel(R) Corporation) S3 iAimTV5; C:\Windows\System32\DRIVERS\wATV10nt.sys [25471 2004-08-04] (Intel(R) Corporation) S3 iAimTV6; C:\Windows\System32\DRIVERS\wATV06nt.sys [22271 2004-08-04] (Intel(R) Corporation) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 Nokia USB Generic; C:\Windows\System32\drivers\nmwcdc.sys [8704 2006-05-29] (Nokia) S3 Nokia USB Modem; C:\Windows\System32\drivers\nmwcdcm.sys [13312 2006-05-29] (Nokia) S3 Nokia USB Phone Parent; C:\Windows\System32\drivers\nmwcd.sys [127488 2006-05-29] (Nokia) S3 Nokia USB Port; C:\Windows\System32\drivers\nmwcdcj.sys [13312 2006-05-29] (Nokia) S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54400 2007-07-30] (NVIDIA Corporation) S3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2007-07-30] (NVIDIA Corporation) S1 P3; C:\Windows\System32\DRIVERS\p3.sys [46848 2008-04-14] (Microsoft Corporation) S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [215040 2007-05-04] (Realtek Semiconductor Corporation ) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) S2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2011-04-05] (Samsung Electronics) S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) S4 Symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91263 2004-08-17] (VM) S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 Aha154x; No ImagePath S4 AliIde; No ImagePath S4 amsint; No ImagePath S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S4 Atdisk; No ImagePath S4 cd20xrnt; No ImagePath S1 Changer; No ImagePath S4 CmdIde; No ImagePath S4 Cpqarray; No ImagePath S3 cpuz132; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys [x] U4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S4 hpn; No ImagePath S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S4 ini910u; No ImagePath S1 lbrtfdc; No ImagePath S4 mraid35x; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S4 Simbad; No ImagePath S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [x] S4 Sparrow; No ImagePath S4 TosIde; No ImagePath S4 ultra; No ImagePath S3 WDICA; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-15 00:52 - 2013-05-15 00:52 - 00000000 ____D C:\FRST 2013-05-14 01:23 - 2013-05-14 01:27 - 00000000 ____D C:\Wiederhergestellte Dateien 13-05-13 2013-05-12 21:53 - 2013-05-12 21:53 - 00000000 ____D C:\Windows\CSC ==================== One Month Modified Files and Folders ======== 2013-05-15 00:52 - 2013-05-15 00:52 - 00000000 ____D C:\FRST 2013-05-15 00:48 - 2009-05-20 14:19 - 00001158 ____A C:\Windows\System32\wpa.dbl 2013-05-15 00:38 - 2013-02-20 23:33 - 00000242 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job 2013-05-15 00:38 - 2009-05-20 14:19 - 00000275 ____A C:\Windows\wiadebug.log 2013-05-15 00:38 - 2009-05-20 14:19 - 00000050 ____A C:\Windows\wiaservc.log 2013-05-15 00:38 - 2009-05-20 14:18 - 00032532 ____A C:\Windows\SchedLgU.Txt 2013-05-15 00:38 - 2006-05-16 16:27 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-15 00:38 - 2006-05-05 06:14 - 01995707 ____A C:\Windows\WindowsUpdate.log 2013-05-15 00:29 - 2006-05-05 06:14 - 00983975 ____A C:\Windows\setupapi.log 2013-05-15 00:28 - 2011-04-24 23:13 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-15 00:28 - 2009-05-20 17:56 - 00000000 ____D C:\Windows\SMINST 2013-05-15 00:28 - 2009-05-20 14:26 - 00000000 ____D C:\Windows\Registration 2013-05-14 01:27 - 2013-05-14 01:23 - 00000000 ____D C:\Wiederhergestellte Dateien 13-05-13 2013-05-14 00:43 - 2011-04-24 23:13 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-13 00:54 - 2010-10-04 15:06 - 00000664 ____A C:\Windows\System32\d3d9caps.dat 2013-05-12 21:53 - 2013-05-12 21:53 - 00000000 ____D C:\Windows\CSC 2013-05-12 18:03 - 2012-10-15 21:34 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-12 01:06 - 2009-05-21 22:39 - 00013030 ____A C:\PDOXUSRS.NET 2013-05-12 01:06 - 2009-05-21 20:49 - 00000000 ____A C:\Windows\System32\Kein Protokoll 2013-05-12 00:06 - 2009-05-21 17:14 - 00000000 ____D C:\Firma Doll 2013-05-07 10:36 - 2009-05-20 14:26 - 00000000 ___RD C:\Programme 2013-05-04 20:17 - 2009-09-01 20:59 - 00000276 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job 2013-04-28 16:50 - 2011-03-09 23:35 - 00000000 ____D C:\Private Dokumente Hans 2013-04-25 23:24 - 2006-05-05 05:53 - 01103492 ____A C:\Windows\System32\PerfStringBackup.INI ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 09:57] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e C:\Windows\System32\winlogon.exe [2004-08-04 09:58] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a C:\Windows\System32\svchost.exe [2004-08-04 09:58] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 C:\Windows\System32\services.exe [2004-08-04 09:58] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc C:\Windows\System32\User32.dll [2004-08-04 09:57] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd C:\Windows\System32\userinit.exe [2004-08-04 09:58] - [2008-04-14 04:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 09:44] - [2008-04-14 03:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-05-2013 Ran by Administrator at 2013-05-15 00:53:20 Run: Running from F:\ Boot Mode: Safe Mode (minimal) ========================================================== ==================== Installed Programs ======================= ACDSee Foto-Manager 12 (Version: 12.0.344) Adobe Flash Player 11 ActiveX (Version: 11.6.602.180) Adobe Flash Player 11 Plugin (Version: 11.6.602.180) Adobe Reader XI (11.0.02) - Deutsch (Version: 11.0.02) Altiris Software Virtualization Agent (Version: 2.1.2096) AMD Processor Driver (Version: 1.3.2.0053) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Ask Toolbar (Version: 1.15.15.0) Ask Toolbar Updater (Version: 1.2.4.36191) AVM FRITZ!DSL (Version: 2.04.02) AVM FRITZ!fax für FRITZ!Box Bonjour (Version: 3.0.0.10) Canon Camera Access Library (Version: 8.4.0.1) Canon Camera Support Core Library (Version: 7.3.1.6) Canon Camera WIA Driver (Version: 5.7) Canon EOS 5D WIA-Treiber (Version: 5.7) CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.5.0.3) Canon Internet Library for ZoomBrowser EX (Version: 1.6.1.6) Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5) Canon Utilities CameraWindow (Version: 7.1.0.2) Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17) Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16) Canon Utilities Digital Photo Professional 3.4 (Version: 3.4.0.0) Canon Utilities EOS Utility (Version: 2.4.0.1) Canon Utilities MyCamera (Version: 6.4.0.5) Canon Utilities Original Data Security Tools (Version: 1.4.0.1) Canon Utilities PhotoStitch (Version: 3.1.21.45) Canon Utilities Picture Style Editor (Version: 1.3.0.0) Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9) Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.1.1) Canon Utilities ZoomBrowser EX (Version: 6.1.1.21) Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8) Common Desktop Agent (Version: 1.53.0) Dual-Core Optimizer (Version: 1.1.3.0161) ElsterFormular (Version: 14.1.20130301) ElsterFormular 2008/2009 (Version: 10.2.1.0) G DATA AntiVirus (Version: 19.0.0.4) Google Earth Plug-in (Version: 7.0.3.8542) Google Update Helper (Version: 1.3.21.145) HandBrake 0.9.5 (Version: 0.9.5) Handwerk High Definition Audio - KB888111 (Version: 20040219.000000) Hotfix für Windows Media Player 11 (KB939683) Hotfix für Windows XP (KB2443685) (Version: 1) Hotfix für Windows XP (KB2570791) (Version: 1) Hotfix für Windows XP (KB2633952) (Version: 1) Hotfix für Windows XP (KB2756822) (Version: 1) Hotfix für Windows XP (KB2779562) (Version: 1) Hotfix für Windows XP (KB952117-v2) (Version: 2) Hotfix für Windows XP (KB952287) (Version: 1) Hotfix für Windows XP (KB961118) (Version: 1) Hotfix für Windows XP (KB970653-v3) (Version: 3) Hotfix für Windows XP (KB976098-v2) (Version: 2) Hotfix für Windows XP (KB979306) (Version: 1) Hotfix für Windows XP (KB981793) (Version: 1) HP Backup and Recovery Manager (Version: 2.5C) HP Help and Support (Version: 4.2.0010) innoPlus bad (Version: 13.00.0100) iTunes (Version: 11.0.2.26) Java 7 Update 17 (Version: 7.0.170) Java Auto Updater (Version: 2.1.9.0) Microsoft .NET Framework 2.0 Language Pack - DEU Microsoft .NET Framework 2.0 Language Pack - DEU (Version: 1.1.50727.42) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft SQL Server Desktop Engine (Version: 8.00.760) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Mozilla Firefox 20.0.1 (x86 de) (Version: 20.0.1) Mozilla Maintenance Service (Version: 20.0.1) Mozilla Thunderbird 17.0.5 (x86 de) (Version: 17.0.5) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0) Nero Suite Nokia Connectivity Cable Driver (Version: 6.81.1.2) Nokia Lifeblog 2.1 (Version: 2.1.131) Nokia MTP driver (Version: 1.0.0) Nokia N73 highlights (Version: 1.0.6) Nokia Nseries Skin for Microsoft Windows Media Player (Version: 1.0.4) Nokia PC Connectivity Solution (Version: 6.23.9.0) Nokia PC Suite (Version: 6.81.13.0) Nokia themes for your device (Version: 1.0.5) NVIDIA Drivers OpenOffice.org 3.4.1 (Version: 3.41.9593) PDF Complete (Version: 3.5.22) QLink Ravensburger tiptoi Realtek High Definition Audio Driver (Version: 5.10.0.5508) Samsung Easy Printer Manager (Version: 1.01.16.02) Samsung Network PC Fax (Version: 1.05.23.04) Samsung New PC Studio (Version: 1.00.0000) Samsung Printer Live Update Samsung Scan Assistant (Version: 1.04.26.00) Samsung SCX-472x Series SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0) Sicherheitsupdate für Microsoft Windows (KB2564958) Sicherheitsupdate für Windows Media Encoder (KB2447961) Sicherheitsupdate für Windows Media Player (KB2378111) Sicherheitsupdate für Windows Media Player (KB952069) Sicherheitsupdate für Windows Media Player (KB954155) Sicherheitsupdate für Windows Media Player (KB968816) Sicherheitsupdate für Windows Media Player (KB973540) Sicherheitsupdate für Windows Media Player (KB975558) Sicherheitsupdate für Windows Media Player (KB978695) Sicherheitsupdate für Windows Media Player (KB979402) Sicherheitsupdate für Windows Media Player 11 (KB954154) Sicherheitsupdate für Windows XP (KB2079403) (Version: 1) Sicherheitsupdate für Windows XP (KB2115168) (Version: 1) Sicherheitsupdate für Windows XP (KB2121546) (Version: 1) Sicherheitsupdate für Windows XP (KB2229593) (Version: 1) Sicherheitsupdate für Windows XP (KB2259922) (Version: 1) Sicherheitsupdate für Windows XP (KB2296011) (Version: 1) Sicherheitsupdate für Windows XP (KB2347290) (Version: 1) Sicherheitsupdate für Windows XP (KB2360937) (Version: 1) Sicherheitsupdate für Windows XP (KB2387149) (Version: 1) Sicherheitsupdate für Windows XP (KB2393802) (Version: 1) Sicherheitsupdate für Windows XP (KB2412687) (Version: 1) Sicherheitsupdate für Windows XP (KB2419632) (Version: 1) Sicherheitsupdate für Windows XP (KB2423089) (Version: 1) Sicherheitsupdate für Windows XP (KB2440591) (Version: 1) Sicherheitsupdate für Windows XP (KB2443105) (Version: 1) Sicherheitsupdate für Windows XP (KB2476490) (Version: 1) Sicherheitsupdate für Windows XP (KB2476687) (Version: 1) Sicherheitsupdate für Windows XP (KB2478960) (Version: 1) Sicherheitsupdate für Windows XP (KB2478971) (Version: 1) Sicherheitsupdate für Windows XP (KB2479628) (Version: 1) Sicherheitsupdate für Windows XP (KB2479943) (Version: 1) Sicherheitsupdate für Windows XP (KB2481109) (Version: 1) Sicherheitsupdate für Windows XP (KB2482017) (Version: 1) Sicherheitsupdate für Windows XP (KB2483185) (Version: 1) Sicherheitsupdate für Windows XP (KB2485376) (Version: 1) Sicherheitsupdate für Windows XP (KB2485663) (Version: 1) Sicherheitsupdate für Windows XP (KB2497640) (Version: 1) Sicherheitsupdate für Windows XP (KB2503658) (Version: 1) Sicherheitsupdate für Windows XP (KB2503665) (Version: 1) Sicherheitsupdate für Windows XP (KB2506212) (Version: 1) Sicherheitsupdate für Windows XP (KB2506223) (Version: 1) Sicherheitsupdate für Windows XP (KB2507618) (Version: 1) Sicherheitsupdate für Windows XP (KB2507938) (Version: 1) Sicherheitsupdate für Windows XP (KB2508272) (Version: 1) Sicherheitsupdate für Windows XP (KB2508429) (Version: 1) Sicherheitsupdate für Windows XP (KB2509553) (Version: 1) Sicherheitsupdate für Windows XP (KB2510581) (Version: 1) Sicherheitsupdate für Windows XP (KB2511455) (Version: 1) Sicherheitsupdate für Windows XP (KB2524375) (Version: 1) Sicherheitsupdate für Windows XP (KB2530548) (Version: 1) Sicherheitsupdate für Windows XP (KB2535512) (Version: 1) Sicherheitsupdate für Windows XP (KB2536276) (Version: 1) Sicherheitsupdate für Windows XP (KB2536276-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB2544521) (Version: 1) Sicherheitsupdate für Windows XP (KB2544893) (Version: 1) Sicherheitsupdate für Windows XP (KB2544893-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB2555917) (Version: 1) Sicherheitsupdate für Windows XP (KB2559049) (Version: 1) Sicherheitsupdate für Windows XP (KB2562937) (Version: 1) Sicherheitsupdate für Windows XP (KB2566454) (Version: 1) Sicherheitsupdate für Windows XP (KB2567053) (Version: 1) Sicherheitsupdate für Windows XP (KB2567680) (Version: 1) Sicherheitsupdate für Windows XP (KB2570222) (Version: 1) Sicherheitsupdate für Windows XP (KB2570947) (Version: 1) Sicherheitsupdate für Windows XP (KB2584146) (Version: 1) Sicherheitsupdate für Windows XP (KB2585542) (Version: 1) Sicherheitsupdate für Windows XP (KB2586448) (Version: 1) Sicherheitsupdate für Windows XP (KB2592799) (Version: 1) Sicherheitsupdate für Windows XP (KB2598479) (Version: 1) Sicherheitsupdate für Windows XP (KB2603381) (Version: 1) Sicherheitsupdate für Windows XP (KB2618444) (Version: 1) Sicherheitsupdate für Windows XP (KB2618451) (Version: 1) Sicherheitsupdate für Windows XP (KB2619339) (Version: 1) Sicherheitsupdate für Windows XP (KB2620712) (Version: 1) Sicherheitsupdate für Windows XP (KB2621440) (Version: 1) Sicherheitsupdate für Windows XP (KB2624667) (Version: 1) Sicherheitsupdate für Windows XP (KB2631813) (Version: 1) Sicherheitsupdate für Windows XP (KB2633171) (Version: 1) Sicherheitsupdate für Windows XP (KB2639417) (Version: 1) Sicherheitsupdate für Windows XP (KB2641653) (Version: 1) Sicherheitsupdate für Windows XP (KB2646524) (Version: 1) Sicherheitsupdate für Windows XP (KB2647516) (Version: 1) Sicherheitsupdate für Windows XP (KB2647518) (Version: 1) Sicherheitsupdate für Windows XP (KB2653956) (Version: 1) Sicherheitsupdate für Windows XP (KB2655992) (Version: 1) Sicherheitsupdate für Windows XP (KB2659262) (Version: 1) Sicherheitsupdate für Windows XP (KB2660465) (Version: 1) Sicherheitsupdate für Windows XP (KB2661637) (Version: 1) Sicherheitsupdate für Windows XP (KB2675157) (Version: 1) Sicherheitsupdate für Windows XP (KB2676562) (Version: 1) Sicherheitsupdate für Windows XP (KB2685939) (Version: 1) Sicherheitsupdate für Windows XP (KB2686509) (Version: 1) Sicherheitsupdate für Windows XP (KB2691442) (Version: 1) Sicherheitsupdate für Windows XP (KB2695962) (Version: 1) Sicherheitsupdate für Windows XP (KB2698365) (Version: 1) Sicherheitsupdate für Windows XP (KB2699988) (Version: 1) Sicherheitsupdate für Windows XP (KB2705219) (Version: 1) Sicherheitsupdate für Windows XP (KB2707511) (Version: 1) Sicherheitsupdate für Windows XP (KB2709162) (Version: 1) Sicherheitsupdate für Windows XP (KB2712808) (Version: 1) Sicherheitsupdate für Windows XP (KB2718523) (Version: 1) Sicherheitsupdate für Windows XP (KB2719985) (Version: 1) Sicherheitsupdate für Windows XP (KB2722913) (Version: 1) Sicherheitsupdate für Windows XP (KB2723135) (Version: 1) Sicherheitsupdate für Windows XP (KB2724197) (Version: 1) Sicherheitsupdate für Windows XP (KB2727528) (Version: 1) Sicherheitsupdate für Windows XP (KB2731847) (Version: 1) Sicherheitsupdate für Windows XP (KB2744842) (Version: 1) Sicherheitsupdate für Windows XP (KB2753842) (Version: 1) Sicherheitsupdate für Windows XP (KB2753842-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB2757638) (Version: 1) Sicherheitsupdate für Windows XP (KB2758857) (Version: 1) Sicherheitsupdate für Windows XP (KB2761226) (Version: 1) Sicherheitsupdate für Windows XP (KB2761465) (Version: 1) Sicherheitsupdate für Windows XP (KB2770660) (Version: 1) Sicherheitsupdate für Windows XP (KB2778344) (Version: 1) Sicherheitsupdate für Windows XP (KB2779030) (Version: 1) Sicherheitsupdate für Windows XP (KB2780091) (Version: 1) Sicherheitsupdate für Windows XP (KB2792100) (Version: 1) Sicherheitsupdate für Windows XP (KB2797052) (Version: 1) Sicherheitsupdate für Windows XP (KB2799329) (Version: 1) Sicherheitsupdate für Windows XP (KB2799494) (Version: 1) Sicherheitsupdate für Windows XP (KB2802968) (Version: 1) Sicherheitsupdate für Windows XP (KB2807986) (Version: 1) Sicherheitsupdate für Windows XP (KB2808735) (Version: 1) Sicherheitsupdate für Windows XP (KB2809289) (Version: 1) Sicherheitsupdate für Windows XP (KB2813170) (Version: 1) Sicherheitsupdate für Windows XP (KB2813345) (Version: 1) Sicherheitsupdate für Windows XP (KB2817183) (Version: 1) Sicherheitsupdate für Windows XP (KB2820917) (Version: 1) Sicherheitsupdate für Windows XP (KB923561) (Version: 1) Sicherheitsupdate für Windows XP (KB923789) Sicherheitsupdate für Windows XP (KB938464-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB941569) Sicherheitsupdate für Windows XP (KB946648) (Version: 1) Sicherheitsupdate für Windows XP (KB950760) (Version: 1) Sicherheitsupdate für Windows XP (KB950762) (Version: 1) Sicherheitsupdate für Windows XP (KB950974) (Version: 1) Sicherheitsupdate für Windows XP (KB951066) (Version: 1) Sicherheitsupdate für