GVU-Trojaner: Ich kann noch nicht mal von CD/USB starten

markusg · 05.08.2013, 16:25

komisch laut log ist sie nicht mehr aktiv.
1. starte neu, drücke f8 wähle letzte ekannte funktionierene Konfiguration starten.
wenn das funktioniert, tdss killer und combofix ausführen.
wenn nicht, trenne die lan bzw wlan verbindung, also Netzwerkkabel raus bzw WLAN aus, starte dann normal den PC, der sperrbildschirm sollte nicht mehr zu sehen sein.
konfiguriere beide PC's so, dass kein Autorou mehr ausgeführt wird, diese Einstellung sollte auch so bleiben, da sicherer.
http://www.trojaner-board.de/83238-a...sschalten.html

aus post6:
winmgmt.reg
ausführen, dann Combofix.
Danach sollte das Internet wieder gehen.
Dann TDSS Killer, beide Logs und Erfolgsmeldungen gleichzeitig posten

Newjoe · 05.08.2013, 16:51

Der Rechner hängt die ganze Zeit nicht im Netz ... ist das das Problem?

Der Sperrbildschirm kommt auch nach "f8 - letzte erkannte funktionierende Konfiguration" noch ...

markusg · 05.08.2013, 17:10

Versuch noch mal folgenes:
Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\DOKUME~1\ALLUSE~1\ANWEND~1\zdv4b.dat

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

gleich den normalen Modus testen nach Fix.

Newjoe · 05.08.2013, 17:30

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-06-2013 02
Ran by SYSTEM at 2013-08-05 18:19:56 Run:2
Running from E:\
Boot Mode: Recovery

==============================================

C:\DOKUME~1\ALLUSE~1\ANWEND~1\zdv4b.dat => File/Directory not found.

==== End of Fixlog ====

markusg · 05.08.2013, 17:36

geht der normale Modus

Newjoe · 05.08.2013, 17:41

Sperrbildschirm kommt immer noch

markusg · 05.08.2013, 18:26

Du verwendest eine alte FRST Version, bitte lösch deine, lad sie neu runter, scanne bitte.

Newjoe · 06.08.2013, 09:33

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-08-2013
Ran by SYSTEM on 06-08-2013 10:22:18
Running from F:\
Microsoft Windows XP Service Pack 2 (X86) OS Language: Georgian
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [77824 2005-01-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AGRSMMSG] - C:\Windows\AGRSMMSG.exe [88361 2004-07-22] (Agere Systems)
HKLM\...\Run: [Home Theater SchSvr] - C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe [106496 2005-02-15] (InterVideo Inc.)
HKLM\...\Run: [WINCINEMAMGR] - C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe [233472 2005-02-15] (InterVideo Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [172032 2004-06-26] (HP)
HKLM\...\Run: [LWS] - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [avgnt] - C:\Programme\Avira\AntiVir Desktop\avgnt.exe [281768 2011-01-10] (Avira GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [ToolboxFX] - C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-04-16] (Hewlett-Packard Company)
HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll ()
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [136360 2011-04-28] (Avira GmbH)
S2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [269480 2011-06-28] (Avira GmbH)
S2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008 2012-12-21] (Apple Inc.)
S2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
S2 HP LaserJet Service; C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP)
S3 HP Port Resolver; C:\WINDOWS\system32\hpbpro.exe [77824 2004-03-01] (Hewlett-Packard Company)
S3 HP Status Server; C:\WINDOWS\system32\hpboid.exe [73728 2004-03-01] (Hewlett-Packard Company)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation)
S3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [553288 2013-02-20] (Apple Inc.)
S2 LVPrcSrv; C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe [162648 2010-05-07] (Logitech Inc.)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [160944 2012-11-09] (Skype Technologies)
S2 TomTomHOMEService; C:\Programme\TomTom HOME 2\TomTomHOMEService.exe [92008 2009-11-13] (TomTom)
S2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
S2 winmgmt; C:\DOKUME~1\ALLUSE~1\ANWEND~1\zdv4b.dat [x]