Windows XP (KB951376-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB951748) (Version: 1) Sicherheitsupdate für Windows XP (KB952004) (Version: 1) Sicherheitsupdate für Windows XP (KB952954) (Version: 1) Sicherheitsupdate für Windows XP (KB954600) (Version: 1) Sicherheitsupdate für Windows XP (KB955069) (Version: 1) Sicherheitsupdate für Windows XP (KB956572) (Version: 1) Sicherheitsupdate für Windows XP (KB956744) (Version: 1) Sicherheitsupdate für Windows XP (KB956802) (Version: 1) Sicherheitsupdate für Windows XP (KB956803) (Version: 1) Sicherheitsupdate für Windows XP (KB956844) (Version: 1) Sicherheitsupdate für Windows XP (KB957097) (Version: 1) Sicherheitsupdate für Windows XP (KB958644) (Version: 1) Sicherheitsupdate für Windows XP (KB958687) (Version: 1) Sicherheitsupdate für Windows XP (KB958690) (Version: 1) Sicherheitsupdate für Windows XP (KB958869) (Version: 1) Sicherheitsupdate für Windows XP (KB959426) (Version: 1) Sicherheitsupdate für Windows XP (KB960225) (Version: 1) Sicherheitsupdate für Windows XP (KB960715) (Version: 1) Sicherheitsupdate für Windows XP (KB960803) (Version: 1) Sicherheitsupdate für Windows XP (KB960859) (Version: 1) Sicherheitsupdate für Windows XP (KB961371) (Version: 1) Sicherheitsupdate für Windows XP (KB961373) (Version: 1) Sicherheitsupdate für Windows XP (KB961501) (Version: 1) Sicherheitsupdate für Windows XP (KB963027) (Version: 1) Sicherheitsupdate für Windows XP (KB968537) (Version: 1) Sicherheitsupdate für Windows XP (KB969059) (Version: 1) Sicherheitsupdate für Windows XP (KB969897) (Version: 1) Sicherheitsupdate für Windows XP (KB969898) (Version: 1) Sicherheitsupdate für Windows XP (KB969947) (Version: 1) Sicherheitsupdate für Windows XP (KB970238) (Version: 1) Sicherheitsupdate für Windows XP (KB970430) (Version: 1) Sicherheitsupdate für Windows XP (KB971468) (Version: 1) Sicherheitsupdate für Windows XP (KB971486) (Version: 1) Sicherheitsupdate für Windows XP (KB971557) (Version: 1) Sicherheitsupdate für Windows XP (KB971633) (Version: 1) Sicherheitsupdate für Windows XP (KB971657) (Version: 1) Sicherheitsupdate für Windows XP (KB971961) (Version: 1) Sicherheitsupdate für Windows XP (KB972260) (Version: 1) Sicherheitsupdate für Windows XP (KB972270) (Version: 1) Sicherheitsupdate für Windows XP (KB973346) (Version: 1) Sicherheitsupdate für Windows XP (KB973354) (Version: 1) Sicherheitsupdate für Windows XP (KB973507) (Version: 1) Sicherheitsupdate für Windows XP (KB973525) (Version: 1) Sicherheitsupdate für Windows XP (KB973869) (Version: 1) Sicherheitsupdate für Windows XP (KB973904) (Version: 1) Sicherheitsupdate für Windows XP (KB974112) (Version: 1) Sicherheitsupdate für Windows XP (KB974318) (Version: 1) Sicherheitsupdate für Windows XP (KB974392) (Version: 1) Sicherheitsupdate für Windows XP (KB974455) (Version: 1) Sicherheitsupdate für Windows XP (KB974571) (Version: 1) Sicherheitsupdate für Windows XP (KB975025) (Version: 1) Sicherheitsupdate für Windows XP (KB975467) (Version: 1) Sicherheitsupdate für Windows XP (KB975560) (Version: 1) Sicherheitsupdate für Windows XP (KB975561) (Version: 1) Sicherheitsupdate für Windows XP (KB975562) (Version: 1) Sicherheitsupdate für Windows XP (KB975713) (Version: 1) Sicherheitsupdate für Windows XP (KB976325) (Version: 1) Sicherheitsupdate für Windows XP (KB977165) (Version: 1) Sicherheitsupdate für Windows XP (KB977816) (Version: 1) Sicherheitsupdate für Windows XP (KB977914) (Version: 1) Sicherheitsupdate für Windows XP (KB978037) (Version: 1) Sicherheitsupdate für Windows XP (KB978251) (Version: 1) Sicherheitsupdate für Windows XP (KB978262) (Version: 1) Sicherheitsupdate für Windows XP (KB978338) (Version: 1) Sicherheitsupdate für Windows XP (KB978542) (Version: 1) Sicherheitsupdate für Windows XP (KB978601) (Version: 1) Sicherheitsupdate für Windows XP (KB978706) (Version: 1) Sicherheitsupdate für Windows XP (KB979309) (Version: 1) Sicherheitsupdate für Windows XP (KB979482) (Version: 1) Sicherheitsupdate für Windows XP (KB979559) (Version: 1) Sicherheitsupdate für Windows XP (KB979683) (Version: 1) Sicherheitsupdate für Windows XP (KB979687) (Version: 1) Sicherheitsupdate für Windows XP (KB980195) (Version: 1) Sicherheitsupdate für Windows XP (KB980218) (Version: 1) Sicherheitsupdate für Windows XP (KB980232) (Version: 1) Sicherheitsupdate für Windows XP (KB980436) (Version: 1) Sicherheitsupdate für Windows XP (KB981322) (Version: 1) Sicherheitsupdate für Windows XP (KB981349) (Version: 1) Sicherheitsupdate für Windows XP (KB981997) (Version: 1) Sicherheitsupdate für Windows XP (KB982132) (Version: 1) Sicherheitsupdate für Windows XP (KB982214) (Version: 1) Sicherheitsupdate für Windows XP (KB982381) (Version: 1) Sicherheitsupdate für Windows XP (KB982665) (Version: 1) Skype™ 4.0 (Version: 4.0.226) SmartSound Quicktracks Plugin (Version: 3.0.0.26) Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0) sv.net (Version: 12.1) Ulead VideoStudio 8.0 (Version: 8.0) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update für Windows XP (KB2141007) (Version: 1) Update für Windows XP (KB2345886) (Version: 1) Update für Windows XP (KB2541763) (Version: 1) Update für Windows XP (KB2607712) (Version: 1) Update für Windows XP (KB2616676) (Version: 1) Update für Windows XP (KB2641690) (Version: 1) Update für Windows XP (KB2661254-v2) (Version: 2) Update für Windows XP (KB2718704) (Version: 1) Update für Windows XP (KB2736233) (Version: 1) Update für Windows XP (KB2749655) (Version: 1) Update für Windows XP (KB951978) (Version: 1) Update für Windows XP (KB955759) (Version: 1) Update für Windows XP (KB955839) (Version: 1) Update für Windows XP (KB967715) (Version: 1) Update für Windows XP (KB968389) (Version: 1) Update für Windows XP (KB971029) (Version: 1) Update für Windows XP (KB971737) (Version: 1) Update für Windows XP (KB973687) (Version: 1) Update für Windows XP (KB973815) (Version: 1) Update für Windows XP (KB976749) (Version: 1) Update für Windows XP (KB978207) (Version: 1) Update für Windows XP (KB980182) (Version: 1) WebFldrs XP (Version: 9.50.7523) Win-CASA 6 Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) (Version: 06/12/2006 6.81.0.21) Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0) Windows Imaging Component (Version: 3.0.0.0) Windows Media Encoder 9 Series Windows Media Encoder 9 Series (Version: 9.00.2980) Windows Media Format 11 runtime Windows XP Service Pack 3 (Version: 20080414.031514) YouTube Downloader 3.5 ==================== Restore Points ========================= 12-02-2013 09:16:08 Systemprüfpunkt 13-02-2013 17:00:46 Systemprüfpunkt 13-02-2013 23:32:11 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 13-02-2013 23:36:42 OpenOffice.org 3.1 wird entfernt 13-02-2013 23:39:23 OpenOffice.org 3.4.1 wird installiert 14-02-2013 00:28:34 Software Distribution Service 3.0 15-02-2013 07:36:23 Java 7 Update 9 wird entfernt 15-02-2013 07:37:00 Java 7 Update 13 wird installiert 17-02-2013 09:50:15 Systemprüfpunkt 18-02-2013 16:48:15 Systemprüfpunkt 20-02-2013 09:22:40 Systemprüfpunkt 20-02-2013 21:13:22 Java 7 Update 13 wird entfernt 20-02-2013 21:13:53 Java 7 Update 15 wird installiert 22-02-2013 09:05:00 Systemprüfpunkt 23-02-2013 19:54:48 Systemprüfpunkt 25-02-2013 16:04:57 Systemprüfpunkt 25-02-2013 23:29:13 Installiert Samsung New PC Studio 27-02-2013 09:40:41 Systemprüfpunkt 28-02-2013 09:55:26 Systemprüfpunkt 02-03-2013 07:42:04 Systemprüfpunkt 03-03-2013 08:37:46 Systemprüfpunkt 04-03-2013 09:35:40 Systemprüfpunkt 05-03-2013 10:33:32 Systemprüfpunkt 05-03-2013 22:19:21 Java 7 Update 15 wird entfernt 05-03-2013 22:19:53 Java 7 Update 17 wird installiert 07-03-2013 14:15:58 Systemprüfpunkt 07-03-2013 22:34:21 Java 7 Update 17 wird entfernt 07-03-2013 22:35:10 Java 7 Update 17 wird installiert 07-03-2013 22:45:36 JavaFX 2.1.1 wird entfernt 11-03-2013 14:17:14 Systemprüfpunkt 11-03-2013 22:26:05 Java 7 Update 17 wird entfernt 11-03-2013 22:36:21 Java(TM) 7 wird installiert 11-03-2013 22:39:53 Java(TM) 7 wird entfernt 13-03-2013 06:31:54 Systemprüfpunkt 13-03-2013 23:59:11 Software Distribution Service 3.0 14-03-2013 17:12:33 Software Distribution Service 3.0 14-03-2013 22:50:06 Java 7 Update 17 wird installiert 17-03-2013 16:35:15 Systemprüfpunkt 19-03-2013 09:01:36 Systemprüfpunkt 20-03-2013 09:40:26 Systemprüfpunkt 21-03-2013 16:09:37 Systemprüfpunkt 24-03-2013 07:45:05 Systemprüfpunkt 25-03-2013 14:38:59 Systemprüfpunkt 26-03-2013 16:12:27 Systemprüfpunkt 01-04-2013 11:05:13 Systemprüfpunkt 02-04-2013 15:21:55 Systemprüfpunkt 03-04-2013 23:07:03 Systemprüfpunkt 05-04-2013 06:58:38 Systemprüfpunkt 07-04-2013 15:54:49 Systemprüfpunkt 09-04-2013 06:51:43 Systemprüfpunkt 10-04-2013 08:52:52 Systemprüfpunkt 10-04-2013 22:29:50 Software Distribution Service 3.0 12-04-2013 15:55:09 Systemprüfpunkt 14-04-2013 08:05:34 Systemprüfpunkt 15-04-2013 21:53:24 Systemprüfpunkt 17-04-2013 08:16:12 Systemprüfpunkt 18-04-2013 12:43:23 Systemprüfpunkt 19-04-2013 15:53:41 Systemprüfpunkt 21-04-2013 08:26:07 Systemprüfpunkt 22-04-2013 12:15:21 Systemprüfpunkt 24-04-2013 08:33:53 Systemprüfpunkt 25-04-2013 17:57:35 Systemprüfpunkt 27-04-2013 15:12:38 Systemprüfpunkt 28-04-2013 16:51:07 Systemprüfpunkt 29-04-2013 17:07:16 Systemprüfpunkt 01-05-2013 09:06:21 Systemprüfpunkt 02-05-2013 16:10:24 Systemprüfpunkt 04-05-2013 16:06:12 Systemprüfpunkt 05-05-2013 17:24:29 Systemprüfpunkt 07-05-2013 09:12:05 Systemprüfpunkt 09-05-2013 09:54:40 Systemprüfpunkt 10-05-2013 18:33:50 Systemprüfpunkt 11-05-2013 22:52:47 Systemprüfpunkt ==================== Faulty Device Manager Devices ============= Name: Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2) Description: Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2) Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standardtastaturen) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (05/15/2013 00:29:00 AM) (Source: MSSQLSERVER) (User: ) Description: 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 32812 Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 32812 Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/15/2013 00:17:13 AM) (Source: MSSQLSERVER) (User: ) Description: 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 37578 Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 37578 Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/15/2013 00:11:28 AM) (Source: MSSQLSERVER) (User: ) Description: 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. Error: (05/15/2013 00:06:54 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 31891 System errors: ============= Error: (05/15/2013 00:51:06 AM) (Source: DCOM) (User: COMPUTERHANS) Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD AmdK8 Fips i8042prt IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error: (05/15/2013 00:50:05 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error: (05/15/2013 00:49:11 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (05/15/2013 00:38:15 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Systemereignisbenachrichtigung" wurde mit folgendem Fehler beendet: %%126 Microsoft Office Sessions: ========================= Error: (05/15/2013 00:29:00 AM) (Source: MSSQLSERVER)(User: ) Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 32812 Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 32812 Error: (05/15/2013 00:18:20 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/15/2013 00:17:13 AM) (Source: MSSQLSERVER)(User: ) Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 37578 Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 37578 Error: (05/15/2013 00:12:29 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/15/2013 00:11:28 AM) (Source: MSSQLSERVER)(User: ) Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. Error: (05/15/2013 00:06:54 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 31891 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 1918.42 MB Available physical RAM: 1667.48 MB Total Pagefile: 3815.59 MB Available Pagefile: 3753.38 MB Total Virtual: 2047.88 MB Available Virtual: 1976.48 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:137.04 GB) (Free:1.92 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (HP_RECOVERY) (Fixed) (Total:12 GB) (Free:1.64 GB) NTFS Drive f: () (Removable) (Total:3.71 GB) (Free:3.71 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149 GB) (Disk ID: 2DAF2DAF) Partition 1: (Active) - (Size=137 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 6606B857) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ |
|
15.05.2013, 00:29
| #2 |
| /// Malware-holic   | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner hi,
__________________im abges. Modus noch folgenes: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
15.05.2013, 01:31
| #3 |
| | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner Hallo markusg,
__________________hier die otl.txt und extra.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.05.2013 02:17:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = f:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 84,65% Memory free 3,73 Gb Paging File | 3,64 Gb Available in Paging File | 97,82% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 137,04 Gb Total Space | 4,51 Gb Free Space | 3,29% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,66% Space Free | Partition Type: NTFS Drive F: | 3,71 Gb Total Space | 3,71 Gb Free Space | 99,95% Space Free | Partition Type: FAT32 Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.15 01:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- f:\OTL.exe PRC - [2008.04.14 04:22:38 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\wi3232exe.dat -- (SENS) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013.04.13 10:20:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.15 00:50:23 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.03.13 10:03:30 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.06.20 09:19:11 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server) SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.10.29 09:03:16 | 001,089,608 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2008.09.08 09:46:56 | 001,185,496 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2003.07.02 09:36:54 | 000,516,096 | ---- | M] (Sage KHK Software) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe -- (LiveUpdateInstaller) SRV - [2002.12.17 16:55:12 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SRV - [2002.12.17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.04.05 13:31:50 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT) DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.05.27 07:29:56 | 000,068,424 | ---- | M] (G DATA Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD) DRV - [2009.05.21 20:36:48 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2009.05.21 12:43:53 | 000,048,712 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2009.05.21 12:43:47 | 000,032,328 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2008.07.11 14:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX) DRV - [2007.11.06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.07.30 14:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007.07.30 14:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007.05.04 14:40:22 | 000,215,040 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic) DRV - [2004.08.17 05:44:22 | 000,091,263 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b) DRV - [2004.08.04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004.08.04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004.08.04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004.08.04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004.08.04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004.08.04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004.08.04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004.08.04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004.08.04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004.08.04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004.08.04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004.08.04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004.08.04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004.08.04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004.08.04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2002.04.04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.13 10:20:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.16 08:47:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.04.03 11:04:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.03.21 23:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\extensions [2013.04.26 07:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions [2013.04.26 07:06:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\support@lastpass.com [2013.02.20 23:33:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\toolbar@ask.com [2012.02.17 22:21:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013.04.13 10:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.13 10:20:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.13 10:20:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.17 09:55:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 20:16:49 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.17 09:55:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.17 09:55:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.17 09:55:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.17 09:55:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 09:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin) O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro) O4 - HKLM..\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe () O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software AG) O4 - HKLM..\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe (INNOVA-engineering GmbH Dresden) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe () O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe File not found O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKLM..\RunOnce: [(4) HWRestore] C:\Sage\KHK\Handwerk\HWRESTORE.EXE (Sage KHK Software GmbH&Co.KG) O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\WINDOWS\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\QLINK.lnk = C:\program files\Lexmark Applications\QLink\QLINK.EXE (Lexmark) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EFD5704-5D07-4B54-8B2A-420BB016F3DE}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.04.30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ] O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{1ba73a2b-60fb-11df-bb73-002264278107}\Shell - "" = AutoRun O33 - MountPoints2\{1ba73a2b-60fb-11df-bb73-002264278107}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1ba73a2b-60fb-11df-bb73-002264278107}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SENS - C:\DOKUME~1\ALLUSE~1\ANWEND~1\wi3232exe.dat File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Unable to start System Restore Service. Error code 10 ========== Files/Folders - Created Within 30 Days ========== [2013.05.15 00:52:43 | 000,000,000 | ---D | C] -- C:\FRST [2013.05.14 01:23:25 | 000,000,000 | ---D | C] -- C:\Wiederhergestellte Dateien 13-05-13 [2013.05.12 21:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2013.05.04 20:32:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2013.05.04 20:31:25 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.04.16 08:46:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe [2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.15 02:05:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.15 02:05:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.15 02:01:23 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.ini [2013.05.15 01:58:59 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk [2013.05.15 01:58:56 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.05.15 00:38:01 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013.05.14 00:43:14 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.05.13 00:54:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.05.12 18:03:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.12 01:06:24 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2013.05.12 01:06:24 | 000,008,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB [2013.05.12 01:06:24 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB [2013.05.12 01:06:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Kein Protokoll [2013.05.04 20:32:03 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.05.04 20:17:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.04.25 23:24:42 | 000,471,880 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.04.25 23:24:42 | 000,451,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.04.25 23:24:42 | 000,090,282 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.04.25 23:24:42 | 000,075,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.04.16 08:46:19 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.12 01:01:40 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.ini [2013.05.12 00:08:10 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB [2013.05.12 00:07:51 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB [2013.05.04 20:32:03 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.04.16 08:46:19 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk [2013.04.16 08:46:19 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk [2013.02.26 01:31:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2013.02.26 01:31:44 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2013.02.26 01:31:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc [2012.10.15 21:25:03 | 000,124,792 | ---- | C] () -- C:\WINDOWS\Wiainst.exe [2012.10.15 21:24:54 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2012.10.15 21:24:54 | 000,145,408 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2012.10.15 21:23:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssa3mlm.dll [2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Programme\readme.html [2012.07.27 22:24:16 | 000,006,854 | RHS- | C] () -- C:\WINDOWS\innova3.ini [2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Programme\basis-link [2012.02.14 21:02:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.20 01:07:43 | 000,028,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.12.19 10:53:34 | 076,004,920 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exe2323iw.dat [2011.10.13 00:51:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009.12.31 15:27:24 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini [2009.05.20 22:57:46 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2009.05.20 22:57:46 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2009.05.20 22:57:46 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2009.05.20 14:19:12 | 000,110,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat [2009.05.20 05:36:08 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.04.27 12:04:28 | 000,451,928 | ---- | C] () -- C:\Programme\setup.exe [2009.04.27 12:04:04 | 140,387,075 | ---- | C] () -- C:\Programme\openofficeorg1.cab [2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Programme\openofficeorg31.msi [2009.04.27 06:43:50 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini ========== ZeroAccess Check ========== [2009.05.20 05:35:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.21 21:06:28 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.05.21 18:23:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\1&1 [2011.02.12 21:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ACD Systems [2010.05.01 23:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon [2009.08.08 13:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Datalayer [2013.03.11 01:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular [2010.09.15 23:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ! [2010.09.15 22:59:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!fax für FRITZ!Box [2011.12.18 02:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HandBrake [2012.07.27 22:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\innoplus [2009.08.23 11:28:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2009.08.02 19:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia [2009.08.02 20:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia Multimedia Player [2009.05.21 18:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org [2012.06.14 00:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle [2009.08.02 19:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite [2012.04.07 15:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi [2009.05.21 03:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView [2013.02.26 01:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung [2012.08.21 09:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2010.10.16 13:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird [2011.05.08 21:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems [2012.03.16 12:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\YouTube Downloader [2013.05.04 20:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2011.02.12 21:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2012.11.21 23:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask [2009.08.02 18:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2010.11.10 23:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender [2013.03.11 01:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2010.01.20 14:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2012.07.27 22:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\innoplus [2010.09.15 22:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch [2009.08.02 19:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012.02.25 11:42:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi [2013.02.26 01:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2011.05.08 20:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2011.05.08 21:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2012.03.05 17:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader [2011.12.18 01:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.09.01 21:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.05.21 20:43:40 | 000,000,000 | ---D | M] -- C:\70SP4 [2012.05.11 03:01:16 | 000,000,000 | ---D | M] -- C:\9f7803ddae81aabb78e04f476cd8feaa [2009.07.12 11:35:58 | 000,000,000 | ---D | M] -- C:\Banking [2009.05.20 05:44:07 | 000,000,000 | ---D | M] -- C:\Compaq [2013.05.04 20:32:50 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.05.20 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.04.08 21:16:51 | 000,000,000 | ---D | M] -- C:\Downloads [2009.08.14 23:19:30 | 000,000,000 | ---D | M] -- C:\e322ecf43298eabf7fb898a4 [2011.01.11 00:05:18 | 000,000,000 | ---D | M] -- C:\Endisch Dokumente [2012.01.22 19:48:42 | 000,000,000 | ---D | M] -- C:\FBBM [2013.05.12 00:06:46 | 000,000,000 | ---D | M] -- C:\Firma Doll [2009.05.21 19:58:28 | 000,000,000 | ---D | M] -- C:\Fotos [2013.05.15 00:52:43 | 000,000,000 | ---D | M] -- C:\FRST [2009.05.20 05:44:14 | 000,000,000 | -H-D | M] -- C:\fslrdr [2009.05.20 05:44:42 | 000,000,000 | -H-D | M] -- C:\hp [2011.11.04 20:36:41 | 000,000,000 | ---D | M] -- C:\Häuser [2009.05.20 14:26:48 | 000,000,000 | ---D | M] -- C:\i386 [2010.11.10 23:38:43 | 000,000,000 | ---D | M] -- C:\lexmark [2013.04.28 16:50:21 | 000,000,000 | ---D | M] -- C:\Private Dokumente Hans [2010.11.10 23:39:53 | 000,000,000 | ---D | M] -- C:\program files [2013.05.07 10:36:34 | 000,000,000 | R--D | M] -- C:\Programme [2012.06.27 21:55:42 | 000,000,000 | ---D | M] -- C:\QLINK [2011.10.13 00:51:39 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2009.05.21 19:52:42 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2009.05.21 20:24:36 | 000,000,000 | ---D | M] -- C:\Sage [2012.02.06 00:56:05 | 000,000,000 | ---D | M] -- C:\spoolerlogs [2009.05.20 17:53:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.05.20 17:53:18 | 000,000,000 | -H-D | M] -- C:\system.sav [2012.01.05 02:05:57 | 000,000,000 | ---D | M] -- C:\temp [2013.05.14 01:27:40 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 13-05-13 [2009.05.21 19:57:33 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 21-05-09 [2013.05.15 00:53:20 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2002.03.11 10:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsia.exe [2002.03.11 11:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsiw.exe [2009.04.27 12:04:28 | 000,451,928 | ---- | M] () -- C:\Programme\setup.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2006.05.16 16:27:22 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2006.05.16 16:27:22 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2009.09.01 20:59:29 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2011.04.24 23:13:05 | 000,001,100 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2011.04.24 23:13:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2012.10.15 21:34:52 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [2013.02.20 23:33:49 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job < MD5 for: AGP440.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: AHCIX86.SYS > [2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys [2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys < MD5 for: ATAPI.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 09:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 09:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 09:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVGTS.SYS > [2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys [2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 09:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 09:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 09:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 09:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.05.05 07:27:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.05.05 07:27:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.05.05 07:27:28 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2013.05.15 02:02:05 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2013.05.15 02:15:34 | 000,196,608 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG [2013.05.15 01:57:53 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.03.02 03:57:39 | 001,867,392 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.05.2013 02:17:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = f:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 84,65% Memory free
3,73 Gb Paging File | 3,64 Gb Available in Paging File | 97,82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 4,51 Gb Free Space | 3,29% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,71 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Programme\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen -- (Microsoft Corporation)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Programme\FRITZ!\igd_finder.exe" = C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe -- ()
"C:\Programme\FRITZ!\FriFax32.exe" = C:\Programme\FRITZ!\FriFax32.exe:*:Enabled:FRITZ!fax -- (AVM Berlin)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe" = C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe:*:Enabled:Samsung Scanner Discovery Module V2 -- ()
"C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe" = C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()
"C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe" = C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe" = C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe" = C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe" = C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC -- ()
"C:\Programme\Scan Assistant\USDAgent.exe" = C:\Programme\Scan Assistant\USDAgent.exe:*:Enabled:Samsung Scan Assistant - USDAgent.exe -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe:LocalSubNet:Enabled:Samsung Network PC Fax Monitor -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1EA84402-CD4F-4F19-AFED-C5C228259873}" = G DATA AntiVirus
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D0C290B-B527-11D3-8B9B-006097833640}" = Handwerk
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880A0DCF-E8C2-11D9-AAFD-0050BA1ACA6F}" = QLink
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F018BFDC-1ED3-4399-9009-4E1604BF2510}" = innoPlus bad
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"ElsterFormular" = ElsterFormular
"EOS Utility" = Canon Utilities EOS Utility
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"HandBrake" = HandBrake 0.9.5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PDF Complete" = PDF Complete
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Ravensburger tiptoi" = Ravensburger tiptoi
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-472x Series" = Samsung SCX-472x Series
"sv.net" = sv.net
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Win-CASA 6" = Win-CASA 6
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.05.2013 18:12:29 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37578
Error - 14.05.2013 18:17:13 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 14.05.2013 18:18:20 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.05.2013 18:18:20 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32812
Error - 14.05.2013 18:18:20 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32812
Error - 14.05.2013 18:29:00 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 14.05.2013 19:59:05 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 14.05.2013 20:00:04 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.05.2013 20:00:04 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15797
Error - 14.05.2013 20:00:04 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15797
[ System Events ]
Error - 14.05.2013 20:01:25 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemereignisbenachrichtigung" wurde mit folgendem Fehler
beendet: %%126
Error - 14.05.2013 20:05:51 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 14.05.2013 20:06:57 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AmdK8 Fips i8042prt IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
Error - 14.05.2013 20:15:27 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
|
|
15.05.2013, 13:52
| #4 |
| /// Malware-holic | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat
()
:files
:Commands
[emptytemp]
falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 Frage, ist das n Firem PC?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2013, 22:00
| #5 |
| | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner `n Abend Markus, hier die Datei aus dem OTL-Fix: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skype.dat moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 444357518 bytes ->Temporary Internet Files folder emptied: 206361694 bytes ->Java cache emptied: 8004841 bytes ->FireFox cache emptied: 420304006 bytes ->Flash cache emptied: 175846 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 65716 bytes ->Temporary Internet Files folder emptied: 353254 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 144068 bytes %systemroot%\System32 .tmp files removed: 5537543 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 144534677 bytes RecycleBin emptied: 136506422 bytes Total Files Cleaned = 1.303,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05152013_224746 Viele Grüsse Hans Hi Markus, der upload hat geklappt. Mein PC ist ein privater, auf dem ich als selbstständiger Handwerker auch einige Firmendaten habe. Hans |
|
15.05.2013, 22:48
| #6 |
| /// Malware-holic | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner ok, da ich was von ihk gesehen hab als Programm. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner |
|
16.05.2013, 22:54
| #7 |
| | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner Hallo Markusg, sorry, dass ich gestern weg war. Der Trojaner war verschwunden, meine Internetverbindung leider auch. Jetzt bin ich wieder online. Ich poste Dir noch die Killer-Datei. Ich nehme an, das ist um zu schauen, ob der Rechner sauber ist ? Auf jeden Fall bin ich unendlich dankbar für die Hilfe. Wie kann ich mich erkenntlich zeigen? Flasche Rotwein an Dich, Spende an das Board oder beides ? 00:03:36.0296 1628 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 00:03:36.0328 1628 ============================================================ 00:03:36.0328 1628 Current date / time: 2013/05/16 00:03:36.0328 00:03:36.0328 1628 SystemInfo: 00:03:36.0328 1628 00:03:36.0328 1628 OS Version: 5.1.2600 ServicePack: 3.0 00:03:36.0328 1628 Product type: Workstation 00:03:36.0328 1628 ComputerName: COMPUTERHANS 00:03:36.0328 1628 UserName: Administrator 00:03:36.0328 1628 Windows directory: C:\WINDOWS 00:03:36.0328 1628 System windows directory: C:\WINDOWS 00:03:36.0328 1628 Processor architecture: Intel x86 00:03:36.0328 1628 Number of processors: 2 00:03:36.0328 1628 Page size: 0x1000 00:03:36.0328 1628 Boot type: Safe boot 00:03:36.0328 1628 ============================================================ 00:03:38.0703 1628 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 00:03:38.0703 1628 Drive \Device\Harddisk1\DR3 - Size: 0xEE200000 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 00:03:38.0703 1628 ============================================================ 00:03:38.0703 1628 \Device\Harddisk0\DR0: 00:03:38.0703 1628 MBR partitions: 00:03:38.0703 1628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11212C62 00:03:38.0703 1628 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11212CA1, BlocksNum 0x1801F5F 00:03:38.0703 1628 \Device\Harddisk1\DR3: 00:03:38.0718 1628 MBR partitions: 00:03:38.0718 1628 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x368, BlocksNum 0x770C98 00:03:38.0718 1628 ============================================================ 00:03:38.0781 1628 C: <-> \Device\Harddisk0\DR0\Partition1 00:03:38.0828 1628 D: <-> \Device\Harddisk0\DR0\Partition2 00:03:38.0859 1628 ============================================================ 00:03:38.0859 1628 Initialize success 00:03:38.0859 1628 ============================================================ 00:04:32.0375 1652 ============================================================ 00:04:32.0375 1652 Scan started 00:04:32.0375 1652 Mode: Manual; SigCheck; TDLFS; 00:04:32.0375 1652 ============================================================ 00:04:33.0328 1652 ================ Scan system memory ======================== 00:04:33.0328 1652 System memory - ok 00:04:33.0328 1652 ================ Scan services ============================= 00:04:33.0640 1652 Abiosdsk - ok 00:04:33.0640 1652 abp480n5 - ok 00:04:33.0687 1652 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys 00:04:35.0906 1652 ac97intc - ok 00:04:35.0984 1652 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 00:04:36.0109 1652 ACPI - ok 00:04:36.0156 1652 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 00:04:36.0250 1652 ACPIEC - ok 00:04:36.0390 1652 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 00:04:36.0437 1652 AdobeFlashPlayerUpdateSvc - ok 00:04:36.0453 1652 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys 00:04:36.0562 1652 adpu160m - ok 00:04:36.0578 1652 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys 00:04:36.0609 1652 adpu320 ( UnsignedFile.Multi.Generic ) - warning 00:04:36.0609 1652 adpu320 - detected UnsignedFile.Multi.Generic (1) 00:04:36.0625 1652 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 00:04:36.0750 1652 aec - ok 00:04:36.0812 1652 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 00:04:36.0875 1652 AFD - ok 00:04:36.0890 1652 Aha154x - ok 00:04:36.0921 1652 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys 00:04:37.0046 1652 aic78u2 - ok 00:04:37.0062 1652 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys 00:04:37.0156 1652 aic78xx - ok 00:04:37.0203 1652 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 00:04:37.0328 1652 Alerter - ok 00:04:37.0343 1652 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 00:04:37.0437 1652 ALG - ok 00:04:37.0437 1652 AliIde - ok 00:04:37.0531 1652 [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 00:04:37.0578 1652 AmdK8 - ok 00:04:37.0625 1652 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\WINDOWS\system32\DRIVERS\AmdLLD.sys 00:04:37.0656 1652 AmdLLD - ok 00:04:37.0656 1652 amsint - ok 00:04:37.0859 1652 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:04:37.0875 1652 Apple Mobile Device - ok 00:04:37.0937 1652 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 00:04:38.0062 1652 AppMgmt - ok 00:04:38.0125 1652 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 00:04:38.0218 1652 Arp1394 - ok 00:04:38.0218 1652 asc - ok 00:04:38.0234 1652 asc3350p - ok 00:04:38.0234 1652 asc3550 - ok 00:04:38.0406 1652 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 00:04:38.0421 1652 aspnet_state - ok 00:04:38.0437 1652 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 00:04:38.0500 1652 AsyncMac - ok 00:04:38.0546 1652 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 00:04:38.0640 1652 atapi - ok 00:04:38.0640 1652 Atdisk - ok 00:04:38.0687 1652 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 00:04:38.0796 1652 Atmarpc - ok 00:04:38.0843 1652 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 00:04:38.0937 1652 AudioSrv - ok 00:04:39.0000 1652 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 00:04:39.0093 1652 audstub - ok 00:04:39.0328 1652 [ 4ED37A7F41891769AEB88C2408B3016F ] AVKProxy C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe 00:04:39.0562 1652 AVKProxy - ok 00:04:39.0734 1652 [ 909270C00354439BCC649A92C25D8B3F ] AVKService C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe 00:04:39.0812 1652 AVKService - ok 00:04:39.0984 1652 [ 690468933B8D00B66EF5DB73150F96EA ] AVKWCtl C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe 00:04:40.0640 1652 AVKWCtl - ok 00:04:40.0703 1652 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\WINDOWS\system32\drivers\avmeject.sys 00:04:40.0734 1652 avmeject ( UnsignedFile.Multi.Generic ) - warning 00:04:40.0734 1652 avmeject - detected UnsignedFile.Multi.Generic (1) 00:04:40.0796 1652 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 00:04:40.0906 1652 Beep - ok 00:04:40.0953 1652 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 00:04:41.0109 1652 BITS - ok 00:04:41.0234 1652 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe 00:04:41.0312 1652 Bonjour Service - ok 00:04:41.0359 1652 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 00:04:41.0390 1652 Browser - ok 00:04:41.0421 1652 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 00:04:41.0546 1652 cbidf2k - ok 00:04:41.0656 1652 [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8 C:\Programme\Canon\CAL\CALMAIN.exe 00:04:41.0671 1652 CCALib8 ( UnsignedFile.Multi.Generic ) - warning 00:04:41.0671 1652 CCALib8 - detected UnsignedFile.Multi.Generic (1) 00:04:41.0703 1652 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 00:04:41.0796 1652 CCDECODE - ok 00:04:41.0796 1652 cd20xrnt - ok 00:04:41.0843 1652 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 00:04:41.0953 1652 Cdaudio - ok 00:04:41.0968 1652 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 00:04:42.0062 1652 Cdfs - ok 00:04:42.0125 1652 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 00:04:42.0218 1652 Cdrom - ok 00:04:42.0218 1652 Changer - ok 00:04:42.0265 1652 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 00:04:42.0343 1652 CiSvc - ok 00:04:42.0375 1652 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 00:04:42.0484 1652 ClipSrv - ok 00:04:42.0515 1652 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:04:42.0531 1652 clr_optimization_v2.0.50727_32 - ok 00:04:42.0531 1652 CmdIde - ok 00:04:42.0546 1652 COMSysApp - ok 00:04:42.0562 1652 Cpqarray - ok 00:04:42.0734 1652 cpuz132 - ok 00:04:42.0765 1652 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 00:04:42.0859 1652 CryptSvc - ok 00:04:42.0859 1652 dac2w2k - ok 00:04:42.0875 1652 dac960nt - ok 00:04:42.0953 1652 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 00:04:43.0109 1652 DcomLaunch - ok 00:04:43.0171 1652 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 00:04:43.0265 1652 Dhcp - ok 00:04:43.0296 1652 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 00:04:43.0375 1652 Disk - ok 00:04:43.0375 1652 dmadmin - ok 00:04:43.0515 1652 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 00:04:43.0781 1652 dmboot - ok 00:04:43.0796 1652 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 00:04:43.0921 1652 dmio - ok 00:04:43.0953 1652 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 00:04:44.0078 1652 dmload - ok 00:04:44.0125 1652 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 00:04:44.0203 1652 dmserver - ok 00:04:44.0218 1652 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 00:04:44.0312 1652 DMusic - ok 00:04:44.0375 1652 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 00:04:44.0468 1652 Dnscache - ok 00:04:44.0546 1652 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 00:04:44.0640 1652 Dot3svc - ok 00:04:44.0656 1652 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys 00:04:44.0781 1652 dpti2o - ok 00:04:44.0843 1652 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 00:04:44.0906 1652 drmkaud - ok 00:04:44.0968 1652 [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys 00:04:45.0109 1652 E100B - ok 00:04:45.0156 1652 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 00:04:45.0250 1652 EapHost - ok 00:04:45.0281 1652 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 00:04:45.0359 1652 ERSvc - ok 00:04:45.0437 1652 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 00:04:45.0484 1652 Eventlog - ok 00:04:45.0562 1652 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 00:04:45.0625 1652 EventSystem - ok 00:04:45.0656 1652 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 00:04:45.0796 1652 Fastfat - ok 00:04:45.0843 1652 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 00:04:45.0906 1652 FastUserSwitchingCompatibility - ok 00:04:45.0921 1652 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 00:04:46.0000 1652 Fdc - ok 00:04:46.0046 1652 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 00:04:46.0125 1652 Fips - ok 00:04:46.0171 1652 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 00:04:46.0265 1652 Flpydisk - ok 00:04:46.0343 1652 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 00:04:46.0437 1652 FltMgr - ok 00:04:46.0500 1652 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 00:04:46.0515 1652 FontCache3.0.0.0 - ok 00:04:46.0593 1652 [ 037B3AB349BE884BB8CB9C5356E34717 ] FSLX C:\WINDOWS\system32\drivers\fslx.sys 00:04:46.0625 1652 FSLX ( UnsignedFile.Multi.Generic ) - warning 00:04:46.0625 1652 FSLX - detected UnsignedFile.Multi.Generic (1) 00:04:46.0703 1652 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS 00:04:46.0718 1652 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning 00:04:46.0718 1652 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1) 00:04:46.0812 1652 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe 00:04:46.0843 1652 FsUsbExService - ok 00:04:46.0890 1652 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 00:04:46.0968 1652 Fs_Rec - ok 00:04:47.0000 1652 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 00:04:47.0109 1652 Ftdisk - ok 00:04:47.0171 1652 [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB C:\WINDOWS\system32\DRIVERS\fwlanusb.sys 00:04:47.0265 1652 FWLANUSB - ok 00:04:47.0328 1652 [ 9A58148406E1BB4A2265B84320DEDC2B ] GDMnIcpt C:\WINDOWS\system32\drivers\MiniIcpt.sys 00:04:47.0375 1652 GDMnIcpt - ok 00:04:47.0453 1652 [ E6D8269EE03119FA4C54B7B59D9699BF ] GDTdiInterceptor C:\WINDOWS\system32\drivers\GDTdiIcpt.sys 00:04:47.0484 1652 GDTdiInterceptor - ok 00:04:47.0531 1652 [ 185ADA973B5020655CEE342059A86CBB ] GearAspiWDM C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 00:04:47.0531 1652 GearAspiWDM - ok 00:04:47.0578 1652 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 00:04:47.0687 1652 Gpc - ok 00:04:47.0765 1652 [ AAEA50A15F0E0B0E92848DBFDC072ECE ] GRD C:\WINDOWS\system32\drivers\GRD.sys 00:04:47.0796 1652 GRD - ok 00:04:47.0937 1652 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe 00:04:47.0968 1652 gupdate - ok 00:04:47.0984 1652 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe 00:04:48.0000 1652 gupdatem - ok 00:04:48.0046 1652 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 00:04:48.0140 1652 HDAudBus - ok 00:04:48.0234 1652 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 00:04:48.0328 1652 helpsvc - ok 00:04:48.0328 1652 HidServ - ok 00:04:48.0375 1652 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 00:04:48.0468 1652 HidUsb - ok 00:04:48.0531 1652 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 00:04:48.0609 1652 hkmsvc - ok 00:04:48.0640 1652 [ 33EF584AA0B583D2F106D62FD3A5A053 ] HookCentre C:\WINDOWS\system32\drivers\HookCentre.sys 00:04:48.0671 1652 HookCentre - ok 00:04:48.0671 1652 hpn - ok 00:04:48.0750 1652 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 00:04:48.0859 1652 HTTP - ok 00:04:48.0937 1652 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 00:04:49.0031 1652 HTTPFilter - ok 00:04:49.0031 1652 i2omgmt - ok 00:04:49.0046 1652 i2omp - ok 00:04:49.0078 1652 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 00:04:49.0171 1652 i8042prt - ok 00:04:49.0218 1652 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 00:04:49.0328 1652 i81x - ok 00:04:49.0359 1652 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 00:04:49.0453 1652 iAimFP0 - ok 00:04:49.0484 1652 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 00:04:49.0546 1652 iAimFP1 - ok 00:04:49.0562 1652 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 00:04:49.0640 1652 iAimFP2 - ok 00:04:49.0671 1652 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 00:04:49.0750 1652 iAimFP3 - ok 00:04:49.0765 1652 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 00:04:49.0828 1652 iAimFP4 - ok 00:04:49.0828 1652 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys 00:04:49.0890 1652 iAimFP5 - ok 00:04:49.0921 1652 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys 00:04:50.0000 1652 iAimFP6 - ok 00:04:50.0000 1652 [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys 00:04:50.0093 1652 iAimFP7 - ok 00:04:50.0125 1652 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 00:04:50.0218 1652 iAimTV0 - ok 00:04:50.0218 1652 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 00:04:50.0296 1652 iAimTV1 - ok 00:04:50.0328 1652 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 00:04:50.0390 1652 iAimTV3 - ok 00:04:50.0406 1652 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 00:04:50.0468 1652 iAimTV4 - ok 00:04:50.0484 1652 [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys 00:04:50.0578 1652 iAimTV5 - ok 00:04:50.0578 1652 [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys 00:04:50.0656 1652 iAimTV6 - ok 00:04:50.0750 1652 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe 00:04:50.0796 1652 IDriverT ( UnsignedFile.Multi.Generic ) - warning 00:04:50.0796 1652 IDriverT - detected UnsignedFile.Multi.Generic (1) 00:04:50.0953 1652 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 00:04:51.0156 1652 idsvc - ok 00:04:51.0265 1652 [ E28602C9E17B0DDCE9F5DEB3B3E2A635 ] IGDCTRL C:\Programme\FRITZ!DSL\IGDCTRL.EXE 00:04:51.0281 1652 IGDCTRL - ok 00:04:51.0296 1652 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 00:04:51.0390 1652 Imapi - ok 00:04:51.0453 1652 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 00:04:51.0562 1652 ImapiService - ok 00:04:51.0562 1652 ini910u - ok 00:04:52.0218 1652 [ E5C925B50154D102734AB446ADE781F4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 00:04:53.0359 1652 IntcAzAudAddService - ok 00:04:53.0390 1652 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 00:04:53.0484 1652 IntelIde - ok 00:04:53.0531 1652 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 00:04:53.0640 1652 Ip6Fw - ok 00:04:53.0687 1652 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 00:04:53.0812 1652 IpFilterDriver - ok 