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2310272 2005-01-28] (Realtek Semiconductor Corp.)
S1 avgio; C:\Programme\Avira\AntiVir Desktop\avgio.sys [11608 2010-06-17] (Avira GmbH)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-06-28] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-06-28] (Avira GmbH)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [752093 2004-09-30] (Intel Corporation)
S3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [10752 2003-12-25] (InterVideo, Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 M2500; C:\Windows\System32\DRIVERS\M2500.sys [191360 2003-06-18] (Ralink Technology Inc.)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [x]
S4 IntelIde; No ImagePath
S3 NAVAP; \??\C:\Programme\NavNT\NAVAP.sys [x]
S3 PCANDIS5; \??\C:\WINDOWS\System32\PCANDIS5.SYS [x]
S1 SASDIFSV; \??\C:\WINDOWS\TEMP\SAS_SelfExtract\SASDIFSV.SYS [x]
S1 SASKUTIL; \??\C:\WINDOWS\TEMP\SAS_SelfExtract\SASKUTIL.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2

==================== One Month Modified Files and Folders =======

2013-08-05 16:47 - 2012-03-13 13:45 - 01190903 _____ C:\Windows\WindowsUpdate.log
2013-08-05 16:40 - 2012-03-13 13:48 - 00000159 _____ C:\Windows\wiadebug.log
2013-08-05 16:39 - 2012-03-13 13:47 - 00000050 _____ C:\Windows\wiaservc.log
2013-08-05 16:39 - 2010-12-20 17:28 - 00000000 ____D C:\Windows\System32\logishrd
2013-08-05 16:38 - 2003-04-02 12:00 - 00002422 _____ C:\Windows\System32\wpa.dbl
2013-08-05 15:44 - 2005-09-18 07:30 - 00000000 ___RD C:\Programme
2013-08-05 15:39 - 2005-09-18 08:28 - 00000337 __RSH C:\boot.ini
2013-08-05 11:26 - 2013-07-31 15:49 - 00000000 ____D C:\FRST
2013-07-31 10:02 - 2012-03-13 13:47 - 00032424 _____ C:\Windows\SchedLgU.Txt
2013-07-23 15:03 - 2012-03-17 17:46 - 00000191 _____ C:\Windows\setupact.log
2013-07-23 15:03 - 2012-03-17 17:12 - 00049470 _____ C:\Windows\setupapi.log

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2003-04-02 12:00] - [2008-04-14 02:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e 

C:\Windows\System32\winlogon.exe
[2003-04-02 12:00] - [2008-04-14 02:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a 

C:\Windows\System32\svchost.exe
[2003-04-02 12:00] - [2008-04-14 02:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 

C:\Windows\System32\services.exe
[2003-04-02 12:00] - [2009-02-09 11:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc 

C:\Windows\System32\User32.dll
[2003-04-02 12:00] - [2008-04-14 02:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd 

C:\Windows\System32\userinit.exe
[2003-04-02 12:00] - [2008-04-14 02:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 

C:\Windows\System32\Drivers\volsnap.sys
[2003-04-02 12:00] - [2008-04-14 01:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d 


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 991.48 MB
Available physical RAM: 543.68 MB
Total Pagefile: 882.86 MB
Available Pagefile: 574.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1991.82 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.24 GB) (Free:0.18 GB) FAT
Drive c: (System) (Fixed) (Total:78.13 GB) (Free:55.33 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (HITMANPRO) (Removable) (Total:7.35 GB) (Free:7.35 GB) FAT32
Drive g: (Daten) (Fixed) (Total:66.41 GB) (Free:14.68 GB) NTFS
Drive x: (UBCD4Windows) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: F5B6F5B6)
Partition 1: (Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=66 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=204 MB) - (Type=88)

========================================================
Disk: 3 (Size: 7 GB) (Disk ID: 7A8FF834)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

--- --- ---

markusg · 06.08.2013, 13:38

Das geht immernoch nicht.
Versuchen wir das:
kommst du an nen pc mit brenner?
download:
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die

Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe

• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

Newjoe · 08.08.2013, 14:21

Bin mir jetzt nicht sicher was du mit ORDNER und BEIDEN logs meinst. Ich habe nur die otl.txt und die lag nicht in einem Ordner, sondern direkt auf C

hier ist sie:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 8/8/2013 3:55:12 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
991.00 Mb Total Physical Memory | 782.00 Mb Available Physical Memory | 79.00% Memory free
883.00 Mb Paging File | 819.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): D:\pagefile.sys 2976 2976 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78.13 Gb Total Space | 55.33 Gb Free Space | 70.82% Space Free | Partition Type: NTFS
Drive F: | 66.41 Gb Total Space | 14.68 Gb Free Space | 22.11% Space Free | Partition Type: NTFS
Drive G: | 7.35 Gb Total Space | 7.35 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (winmgmt)
SRV - [2013/06/21 12:35:51 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/21 11:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/11/09 06:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/28 13:38:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 11:37:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/05/07 13:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/04/12 03:13:08 | 000,142,336 | ---- | M] (HP) [Auto] -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/01 11:40:52 | 000,077,824 | ---- | M] (Hewlett-Packard Company) [On_Demand] -- C:\WINDOWS\system32\hpbpro.exe -- (HP Port Resolver)
SRV - [2004/03/01 11:40:52 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand] -- C:\WINDOWS\system32\hpboid.exe -- (HP Status Server)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | System] --  -- (SASKUTIL)
DRV - File not found [Kernel | System] --  -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand] --  -- (PCANDIS5)
DRV - File not found [Kernel | On_Demand] --  -- (NAVAP)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (GMSIPCI)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2011/06/28 13:38:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 13:38:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/09 22:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2010/11/09 22:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 09:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/07 13:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/07/24 10:05:00 | 000,005,632 | ---- | M] () [File_System | System] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/08/30 11:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 11:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 11:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/01/28 05:48:58 | 002,310,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004/07/22 02:50:16 | 001,268,234 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/06/18 01:33:00 | 000,191,360 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M2500.sys -- (M2500)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Heinz_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Heinz_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Heinz_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Heinz_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Heinz_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Heinz_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Heinz_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Heinz\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Heinz\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
[2010/04/18 12:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\mozilla\Extensions
[2010/04/18 12:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\mozilla\Extensions\home2@tomtom.com
[2010/04/18 13:15:11 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAMME\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
O1 HOSTS File: ([2011/03/08 04:14:41 | 000,430,702 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14825 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Heinz_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Home Theater SchSvr] C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [LWS] C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToolboxFX] C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [WINCINEMAMGR] C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - HKU\Heinz_ON_C..\Run: [Gratree] C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Packfree\torhelp.exe ()
O4 - HKU\Heinz_ON_C..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Dokumente und Einstellungen\Heinz\Startmenü\Programme\Autostart\regmonstd.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Heinz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127058505516 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165066433446 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/18 02:46:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a14e4d62-4b04-11df-a42b-001109138648}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: winmgmt -  File not found
 