00:04:53.0828 1652 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 00:04:53.0937 1652 IpInIp - ok 00:04:53.0984 1652 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 00:04:54.0109 1652 IpNat - ok 00:04:54.0234 1652 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Programme\iPod\bin\iPodService.exe 00:04:54.0343 1652 iPod Service - ok 00:04:54.0375 1652 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 00:04:54.0468 1652 IPSec - ok 00:04:54.0515 1652 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 00:04:54.0609 1652 IRENUM - ok 00:04:54.0640 1652 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 00:04:54.0718 1652 isapnp - ok 00:04:54.0859 1652 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 00:04:54.0890 1652 JavaQuickStarterService - ok 00:04:54.0937 1652 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 00:04:55.0015 1652 Kbdclass - ok 00:04:55.0031 1652 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 00:04:55.0093 1652 kbdhid - ok 00:04:55.0156 1652 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 00:04:55.0250 1652 kmixer - ok 00:04:55.0312 1652 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 00:04:55.0390 1652 KSecDD - ok 00:04:55.0437 1652 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 00:04:55.0468 1652 lanmanserver - ok 00:04:55.0546 1652 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 00:04:55.0593 1652 lanmanworkstation - ok 00:04:55.0609 1652 lbrtfdc - ok 00:04:55.0796 1652 [ 6BEEBED6ADF0FFE4CADF78AB5FCD017C ] LiveUpdateInstaller C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe 00:04:55.0921 1652 LiveUpdateInstaller ( UnsignedFile.Multi.Generic ) - warning 00:04:55.0921 1652 LiveUpdateInstaller - detected UnsignedFile.Multi.Generic (1) 00:04:55.0984 1652 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 00:04:56.0062 1652 LmHosts - ok 00:04:56.0109 1652 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 00:04:56.0187 1652 Messenger - ok 00:04:56.0218 1652 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 00:04:56.0328 1652 mnmdd - ok 00:04:56.0375 1652 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 00:04:56.0437 1652 mnmsrvc - ok 00:04:56.0468 1652 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 00:04:56.0578 1652 Modem - ok 00:04:56.0593 1652 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 00:04:56.0671 1652 Mouclass - ok 00:04:56.0718 1652 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 00:04:56.0812 1652 mouhid - ok 00:04:56.0859 1652 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 00:04:56.0937 1652 MountMgr - ok 00:04:57.0015 1652 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 00:04:57.0046 1652 MozillaMaintenance - ok 00:04:57.0046 1652 mraid35x - ok 00:04:57.0078 1652 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 00:04:57.0171 1652 MRxDAV - ok 00:04:57.0265 1652 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 00:04:57.0390 1652 MRxSmb - ok 00:04:57.0437 1652 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 00:04:57.0546 1652 MSDTC - ok 00:04:57.0578 1652 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 00:04:57.0656 1652 Msfs - ok 00:04:57.0656 1652 MSIServer - ok 00:04:57.0687 1652 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 00:04:57.0781 1652 MSKSSRV - ok 00:04:57.0812 1652 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 00:04:57.0921 1652 MSPCLOCK - ok 00:04:57.0953 1652 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 00:04:58.0015 1652 MSPQM - ok 00:04:58.0062 1652 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 00:04:58.0140 1652 mssmbios - ok 00:04:58.0203 1652 MSSQLSERVER - ok 00:04:58.0250 1652 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe 00:04:58.0281 1652 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning 00:04:58.0281 1652 MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1) 00:04:58.0328 1652 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 00:04:58.0406 1652 MSTEE - ok 00:04:58.0453 1652 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 00:04:58.0531 1652 Mup - ok 00:04:58.0562 1652 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 00:04:58.0671 1652 NABTSFEC - ok 00:04:58.0750 1652 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 00:04:58.0859 1652 napagent - ok 00:04:58.0937 1652 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 00:04:59.0000 1652 NDIS - ok 00:04:59.0046 1652 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 00:04:59.0156 1652 NdisIP - ok 00:04:59.0218 1652 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 00:04:59.0234 1652 NdisTapi - ok 00:04:59.0281 1652 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 00:04:59.0375 1652 Ndisuio - ok 00:04:59.0390 1652 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 00:04:59.0421 1652 NdisWan - ok 00:04:59.0484 1652 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 00:04:59.0546 1652 NDProxy - ok 00:04:59.0562 1652 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 00:04:59.0656 1652 NetBIOS - ok 00:04:59.0734 1652 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 00:04:59.0828 1652 NetBT - ok 00:04:59.0906 1652 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 00:05:00.0015 1652 NetDDE - ok 00:05:00.0031 1652 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 00:05:00.0093 1652 NetDDEdsdm - ok 00:05:00.0140 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 00:05:00.0234 1652 Netlogon - ok 00:05:00.0312 1652 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 00:05:00.0406 1652 Netman - ok 00:05:00.0468 1652 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 00:05:00.0484 1652 NetTcpPortSharing - ok 00:05:00.0515 1652 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 00:05:00.0609 1652 NIC1394 - ok 00:05:00.0687 1652 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 00:05:00.0781 1652 Nla - ok 00:05:00.0859 1652 [ 5ABB6B2461C4EB0AFDF1BF7F03963D59 ] Nokia USB Generic C:\WINDOWS\system32\drivers\nmwcdc.sys 00:05:00.0984 1652 Nokia USB Generic - ok 00:05:01.0062 1652 [ 353C16D21EEC1F11306270040B3713C1 ] Nokia USB Modem C:\WINDOWS\system32\drivers\nmwcdcm.sys 00:05:01.0093 1652 Nokia USB Modem - ok 00:05:01.0156 1652 [ F5B1200C75B160C81E7E48CC0489AA5E ] Nokia USB Phone Parent C:\WINDOWS\system32\drivers\nmwcd.sys 00:05:01.0203 1652 Nokia USB Phone Parent - ok 00:05:01.0250 1652 [ 353C16D21EEC1F11306270040B3713C1 ] Nokia USB Port C:\WINDOWS\system32\drivers\nmwcdcj.sys 00:05:01.0265 1652 Nokia USB Port - ok 00:05:01.0296 1652 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 00:05:01.0375 1652 Npfs - ok 00:05:01.0484 1652 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 00:05:01.0703 1652 Ntfs - ok 00:05:01.0718 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 00:05:01.0796 1652 NtLmSsp - ok 00:05:01.0890 1652 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 00:05:02.0062 1652 NtmsSvc - ok 00:05:02.0109 1652 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 00:05:02.0218 1652 Null - ok 00:05:03.0078 1652 [ CCE4877E45F5300FFFBB4A6BC5E7FDA7 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 00:05:04.0671 1652 nv - ok 00:05:04.0703 1652 [ 1492C7738F68625805F5F53C8BAD24C6 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 00:05:04.0765 1652 NVENETFD - ok 00:05:04.0812 1652 [ AE73E61F07DDC84255BECE6B02F18390 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 00:05:04.0859 1652 nvnetbus - ok 00:05:04.0906 1652 [ 4E281506A2ECD3B341D06598DBA97005 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe 00:05:04.0937 1652 NVSvc - ok 00:05:04.0968 1652 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 00:05:05.0078 1652 NwlnkFlt - ok 00:05:05.0093 1652 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 00:05:05.0187 1652 NwlnkFwd - ok 00:05:05.0250 1652 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 00:05:05.0343 1652 ohci1394 - ok 00:05:05.0359 1652 [ A7AF0C0860F1C43FC6581BA8A99EABEF ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys 00:05:05.0453 1652 P3 - ok 00:05:05.0484 1652 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 00:05:05.0593 1652 Parport - ok 00:05:05.0656 1652 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 00:05:05.0750 1652 PartMgr - ok 00:05:05.0781 1652 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 00:05:05.0906 1652 ParVdm - ok 00:05:06.0000 1652 [ 2A42DDAEAAE7743C55A3FA68A7AD9538 ] PCA C:\WINDOWS\SMINST\PCAngel.exe 00:05:06.0062 1652 PCA ( UnsignedFile.Multi.Generic ) - warning 00:05:06.0062 1652 PCA - detected UnsignedFile.Multi.Generic (1) 00:05:06.0109 1652 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 00:05:06.0203 1652 PCI - ok 00:05:06.0203 1652 PCIDump - ok 00:05:06.0218 1652 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 00:05:06.0312 1652 PCIIde - ok 00:05:06.0359 1652 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 00:05:06.0437 1652 Pcmcia - ok 00:05:06.0437 1652 PDCOMP - ok 00:05:06.0484 1652 pdfcDispatcher - ok 00:05:06.0484 1652 PDFRAME - ok 00:05:06.0484 1652 PDRELI - ok 00:05:06.0500 1652 PDRFRAME - ok 00:05:06.0500 1652 perc2 - ok 00:05:06.0515 1652 perc2hib - ok 00:05:06.0546 1652 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 00:05:06.0578 1652 PlugPlay - ok 00:05:06.0593 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 00:05:06.0671 1652 PolicyAgent - ok 00:05:06.0734 1652 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 00:05:06.0859 1652 PptpMiniport - ok 00:05:06.0875 1652 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 00:05:06.0968 1652 Processor - ok 00:05:06.0968 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 00:05:07.0046 1652 ProtectedStorage - ok 00:05:07.0062 1652 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 00:05:07.0140 1652 PSched - ok 00:05:07.0203 1652 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 00:05:07.0312 1652 Ptilink - ok 00:05:07.0359 1652 [ B572ED0C3E6165643FA116AF20425A54 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 00:05:07.0375 1652 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 00:05:07.0375 1652 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 00:05:07.0375 1652 ql1080 - ok 00:05:07.0390 1652 Ql10wnt - ok 00:05:07.0390 1652 ql12160 - ok 00:05:07.0406 1652 ql1240 - ok 00:05:07.0406 1652 ql1280 - ok 00:05:07.0421 1652 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 00:05:07.0515 1652 RasAcd - ok 00:05:07.0578 1652 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 00:05:07.0656 1652 RasAuto - ok 00:05:07.0687 1652 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 00:05:07.0781 1652 Rasl2tp - ok 00:05:07.0828 1652 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 00:05:07.0937 1652 RasMan - ok 00:05:07.0953 1652 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 00:05:08.0031 1652 RasPppoe - ok 00:05:08.0046 1652 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 00:05:08.0140 1652 Raspti - ok 00:05:08.0171 1652 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 00:05:08.0265 1652 Rdbss - ok 00:05:08.0265 1652 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 00:05:08.0375 1652 RDPCDD - ok 00:05:08.0406 1652 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 00:05:08.0515 1652 rdpdr - ok 00:05:08.0562 1652 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 00:05:08.0625 1652 RDPWD - ok 00:05:08.0687 1652 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 00:05:08.0812 1652 RDSessMgr - ok 00:05:08.0859 1652 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 00:05:08.0937 1652 redbook - ok 00:05:08.0984 1652 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 00:05:09.0078 1652 RemoteAccess - ok 00:05:09.0140 1652 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 00:05:09.0234 1652 RemoteRegistry - ok 00:05:09.0281 1652 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 00:05:09.0375 1652 RpcLocator - ok 00:05:09.0437 1652 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 00:05:09.0500 1652 RpcSs - ok 00:05:09.0531 1652 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 00:05:09.0671 1652 RSVP - ok 00:05:09.0734 1652 [ 180A0296BF259C1AEEB8DC100CC87A31 ] RTL8187B C:\WINDOWS\system32\DRIVERS\RTL8187B.sys 00:05:09.0796 1652 RTL8187B ( UnsignedFile.Multi.Generic ) - warning 00:05:09.0796 1652 RTL8187B - detected UnsignedFile.Multi.Generic (1) 00:05:09.0812 1652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 00:05:09.0875 1652 SamSs - ok 00:05:10.0031 1652 [ 66EB70B8F5F53C11C98B14637B2F6E84 ] Samsung Network Fax Server C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe 00:05:10.0062 1652 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - warning 00:05:10.0062 1652 Samsung Network Fax Server - detected UnsignedFile.Multi.Generic (1) 00:05:10.0109 1652 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 00:05:10.0187 1652 SCardSvr - ok 00:05:10.0265 1652 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 00:05:10.0359 1652 Schedule - ok 00:05:10.0406 1652 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 00:05:10.0484 1652 Secdrv - ok 00:05:10.0515 1652 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 00:05:10.0609 1652 seclogon - ok 00:05:10.0640 1652 SENS - ok 00:05:10.0671 1652 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 00:05:10.0781 1652 serenum - ok 00:05:10.0812 1652 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 00:05:10.0937 1652 Serial - ok 00:05:11.0031 1652 [ 4C0A4FEFD62519552C0E5171F418C4BC ] ServiceLayer C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe 00:05:11.0062 1652 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 00:05:11.0062 1652 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 00:05:11.0109 1652 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 00:05:11.0203 1652 Sfloppy - ok 00:05:11.0296 1652 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 00:05:11.0437 1652 SharedAccess - ok 00:05:11.0468 1652 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 00:05:11.0500 1652 ShellHWDetection - ok 00:05:11.0500 1652 Simbad - ok 00:05:11.0515 1652 SjyPkt - ok 00:05:11.0546 1652 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 00:05:11.0640 1652 SLIP - ok 00:05:11.0656 1652 Sparrow - ok 00:05:11.0671 1652 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 00:05:11.0750 1652 splitter - ok 00:05:11.0812 1652 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 00:05:11.0890 1652 Spooler - ok 00:05:11.0890 1652 SQLSERVERAGENT - ok 00:05:11.0968 1652 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 00:05:12.0062 1652 sr - ok 00:05:12.0140 1652 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 00:05:12.0234 1652 srservice - ok 00:05:12.0296 1652 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 00:05:12.0468 1652 Srv - ok 00:05:12.0515 1652 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 00:05:12.0593 1652 SSDPSRV - ok 00:05:12.0687 1652 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\WINDOWS\system32\Drivers\SSPORT.sys 00:05:12.0703 1652 SSPORT ( UnsignedFile.Multi.Generic ) - warning 00:05:12.0703 1652 SSPORT - detected UnsignedFile.Multi.Generic (1) 00:05:12.0796 1652 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 00:05:12.0968 1652 stisvc - ok 00:05:12.0984 1652 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 00:05:13.0062 1652 streamip - ok 00:05:13.0109 1652 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 00:05:13.0187 1652 swenum - ok 00:05:13.0218 1652 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 00:05:13.0296 1652 swmidi - ok 00:05:13.0312 1652 SwPrv - ok 00:05:13.0359 1652 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys 00:05:13.0453 1652 symc810 - ok 00:05:13.0468 1652 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys 00:05:13.0593 1652 symc8xx - ok 00:05:13.0640 1652 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys 00:05:13.0640 1652 Symmpi ( UnsignedFile.Multi.Generic ) - warning 00:05:13.0640 1652 Symmpi - detected UnsignedFile.Multi.Generic (1) 00:05:13.0656 1652 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys 00:05:13.0781 1652 sym_hi - ok 00:05:13.0796 1652 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys 00:05:13.0890 1652 sym_u3 - ok 00:05:13.0921 1652 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 00:05:14.0000 1652 sysaudio - ok 00:05:14.0046 1652 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 00:05:14.0156 1652 SysmonLog - ok 00:05:14.0218 1652 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 00:05:14.0328 1652 TapiSrv - ok 00:05:14.0406 1652 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 00:05:14.0500 1652 Tcpip - ok 00:05:14.0531 1652 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 00:05:14.0593 1652 TDPIPE - ok 00:05:14.0625 1652 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 00:05:14.0718 1652 TDTCP - ok 00:05:14.0734 1652 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 00:05:14.0890 1652 TermDD - ok 00:05:14.0984 1652 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 00:05:15.0093 1652 TermService - ok 00:05:15.0125 1652 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 00:05:15.0140 1652 Themes - ok 00:05:15.0187 1652 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 00:05:15.0296 1652 TlntSvr - ok 00:05:15.0312 1652 TosIde - ok 00:05:15.0375 1652 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 00:05:15.0468 1652 TrkWks - ok 00:05:15.0500 1652 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 00:05:15.0609 1652 Udfs - ok 00:05:15.0671 1652 [ CA90D2C55EB3BB90687677BEA3DB0B59 ] UleadBurningHelper C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe 00:05:15.0687 1652 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning 00:05:15.0687 1652 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1) 00:05:15.0687 1652 ultra - ok 00:05:15.0796 1652 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 00:05:15.0906 1652 upnphost - ok 00:05:15.0953 1652 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 00:05:16.0062 1652 UPS - ok 00:05:16.0109 1652 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 00:05:16.0156 1652 USBAAPL ( UnsignedFile.Multi.Generic ) - warning 00:05:16.0156 1652 USBAAPL - detected UnsignedFile.Multi.Generic (1) 00:05:16.0218 1652 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 00:05:16.0296 1652 usbccgp - ok 00:05:16.0343 1652 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 00:05:16.0421 1652 usbehci - ok 00:05:16.0468 1652 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 00:05:16.0546 1652 usbhub - ok 00:05:16.0578 1652 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys 00:05:16.0656 1652 usbohci - ok 00:05:16.0703 1652 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 00:05:16.0812 1652 usbprint - ok 00:05:16.0828 1652 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 00:05:16.0921 1652 usbscan - ok 00:05:16.0953 1652 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 00:05:17.0046 1652 USBSTOR - ok 00:05:17.0078 1652 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 00:05:17.0156 1652 usbuhci - ok 00:05:17.0203 1652 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 00:05:17.0281 1652 VgaSave - ok 00:05:17.0296 1652 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys 00:05:17.0390 1652 ViaIde - ok 00:05:17.0406 1652 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 00:05:17.0484 1652 VolSnap - ok 00:05:17.0562 1652 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 00:05:17.0687 1652 VSS - ok 00:05:17.0750 1652 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 00:05:17.0859 1652 W32Time - ok 00:05:17.0921 1652 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 00:05:18.0000 1652 Wanarp - ok 00:05:18.0000 1652 WDICA - ok 00:05:18.0031 1652 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 00:05:18.0125 1652 wdmaud - ok 00:05:18.0187 1652 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 00:05:18.0265 1652 WebClient - ok 00:05:18.0390 1652 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 00:05:18.0484 1652 winmgmt - ok 00:05:18.0531 1652 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 00:05:18.0593 1652 WmdmPmSN - ok 00:05:18.0703 1652 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 00:05:18.0921 1652 Wmi - ok 00:05:18.0937 1652 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 00:05:19.0046 1652 WmiApSrv - ok 00:05:19.0234 1652 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 00:05:19.0453 1652 WMPNetworkSvc - ok 00:05:19.0500 1652 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 00:05:19.0531 1652 WpdUsb - ok 00:05:19.0593 1652 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 00:05:19.0687 1652 WS2IFSL - ok 00:05:19.0765 1652 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 00:05:19.0859 1652 wscsvc - ok 00:05:19.0906 1652 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 00:05:19.0984 1652 WSTCODEC - ok 00:05:20.0031 1652 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 00:05:20.0109 1652 wuauserv - ok 00:05:20.0171 1652 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 00:05:20.0234 1652 WudfPf - ok 00:05:20.0250 1652 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 00:05:20.0265 1652 WudfRd - ok 00:05:20.0312 1652 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 00:05:20.0343 1652 WudfSvc - ok 00:05:20.0453 1652 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 00:05:20.0593 1652 WZCSVC - ok 00:05:20.0671 1652 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 00:05:20.0796 1652 xmlprov - ok 00:05:20.0859 1652 [ 58C938BDD89281DC1A64B1DCE675FCE4 ] ZSMC301b C:\WINDOWS\system32\Drivers\usbVM31b.sys 00:05:20.0890 1652 ZSMC301b - ok 00:05:20.0937 1652 ================ Scan global =============================== 00:05:21.0000 1652 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 00:05:21.0093 1652 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 00:05:21.0156 1652 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 00:05:21.0171 1652 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 00:05:21.0171 1652 [Global] - ok 00:05:21.0171 1652 ================ Scan MBR ================================== 00:05:21.0203 1652 [ 4F02A8D4048A138C450ED7F867EB0144 ] \Device\Harddisk0\DR0 00:05:21.0500 1652 \Device\Harddisk0\DR0 - ok 00:05:21.0515 1652 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR3 00:05:21.0656 1652 \Device\Harddisk1\DR3 - ok 00:05:21.0656 1652 ================ Scan VBR ================================== 00:05:21.0656 1652 [ E297A6E7B851D3099B4B27FFED13283D ] \Device\Harddisk0\DR0\Partition1 00:05:21.0656 1652 \Device\Harddisk0\DR0\Partition1 - ok 00:05:21.0671 1652 [ EB745B4E738B10DDD9F51CC02EC4A524 ] \Device\Harddisk0\DR0\Partition2 00:05:21.0671 1652 \Device\Harddisk0\DR0\Partition2 - ok 00:05:21.0671 1652 [ A907C4F5960CF608FC6D56B878BF190E ] \Device\Harddisk1\DR3\Partition1 00:05:21.0671 1652 \Device\Harddisk1\DR3\Partition1 - ok 00:05:21.0671 1652 ============================================================ 00:05:21.0671 1652 Scan finished 00:05:21.0671 1652 ============================================================ 00:05:21.0781 1644 Detected object count: 17 00:05:21.0781 1644 Actual detected object count: 17 00:09:40.0906 1644 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0906 1644 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0906 1644 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0906 1644 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0906 1644 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0906 1644 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0906 1644 FSLX ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0906 1644 FSLX ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0921 1644 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0921 1644 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0921 1644 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0921 1644 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0921 1644 LiveUpdateInstaller ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0921 1644 LiveUpdateInstaller ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0921 1644 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0921 1644 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0921 1644 PCA ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0921 1644 PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0937 1644 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0937 1644 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0937 1644 RTL8187B ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0937 1644 RTL8187B ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0937 1644 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0937 1644 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0937 1644 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0937 1644 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0937 1644 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0937 1644 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0937 1644 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0937 1644 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0953 1644 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0953 1644 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:09:40.0953 1644 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user 00:09:40.0953 1644 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
16.05.2013, 23:40
| #8 |
| /// Malware-holic | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner Hi spenden kannst du gerne, wenn wir fertig sind, wir führen noch einige Scans aus und sichern den pc ab Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.05.2013, 01:05
| #9 |
| | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner Hi, hab mich zu früh gefreut. Konnte den Rechner zehn Minuten benutzen, dann hatte ich den GVU-Bildschirm wieder. Ich habe dann die Killer.exe nochmal ausgeführt. Combofix habe ich runtergeladen. Das Problem ist, dass mein PC nur im abgesicherten Modus MIT Eingabeaufforderung läuft. Normaler abgesicherter Modus stürzt ab. Ich kann also den Virenscanner (G Data) nicht ausschalten. Combofix beschwert sich genau darüber. Nun will Combofix ins Internet, um sich die Microsoft-Wiederherstellungskonsole zu laden. Aber in diesem DOS-Bildschirm krieg ich ja keine Internet-Verbindung hin. Was tun ? |
|
17.05.2013, 11:44
| #10 |
| /// Malware-holic | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner Auf jeden fall mal finger weg von illegalen streamings wie kinox.to, nur bei uns bzw auf von mir genannten pages surfen. neues otl log erstellen und posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.05.2013, 20:56
| #11 |
| | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner Hallo, hier zum zweiten mal die otl und extras logs :OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.05.2013 21:47:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 82,49% Memory free 3,73 Gb Paging File | 3,65 Gb Available in Paging File | 97,84% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 137,04 Gb Total Space | 6,29 Gb Free Space | 4,59% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,67% Space Free | Partition Type: NTFS Drive F: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,75% Space Free | Partition Type: FAT32 Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.15 01:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013.05.17 01:03:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.13 10:20:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.15 00:50:23 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.06.20 09:19:11 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server) SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.10.29 09:03:16 | 001,089,608 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2008.09.08 09:46:56 | 001,185,496 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2003.07.02 09:36:54 | 000,516,096 | ---- | M] (Sage KHK Software) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe -- (LiveUpdateInstaller) SRV - [2002.12.17 16:55:12 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SRV - [2002.12.17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2011.04.05 13:31:50 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT) DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.05.27 07:29:56 | 000,068,424 | ---- | M] (G DATA Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD) DRV - [2009.05.21 20:36:48 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2009.05.21 12:43:53 | 000,048,712 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2009.05.21 12:43:47 | 000,032,328 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2008.07.11 14:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX) DRV - [2007.11.06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.07.30 14:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007.07.30 14:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007.05.04 14:40:22 | 000,215,040 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic) DRV - [2004.08.17 05:44:22 | 000,091,263 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b) DRV - [2004.08.04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004.08.04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004.08.04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004.08.04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004.08.04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004.08.04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004.08.04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004.08.04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004.08.04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004.08.04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004.08.04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004.08.04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004.08.04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004.08.04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004.08.04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2002.04.04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.13 10:20:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.16 08:47:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.04.03 11:04:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.03.21 23:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\extensions [2013.04.26 07:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions [2013.04.26 07:06:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\support@lastpass.com [2013.02.20 23:33:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\toolbar@ask.com [2012.02.17 22:21:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013.04.13 10:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.13 10:20:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.13 10:20:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.17 09:55:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 20:16:49 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.17 09:55:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.17 09:55:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.17 09:55:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.17 09:55:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.17 02:15:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin) O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro) O4 - HKLM..\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe () O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software AG) O4 - HKLM..\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe (INNOVA-engineering GmbH Dresden) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe () O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKLM..\RunOnce: [(4) HWRestore] C:\Sage\KHK\Handwerk\HWRESTORE.EXE (Sage KHK Software GmbH&Co.KG) O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\QLINK.lnk = C:\program files\Lexmark Applications\QLink\QLINK.EXE (Lexmark) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EFD5704-5D07-4B54-8B2A-420BB016F3DE}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.04.30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Unable to start System Restore Service. Error code 10 ========== Files/Folders - Created Within 30 Days ========== [2013.05.17 02:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2013.05.17 01:56:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.05.17 01:56:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.05.17 01:56:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.05.17 01:56:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.05.17 01:53:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.17 01:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.05.15 00:52:43 | 000,000,000 | ---D | C] -- C:\FRST [2013.05.14 01:23:25 | 000,000,000 | ---D | C] -- C:\Wiederhergestellte Dateien 13-05-13 [2013.05.12 21:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2013.05.04 20:32:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2013.05.04 20:31:25 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe [2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe ========== Files - Modified Within 30 Days ========== [2013.05.17 02:15:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.05.17 01:53:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.17 01:52:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.17 01:48:23 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk [2013.05.17 01:48:19 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.05.17 01:33:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013.05.17 01:17:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2013.05.17 01:03:39 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.17 00:41:21 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.05.16 01:12:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Kein Protokoll [2013.05.13 00:54:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.05.12 01:06:24 | 000,008,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB [2013.05.12 01:06:24 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB [2013.05.04 20:32:03 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.05.04 20:17:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.04.25 23:24:42 | 000,471,880 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.04.25 23:24:42 | 000,451,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.04.25 23:24:42 | 000,090,282 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.04.25 23:24:42 | 000,075,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat ========== Files Created - No Company Name ========== [2013.05.17 01:56:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.05.17 01:56:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.05.17 01:56:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.05.17 01:56:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.05.17 01:56:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.05.12 