MsConfig - Services: "Norton AntiVirus Server"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe - (Adobe Systems Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/05 11:35:42 | 005,100,219 | R--- | C] (Swearware) -- C:\Programme\ComboFix.exe
[2013/07/31 11:49:46 | 000,000,000 | ---D | C] -- C:\FRST
[2011/03/08 09:52:42 | 080,450,344 | ---- | C] (Apple Inc.) -- C:\Programme\iTunesSetup.exe
[2011/03/08 09:51:17 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Programme\QuickTimeInstaller.exe
[2011/03/08 09:43:43 | 016,525,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Programme\jre-6u24-windows-i586.exe
[2011/03/08 09:41:57 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Programme\SkypeSetup.exe
[2011/03/08 09:41:18 | 001,247,568 | ---- | C] (Microsoft Corporation) -- C:\Programme\wlsetup-custom.exe
[2011/03/08 09:39:57 | 001,474,048 | ---- | C] (Irfan Skiljan) -- C:\Programme\iview428_setup.exe
[2011/03/07 07:10:36 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup304.exe
[2011/03/07 07:10:36 | 002,871,968 | ---- | C] (Adobe Systems, Inc.) -- C:\Programme\install_flash_player_ax.exe
[2011/03/07 07:10:35 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Programme\install_flash_player.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/05 12:39:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/05 12:38:58 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/05 12:38:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/05 11:39:40 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2013/08/05 11:36:18 | 005,100,219 | R--- | M] (Swearware) -- C:\Programme\ComboFix.exe
[2013/07/23 12:09:10 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1677128483-682003330-1003UA.job
[2013/07/23 06:19:10 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/23 05:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/04 15:03:27 | 000,114,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz\1189563.dll
[2012/03/09 12:30:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 12:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/09 09:57:48 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2011/10/09 09:57:48 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\hppfaxprinter5.ini
[2011/03/08 09:41:14 | 001,448,614 | ---- | C] () -- C:\Programme\wrar400.exe
[2011/03/08 05:24:29 | 000,013,335 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/07 07:51:56 | 049,849,560 | ---- | C] () -- C:\Programme\avira_antivir_personal611_de.exe
[2011/03/07 07:10:41 | 000,252,991 | ---- | C] () -- C:\Programme\FHSetup.exe
[2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 22:45:30 | 010,871,128 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 22:45:20 | 000,316,248 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/09 22:31:42 | 000,026,286 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 13:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 13:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/11/27 10:50:23 | 000,022,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/16 05:44:52 | 000,003,235 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/02/02 14:21:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/06/24 07:08:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2007/06/24 07:04:51 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/10/27 15:55:13 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/09 11:43:59 | 000,001,768 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2005/10/12 16:42:36 | 000,000,011 | ---- | C] () -- C:\WINDOWS\nextsteps.ini
[2005/10/03 08:23:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/28 03:48:54 | 000,004,326 | ---- | C] () -- C:\WINDOWS\hpdj6800.ini
[2005/09/28 03:48:39 | 000,001,564 | ---- | C] () -- C:\WINDOWS\hpf6800m.ini
[2005/09/18 12:31:40 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/09/18 12:31:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2005/09/18 11:31:53 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/18 11:05:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/18 11:05:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/18 11:05:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/18 11:05:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/18 11:05:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/18 11:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/18 11:03:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/18 10:39:15 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/09/18 10:39:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/09/18 03:30:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/18 03:29:56 | 000,134,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/18 02:48:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/18 02:43:45 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/17 11:02:56 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\Wlan.ini
[2003/04/02 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/02 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/04/02 08:00:00 | 000,452,774 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/02 08:00:00 | 000,435,870 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/02 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/04/02 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/04/02 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/04/02 08:00:00 | 000,081,600 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/02 08:00:00 | 000,068,766 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/02 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/04/02 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/04/02 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/04/02 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/04/02 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/04/02 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/24 01:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
 
========== LOP Check ==========
 
[2008/03/21 03:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\ConvertTemp
[2005/09/18 12:17:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\ICAClient
[2005/09/28 09:22:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\ICQLite
[2005/09/18 12:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\InterTrust
[2005/09/18 12:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Intervideo
[2010/12/20 13:29:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Leadertech
[2011/02/05 16:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Packfree
[2007/06/24 07:09:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Samsung
[2008/03/21 03:47:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Temporary
[2010/04/18 12:08:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\TomTom
[2008/03/21 03:47:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\TransRender
[2013/03/25 14:44:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2005/09/18 12:28:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo
[2010/04/18 14:58:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2010/10/16 11:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/20 14:59:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/02 14:40:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/03/08 09:56:58 | 000,000,000 | ---D | M] -- C:\7dc4b7554149bb94dc35c88d6bc8
[2013/06/21 11:51:01 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2005/09/18 02:58:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2013/08/05 07:26:16 | 000,000,000 | ---D | M] -- C:\FRST
[2005/09/18 11:21:35 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/10/09 09:57:48 | 000,000,000 | ---D | M] -- C:\Program Files
[2013/08/05 11:44:53 | 000,000,000 | R--D | M] -- C:\Programme
[2013/08/05 07:26:05 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/01/14 05:00:27 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2011/03/08 07:25:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2005/09/28 10:14:52 | 000,000,000 | ---D | M] -- C:\Temp
[2013/08/06 06:22:59 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2011/03/07 07:45:50 | 049,849,560 | ---- | M] () -- C:\Programme\avira_antivir_personal611_de.exe
[2011/02/24 10:33:58 | 003,033,192 | ---- | M] (Piriform Ltd) -- C:\Programme\ccsetup304.exe
[2013/08/05 11:36:18 | 005,100,219 | R--- | M] (Swearware) -- C:\Programme\ComboFix.exe
[2010/08/17 06:21:40 | 000,252,991 | ---- | M] () -- C:\Programme\FHSetup.exe
[2011/03/01 14:15:46 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\install_flash_player.exe
[2011/03/01 14:15:32 | 002,871,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\install_flash_player_ax.exe
[2011/03/08 09:53:06 | 080,450,344 | ---- | M] (Apple Inc.) -- C:\Programme\iTunesSetup.exe
[2011/03/08 09:40:03 | 001,474,048 | ---- | M] (Irfan Skiljan) -- C:\Programme\iview428_setup.exe
[2011/03/08 09:43:44 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\jre-6u24-windows-i586.exe
[2011/03/08 09:51:41 | 038,147,376 | ---- | M] (Apple Inc.) -- C:\Programme\QuickTimeInstaller.exe
[2011/03/08 09:42:12 | 001,029,000 | ---- | M] (Skype Technologies S.A.) -- C:\Programme\SkypeSetup.exe
[2011/03/08 09:41:30 | 001,247,568 | ---- | M] (Microsoft Corporation) -- C:\Programme\wlsetup-custom.exe
[2011/03/08 09:41:14 | 001,448,614 | ---- | M] () -- C:\Programme\wrar400.exe
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/03 19:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/11 06:26:41 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/03 19:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/11 06:26:41 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2003/04/02 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/03 19:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/11 06:26:41 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/03 19:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/11 06:26:41 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/04/02 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 18:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/08/03 18:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 18:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/03 18:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/03 18:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/03 18:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/03 18:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2003/04/02 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2003/04/02 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005/09/18 04:28:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/09/18 04:28:54 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/09/18 04:28:54 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2013/05/07 18:28:26 | 011,112,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2013/05/07 18:28:26 | 002,005,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2012/06/08 10:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
< End of report >

--- --- ---

markusg · 08.08.2013, 14:29

Hi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - Startup: C:\Dokumente und Einstellungen\Heinz\Startmenü\Programme\Autostart\regmonstd.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - HKU\Heinz_ON_C..\Run: [Gratree] C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Packfree\torhelp.exe ()
[2013/07/04 15:03:27 | 000,114,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz\1189563.dll
:Files
C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Packfree
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Newjoe · 08.08.2013, 15:33