00:08:10 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB [2013.05.12 00:07:51 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB [2013.05.04 20:32:03 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.02.26 01:31:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2013.02.26 01:31:44 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2013.02.26 01:31:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc [2012.10.15 21:25:03 | 000,124,792 | ---- | C] () -- C:\WINDOWS\Wiainst.exe [2012.10.15 21:24:54 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2012.10.15 21:24:54 | 000,145,408 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2012.10.15 21:23:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssa3mlm.dll [2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Programme\readme.html [2012.07.27 22:24:16 | 000,006,854 | RHS- | C] () -- C:\WINDOWS\innova3.ini [2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Programme\basis-link [2012.02.14 21:02:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.20 01:07:43 | 000,028,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.12.19 10:53:34 | 076,004,920 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exe2323iw.dat [2011.10.13 00:51:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009.05.20 22:57:46 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2009.05.20 22:57:46 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2009.05.20 22:57:46 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2009.05.20 05:36:08 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.04.27 12:04:04 | 140,387,075 | ---- | C] () -- C:\Programme\openofficeorg1.cab [2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Programme\openofficeorg31.msi [2009.04.27 06:43:50 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini ========== ZeroAccess Check ========== [2009.05.20 05:35:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.21 21:06:28 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.02.12 21:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ACD Systems [2010.05.01 23:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon [2009.08.08 13:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Datalayer [2013.03.11 01:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular [2010.09.15 23:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ! [2010.09.15 22:59:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!fax für FRITZ!Box [2011.12.18 02:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HandBrake [2012.07.27 22:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\innoplus [2009.08.23 11:28:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2009.08.02 19:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia [2009.08.02 20:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia Multimedia Player [2009.05.21 18:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org [2012.06.14 00:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle [2009.08.02 19:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite [2012.04.07 15:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi [2009.05.21 03:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView [2013.02.26 01:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung [2012.08.21 09:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2010.10.16 13:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird [2011.05.08 21:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems [2012.03.16 12:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\YouTube Downloader [2013.05.04 20:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2011.02.12 21:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2012.11.21 23:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask [2009.08.02 18:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2010.11.10 23:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender [2013.03.11 01:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2010.01.20 14:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2012.07.27 22:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\innoplus [2010.09.15 22:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch [2009.08.02 19:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012.02.25 11:42:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi [2013.02.26 01:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2011.05.08 20:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2011.05.08 21:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2012.03.05 17:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader [2011.12.18 01:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.09.01 21:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.05.21 20:43:40 | 000,000,000 | ---D | M] -- C:\70SP4 [2012.05.11 03:01:16 | 000,000,000 | ---D | M] -- C:\9f7803ddae81aabb78e04f476cd8feaa [2009.07.12 11:35:58 | 000,000,000 | ---D | M] -- C:\Banking [2009.05.20 05:44:07 | 000,000,000 | ---D | M] -- C:\Compaq [2013.05.04 20:32:50 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009.05.20 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.04.08 21:16:51 | 000,000,000 | ---D | M] -- C:\Downloads [2009.08.14 23:19:30 | 000,000,000 | ---D | M] -- C:\e322ecf43298eabf7fb898a4 [2011.01.11 00:05:18 | 000,000,000 | ---D | M] -- C:\Endisch Dokumente [2012.01.22 19:48:42 | 000,000,000 | ---D | M] -- C:\FBBM [2013.05.12 00:06:46 | 000,000,000 | ---D | M] -- C:\Firma Doll [2009.05.21 19:58:28 | 000,000,000 | ---D | M] -- C:\Fotos [2013.05.15 00:52:43 | 000,000,000 | ---D | M] -- C:\FRST [2009.05.20 05:44:14 | 000,000,000 | ---D | M] -- C:\fslrdr [2009.05.20 05:44:42 | 000,000,000 | ---D | M] -- C:\hp [2011.11.04 20:36:41 | 000,000,000 | ---D | M] -- C:\Häuser [2009.05.20 14:26:48 | 000,000,000 | ---D | M] -- C:\i386 [2010.11.10 23:38:43 | 000,000,000 | ---D | M] -- C:\lexmark [2013.04.28 16:50:21 | 000,000,000 | ---D | M] -- C:\Private Dokumente Hans [2010.11.10 23:39:53 | 000,000,000 | ---D | M] -- C:\program files [2013.05.17 02:15:04 | 000,000,000 | R--D | M] -- C:\Programme [2012.06.27 21:55:42 | 000,000,000 | ---D | M] -- C:\QLINK [2013.05.17 02:16:59 | 000,000,000 | ---D | M] -- C:\Qoobox [2009.05.21 20:24:36 | 000,000,000 | ---D | M] -- C:\Sage [2012.02.06 00:56:05 | 000,000,000 | ---D | M] -- C:\spoolerlogs [2009.05.20 17:53:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.05.20 17:53:18 | 000,000,000 | ---D | M] -- C:\system.sav [2012.01.05 02:05:57 | 000,000,000 | ---D | M] -- C:\temp [2013.05.14 01:27:40 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 13-05-13 [2009.05.21 19:57:33 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 21-05-09 [2013.05.17 02:16:59 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2002.03.11 10:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsia.exe [2002.03.11 11:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsiw.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.05.16 16:27:22 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2006.05.16 16:27:22 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2009.09.01 20:59:29 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2011.04.24 23:13:05 | 000,001,100 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2011.04.24 23:13:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2012.10.15 21:34:52 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [2013.02.20 23:33:49 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job < MD5 for: AGP440.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: AHCIX86.SYS > [2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys [2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys < MD5 for: ATAPI.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 09:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 09:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\erdnt\cache\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 09:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVGTS.SYS > [2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys [2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 09:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 09:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 09:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 09:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.05.05 07:27:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.05.05 07:27:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.05.05 07:27:28 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.05.17 01:51:51 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2013.05.17 21:46:58 | 001,028,096 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG [2013.05.17 01:51:51 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.03.02 03:57:39 | 001,867,392 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.05.2013 21:47:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 82,49% Memory free
3,73 Gb Paging File | 3,65 Gb Available in Paging File | 97,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 6,29 Gb Free Space | 4,59% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,75% Space Free | Partition Type: FAT32
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Programme\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\FRITZ!\igd_finder.exe" = C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe -- ()
"C:\Programme\FRITZ!\FriFax32.exe" = C:\Programme\FRITZ!\FriFax32.exe:*:Enabled:FRITZ!fax -- (AVM Berlin)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe" = C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe:*:Enabled:Samsung Scanner Discovery Module V2 -- ()
"C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe" = C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()
"C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe" = C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe" = C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe" = C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe" = C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC -- ()
"C:\Programme\Scan Assistant\USDAgent.exe" = C:\Programme\Scan Assistant\USDAgent.exe:*:Enabled:Samsung Scan Assistant - USDAgent.exe -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe:LocalSubNet:Enabled:Samsung Network PC Fax Monitor -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1EA84402-CD4F-4F19-AFED-C5C228259873}" = G DATA AntiVirus
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D0C290B-B527-11D3-8B9B-006097833640}" = Handwerk
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880A0DCF-E8C2-11D9-AAFD-0050BA1ACA6F}" = QLink
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F018BFDC-1ED3-4399-9009-4E1604BF2510}" = innoPlus bad
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"ElsterFormular" = ElsterFormular
"EOS Utility" = Canon Utilities EOS Utility
"HandBrake" = HandBrake 0.9.5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PDF Complete" = PDF Complete
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Ravensburger tiptoi" = Ravensburger tiptoi
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-472x Series" = Samsung SCX-472x Series
"sv.net" = sv.net
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Win-CASA 6" = Win-CASA 6
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 16.05.2013 19:44:48 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 16.05.2013 19:44:48 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 16.05.2013 19:48:29 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32031
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32031
[ System Events ]
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AmdK8 Fips i8042prt IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
Error - 17.05.2013 15:39:35 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 17.05.2013 15:42:40 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 17.05.2013 15:50:55 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
|
|
17.05.2013, 21:02
| #12 |
| /// Malware-holic | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner bitte aus dem abgesicherten Modus im betroffenen account
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.05.2013, 21:06
| #13 |
| | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner Hab ich das richtig verstanden: Abgesicherten Modus verlassen und im abges. Modus mit Eingabeaufforderung weitermachen ? |
|
17.05.2013, 21:16
| #14 |
| /// Malware-holic | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner laut dem log ist keine Malware aktiv, deswegen im abgesicherten modus den infizierten nutzer wählen und erneut scannen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.05.2013, 21:41
| #15 |
| | Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner Im abgesicherten Modus kann ich beim Anmelden keinen Nutzer wählen, wie beim normalen Windows-Start. Es gibt allerdings sowieso nur den Administrator. logs, die dritte: Code:
ATTFilter OTL logfile created on: 17.05.2013 22:30:36 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 86,73% Memory free 3,73 Gb Paging File | 3,67 Gb Available in Paging File | 98,40% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 137,04 Gb Total Space | 6,30 Gb Free Space | 4,60% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,67% Space Free | Partition Type: NTFS Drive F: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,75% Space Free | Partition Type: FAT32 Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.15 01:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013.05.17 01:03:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.13 10:20:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.15 00:50:23 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.06.20 09:19:11 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server) SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.10.29 09:03:16 | 001,089,608 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2008.09.08 09:46:56 | 001,185,496 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2008.08.19 16:20:50 | 000,386,120 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2008.04.07 07:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2003.07.02 09:36:54 | 000,516,096 | ---- | M] (Sage KHK Software) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe -- (LiveUpdateInstaller) SRV - [2002.12.17 16:55:12 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SRV - [2002.12.17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2011.04.05 13:31:50 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT) DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.05.27 07:29:56 | 000,068,424 | ---- | M] (G DATA Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD) DRV - [2009.05.21 20:36:48 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2009.05.21 12:43:53 | 000,048,712 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2009.05.21 12:43:47 | 000,032,328 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2008.07.11 14:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX) DRV - [2007.11.06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.07.30 14:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007.07.30 14:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007.05.04 14:40:22 | 000,215,040 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic) DRV - [2004.08.17 05:44:22 | 000,091,263 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b) DRV - [2004.08.04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004.08.04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004.08.04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004.08.04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004.08.04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004.08.04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004.08.04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004.08.04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004.08.04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004.08.04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004.08.04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004.08.04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004.08.04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004.08.04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004.08.04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2002.04.04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=51D33A1B-5494-4753-BB99-A16A296559A6&apn_sauid=EAABA731-5486-4EA9-BE11-A5DC56130D49 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.13 10:20:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.16 08:47:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.04.03 11:04:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.10.16 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.03.21 23:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0pmdo0bb.default\extensions [2013.04.26 07:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions [2013.04.26 07:06:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\support@lastpass.com [2013.02.20 23:33:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\toolbar@ask.com [2012.02.17 22:21:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pm2lbhgz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013.04.13 10:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.13 10:20:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.13 10:20:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.17 09:55:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 20:16:49 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.17 09:55:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.17 09:55:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.17 09:55:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.17 09:55:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.17 02:15:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin) O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro) O4 - HKLM..