Das sieht gut aus ... Der Rechner startet ohne Sperrbildschirm

Denkst du ich kann die Kiste jetzt gefahrlos in mein Netzwerk hängen um OS und Antivir abzudaten?
Die zweite Datei hab ich hochgeladen.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 8/8/2013 3:55:12 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
991.00 Mb Total Physical Memory | 782.00 Mb Available Physical Memory | 79.00% Memory free
883.00 Mb Paging File | 819.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): D:\pagefile.sys 2976 2976 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78.13 Gb Total Space | 55.33 Gb Free Space | 70.82% Space Free | Partition Type: NTFS
Drive F: | 66.41 Gb Total Space | 14.68 Gb Free Space | 22.11% Space Free | Partition Type: NTFS
Drive G: | 7.35 Gb Total Space | 7.35 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (winmgmt)
SRV - [2013/06/21 12:35:51 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/21 11:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/11/09 06:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/28 13:38:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 11:37:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/05/07 13:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/04/12 03:13:08 | 000,142,336 | ---- | M] (HP) [Auto] -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/01 11:40:52 | 000,077,824 | ---- | M] (Hewlett-Packard Company) [On_Demand] -- C:\WINDOWS\system32\hpbpro.exe -- (HP Port Resolver)
SRV - [2004/03/01 11:40:52 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand] -- C:\WINDOWS\system32\hpboid.exe -- (HP Status Server)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | System] --  -- (SASKUTIL)
DRV - File not found [Kernel | System] --  -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand] --  -- (PCANDIS5)
DRV - File not found [Kernel | On_Demand] --  -- (NAVAP)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (GMSIPCI)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2011/06/28 13:38:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 13:38:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/09 22:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2010/11/09 22:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 09:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/07 13:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/07/24 10:05:00 | 000,005,632 | ---- | M] () [File_System | System] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/08/30 11:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 11:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 11:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/01/28 05:48:58 | 002,310,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004/07/22 02:50:16 | 001,268,234 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/06/18 01:33:00 | 000,191,360 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M2500.sys -- (M2500)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Heinz_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Heinz_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Heinz_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Heinz_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Heinz_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Heinz_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Heinz_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Heinz\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Heinz\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
[2010/04/18 12:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\mozilla\Extensions
[2010/04/18 12:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\mozilla\Extensions\home2@tomtom.com
[2010/04/18 13:15:11 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAMME\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
O1 HOSTS File: ([2011/03/08 04:14:41 | 000,430,702 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14825 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Heinz_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Home Theater SchSvr] C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [LWS] C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToolboxFX] C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [WINCINEMAMGR] C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - HKU\Heinz_ON_C..\Run: [Gratree] C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Packfree\torhelp.exe ()
O4 - HKU\Heinz_ON_C..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Dokumente und Einstellungen\Heinz\Startmenü\Programme\Autostart\regmonstd.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Heinz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127058505516 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165066433446 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/18 02:46:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a14e4d62-4b04-11df-a42b-001109138648}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: winmgmt -  File not found
 