\Run: [CDAServer] C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe () O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software AG) O4 - HKLM..\Run: [innoplus_update] C:\Programme\innoPlus\innoplus_bad\bin\dataupdate.exe (INNOVA-engineering GmbH Dresden) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe () O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKLM..\RunOnce: [(4) HWRestore] C:\Sage\KHK\Handwerk\HWRESTORE.EXE (Sage KHK Software GmbH&Co.KG) O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\QLINK.lnk = C:\program files\Lexmark Applications\QLink\QLINK.EXE (Lexmark) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EFD5704-5D07-4B54-8B2A-420BB016F3DE}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.04.30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Unable to start System Restore Service. Error code 10 ========== Files/Folders - Created Within 30 Days ========== [2013.05.17 02:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2013.05.17 01:56:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.05.17 01:56:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.05.17 01:56:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.05.17 01:56:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.05.17 01:53:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.17 01:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.05.15 00:52:43 | 000,000,000 | ---D | C] -- C:\FRST [2013.05.14 01:23:25 | 000,000,000 | ---D | C] -- C:\Wiederhergestellte Dateien 13-05-13 [2013.05.12 21:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2013.05.04 20:32:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2013.05.04 20:31:25 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2013.05.04 20:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe [2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe ========== Files - Modified Within 30 Days ========== [2013.05.17 22:22:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.17 22:22:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.17 02:15:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.05.17 01:48:23 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk [2013.05.17 01:48:19 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.05.17 01:33:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013.05.17 01:17:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2013.05.17 01:03:39 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.17 00:41:21 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.05.16 01:12:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Kein Protokoll [2013.05.13 00:54:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.05.12 01:06:24 | 000,008,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB [2013.05.12 01:06:24 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB [2013.05.04 20:32:03 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.05.04 20:17:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.04.25 23:24:42 | 000,471,880 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.04.25 23:24:42 | 000,451,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.04.25 23:24:42 | 000,090,282 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.04.25 23:24:42 | 000,075,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat ========== Files Created - No Company Name ========== [2013.05.17 01:56:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.05.17 01:56:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.05.17 01:56:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.05.17 01:56:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.05.17 01:56:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.05.12 00:08:10 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ122.DB [2013.05.12 00:07:51 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\_QSQ92.DB [2013.05.04 20:32:03 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.02.26 01:31:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2013.02.26 01:31:44 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2013.02.26 01:31:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc [2012.10.15 21:25:03 | 000,124,792 | ---- | C] () -- C:\WINDOWS\Wiainst.exe [2012.10.15 21:24:54 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2012.10.15 21:24:54 | 000,145,408 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2012.10.15 21:23:25 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssa3mlm.dll [2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Programme\readme.html [2012.07.27 22:24:16 | 000,006,854 | RHS- | C] () -- C:\WINDOWS\innova3.ini [2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Programme\basis-link [2012.02.14 21:02:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.20 01:07:43 | 000,028,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.12.19 10:53:34 | 076,004,920 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exe2323iw.dat [2011.10.13 00:51:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009.05.20 22:57:46 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2009.05.20 22:57:46 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2009.05.20 22:57:46 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2009.05.20 05:36:08 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.04.27 12:04:04 | 140,387,075 | ---- | C] () -- C:\Programme\openofficeorg1.cab [2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Programme\openofficeorg31.msi [2009.04.27 06:43:50 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini ========== ZeroAccess Check ========== [2009.05.20 05:35:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.21 21:06:28 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.02.12 21:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ACD Systems [2010.05.01 23:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon [2009.08.08 13:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Datalayer [2013.03.11 01:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular [2010.09.15 23:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ! [2010.09.15 22:59:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FRITZ!fax für FRITZ!Box [2011.12.18 02:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HandBrake [2012.07.27 22:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\innoplus [2009.08.23 11:28:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2009.08.02 19:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia [2009.08.02 20:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia Multimedia Player [2009.05.21 18:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org [2012.06.14 00:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle [2009.08.02 19:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite [2012.04.07 15:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi [2009.05.21 03:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView [2013.02.26 01:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung [2012.08.21 09:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2010.10.16 13:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird [2011.05.08 21:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems [2012.03.16 12:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\YouTube Downloader [2013.05.04 20:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2011.02.12 21:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2012.11.21 23:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask [2009.08.02 18:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2010.11.10 23:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender [2013.03.11 01:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2010.01.20 14:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2012.07.27 22:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\innoplus [2010.09.15 22:59:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch [2009.08.02 19:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012.02.25 11:42:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi [2013.02.26 01:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2011.05.08 20:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2011.05.08 21:00:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2012.03.05 17:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader [2011.12.18 01:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.09.01 21:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.05.21 20:43:40 | 000,000,000 | ---D | M] -- C:\70SP4 [2012.05.11 03:01:16 | 000,000,000 | ---D | M] -- C:\9f7803ddae81aabb78e04f476cd8feaa [2009.07.12 11:35:58 | 000,000,000 | ---D | M] -- C:\Banking [2009.05.20 05:44:07 | 000,000,000 | ---D | M] -- C:\Compaq [2013.05.04 20:32:50 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009.05.20 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.04.08 21:16:51 | 000,000,000 | ---D | M] -- C:\Downloads [2009.08.14 23:19:30 | 000,000,000 | ---D | M] -- C:\e322ecf43298eabf7fb898a4 [2011.01.11 00:05:18 | 000,000,000 | ---D | M] -- C:\Endisch Dokumente [2012.01.22 19:48:42 | 000,000,000 | ---D | M] -- C:\FBBM [2013.05.12 00:06:46 | 000,000,000 | ---D | M] -- C:\Firma Doll [2009.05.21 19:58:28 | 000,000,000 | ---D | M] -- C:\Fotos [2013.05.15 00:52:43 | 000,000,000 | ---D | M] -- C:\FRST [2009.05.20 05:44:14 | 000,000,000 | ---D | M] -- C:\fslrdr [2009.05.20 05:44:42 | 000,000,000 | ---D | M] -- C:\hp [2011.11.04 20:36:41 | 000,000,000 | ---D | M] -- C:\Häuser [2009.05.20 14:26:48 | 000,000,000 | ---D | M] -- C:\i386 [2010.11.10 23:38:43 | 000,000,000 | ---D | M] -- C:\lexmark [2013.04.28 16:50:21 | 000,000,000 | ---D | M] -- C:\Private Dokumente Hans [2010.11.10 23:39:53 | 000,000,000 | ---D | M] -- C:\program files [2013.05.17 02:15:04 | 000,000,000 | R--D | M] -- C:\Programme [2012.06.27 21:55:42 | 000,000,000 | ---D | M] -- C:\QLINK [2013.05.17 02:16:59 | 000,000,000 | ---D | M] -- C:\Qoobox [2009.05.21 20:24:36 | 000,000,000 | ---D | M] -- C:\Sage [2012.02.06 00:56:05 | 000,000,000 | ---D | M] -- C:\spoolerlogs [2009.05.20 17:53:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.05.20 17:53:18 | 000,000,000 | ---D | M] -- C:\system.sav [2012.01.05 02:05:57 | 000,000,000 | ---D | M] -- C:\temp [2013.05.14 01:27:40 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 13-05-13 [2009.05.21 19:57:33 | 000,000,000 | ---D | M] -- C:\Wiederhergestellte Dateien 21-05-09 [2013.05.17 02:16:59 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2002.03.11 10:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsia.exe [2002.03.11 11:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\instmsiw.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.05.16 16:27:22 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2006.05.16 16:27:22 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2009.09.01 20:59:29 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2011.04.24 23:13:05 | 000,001,100 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2011.04.24 23:13:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2012.10.15 21:34:52 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [2013.02.20 23:33:49 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job < MD5 for: AGP440.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: AHCIX86.SYS > [2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys [2007.10.26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys < MD5 for: ATAPI.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2006.02.28 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2011.02.16 21:03:14 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 09:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 09:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\erdnt\cache\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 09:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVGTS.SYS > [2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys [2007.12.13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 09:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 09:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 09:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 09:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.05.05 07:27:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.05.05 07:27:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.05.05 07:27:28 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.05.17 22:21:08 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2013.05.17 22:24:52 | 000,180,224 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG [2013.05.17 22:21:08 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.03.02 03:57:39 | 001,867,392 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.05.2013 21:47:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 82,49% Memory free
3,73 Gb Paging File | 3,65 Gb Available in Paging File | 97,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 6,29 Gb Free Space | 4,59% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 1,64 Gb Free Space | 13,67% Space Free | Partition Type: NTFS
Drive F: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,75% Space Free | Partition Type: FAT32
Computer Name: COMPUTERHANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Programme\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\FRITZ!\igd_finder.exe" = C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe -- ()
"C:\Programme\FRITZ!\FriFax32.exe" = C:\Programme\FRITZ!\FriFax32.exe:*:Enabled:FRITZ!fax -- (AVM Berlin)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe" = C:\WINDOWS\twain_32\Samsung\SCX472x\SCNSearch\USDAgent.exe:*:Enabled:Samsung Scanner Discovery Module V2 -- ()
"C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe" = C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()
"C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe" = C:\Programme\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe" = C:\Programme\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe" = C:\Programme\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe" = C:\Programme\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC -- ()
"C:\Programme\Scan Assistant\USDAgent.exe" = C:\Programme\Scan Assistant\USDAgent.exe:*:Enabled:Samsung Scan Assistant - USDAgent.exe -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxMon.exe:LocalSubNet:Enabled:Samsung Network PC Fax Monitor -- (Samsung Electronics Co., Ltd.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1EA84402-CD4F-4F19-AFED-C5C228259873}" = G DATA AntiVirus
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D0C290B-B527-11D3-8B9B-006097833640}" = Handwerk
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880A0DCF-E8C2-11D9-AAFD-0050BA1ACA6F}" = QLink
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F018BFDC-1ED3-4399-9009-4E1604BF2510}" = innoPlus bad
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"ElsterFormular" = ElsterFormular
"EOS Utility" = Canon Utilities EOS Utility
"HandBrake" = HandBrake 0.9.5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PDF Complete" = PDF Complete
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Ravensburger tiptoi" = Ravensburger tiptoi
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-472x Series" = Samsung SCX-472x Series
"sv.net" = sv.net
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Win-CASA 6" = Win-CASA 6
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 16.05.2013 19:44:47 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 16.05.2013 19:44:48 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 16.05.2013 19:44:48 | Computer Name = COMPUTERHANS | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 16.05.2013 19:48:29 | Computer Name = COMPUTERHANS | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32031
Error - 16.05.2013 19:49:28 | Computer Name = COMPUTERHANS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32031
[ System Events ]
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.05.2013 19:54:33 | Computer Name = COMPUTERHANS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AmdK8 Fips i8042prt IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
Error - 17.05.2013 15:39:35 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 17.05.2013 15:42:40 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 17.05.2013 15:50:55 | Computer Name = COMPUTERHANS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
|
|
| Themen zu Weisser Bildschirm nach Anmeldung Windows XP, GVU-Trojaner |
| administrator, adobe, antivirus, bildschirm, bonjour, canon, desktop, dll, dsl, einstellungen, error, explorer, farbar, farbar recovery scan tool, fehler, flash player, frst.exe, fslx.sys, google earth, gvu-trojaner windowsxp, launch, mozilla, nvidia, plug-in, realtek, recycle.bin, refresh, registry, rundll, security, software, stick, temp, usb, version=1.0, weisser bildschirm, windows, windows xp |
WARNUNG an die MITLESER: 
Linear-Darstellung