MsConfig - Services: "Norton AntiVirus Server"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe - (Adobe Systems Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/05 11:35:42 | 005,100,219 | R--- | C] (Swearware) -- C:\Programme\ComboFix.exe
[2013/07/31 11:49:46 | 000,000,000 | ---D | C] -- C:\FRST
[2011/03/08 09:52:42 | 080,450,344 | ---- | C] (Apple Inc.) -- C:\Programme\iTunesSetup.exe
[2011/03/08 09:51:17 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Programme\QuickTimeInstaller.exe
[2011/03/08 09:43:43 | 016,525,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Programme\jre-6u24-windows-i586.exe
[2011/03/08 09:41:57 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Programme\SkypeSetup.exe
[2011/03/08 09:41:18 | 001,247,568 | ---- | C] (Microsoft Corporation) -- C:\Programme\wlsetup-custom.exe
[2011/03/08 09:39:57 | 001,474,048 | ---- | C] (Irfan Skiljan) -- C:\Programme\iview428_setup.exe
[2011/03/07 07:10:36 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup304.exe
[2011/03/07 07:10:36 | 002,871,968 | ---- | C] (Adobe Systems, Inc.) -- C:\Programme\install_flash_player_ax.exe
[2011/03/07 07:10:35 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Programme\install_flash_player.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/05 12:39:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/05 12:38:58 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/05 12:38:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/05 11:39:40 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2013/08/05 11:36:18 | 005,100,219 | R--- | M] (Swearware) -- C:\Programme\ComboFix.exe
[2013/07/23 12:09:10 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1677128483-682003330-1003UA.job
[2013/07/23 06:19:10 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/23 05:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/04 15:03:27 | 000,114,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz\1189563.dll
[2012/03/09 12:30:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 12:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/09 09:57:48 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2011/10/09 09:57:48 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\hppfaxprinter5.ini
[2011/03/08 09:41:14 | 001,448,614 | ---- | C] () -- C:\Programme\wrar400.exe
[2011/03/08 05:24:29 | 000,013,335 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/07 07:51:56 | 049,849,560 | ---- | C] () -- C:\Programme\avira_antivir_personal611_de.exe
[2011/03/07 07:10:41 | 000,252,991 | ---- | C] () -- C:\Programme\FHSetup.exe
[2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 22:45:30 | 010,871,128 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 22:45:20 | 000,316,248 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/09 22:31:42 | 000,026,286 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 13:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 13:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/11/27 10:50:23 | 000,022,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/16 05:44:52 | 000,003,235 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/02/02 14:21:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/06/24 07:08:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2007/06/24 07:04:51 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/10/27 15:55:13 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Heinz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/09 11:43:59 | 000,001,768 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2005/10/12 16:42:36 | 000,000,011 | ---- | C] () -- C:\WINDOWS\nextsteps.ini
[2005/10/03 08:23:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/28 03:48:54 | 000,004,326 | ---- | C] () -- C:\WINDOWS\hpdj6800.ini
[2005/09/28 03:48:39 | 000,001,564 | ---- | C] () -- C:\WINDOWS\hpf6800m.ini
[2005/09/18 12:31:40 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/09/18 12:31:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2005/09/18 11:31:53 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/18 11:05:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/18 11:05:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/18 11:05:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/18 11:05:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/18 11:05:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/18 11:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/18 11:03:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/18 10:39:15 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/09/18 10:39:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/09/18 03:30:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/18 03:29:56 | 000,134,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/18 02:48:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/18 02:43:45 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/17 11:02:56 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\Wlan.ini
[2003/04/02 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/02 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/04/02 08:00:00 | 000,452,774 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/02 08:00:00 | 000,435,870 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/02 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/04/02 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/04/02 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/04/02 08:00:00 | 000,081,600 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/02 08:00:00 | 000,068,766 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/02 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/04/02 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/04/02 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/04/02 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/04/02 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/04/02 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/24 01:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
 
========== LOP Check ==========
 
[2008/03/21 03:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\ConvertTemp
[2005/09/18 12:17:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\ICAClient
[2005/09/28 09:22:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\ICQLite
[2005/09/18 12:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\InterTrust
[2005/09/18 12:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Intervideo
[2010/12/20 13:29:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Leadertech
[2011/02/05 16:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Packfree
[2007/06/24 07:09:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Samsung
[2008/03/21 03:47:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\Temporary
[2010/04/18 12:08:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\TomTom
[2008/03/21 03:47:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Heinz\Anwendungsdaten\TransRender
[2013/03/25 14:44:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2005/09/18 12:28:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo
[2010/04/18 14:58:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2010/10/16 11:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/20 14:59:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/02 14:40:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/03/08 09:56:58 | 000,000,000 | ---D | M] -- C:\7dc4b7554149bb94dc35c88d6bc8
[2013/06/21 11:51:01 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2005/09/18 02:58:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2013/08/05 07:26:16 | 000,000,000 | ---D | M] -- C:\FRST
[2005/09/18 11:21:35 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/10/09 09:57:48 | 000,000,000 | ---D | M] -- C:\Program Files
[2013/08/05 11:44:53 | 000,000,000 | R--D | M] -- C:\Programme
[2013/08/05 07:26:05 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/01/14 05:00:27 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2011/03/08 07:25:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2005/09/28 10:14:52 | 000,000,000 | ---D | M] -- C:\Temp
[2013/08/06 06:22:59 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2011/03/07 07:45:50 | 049,849,560 | ---- | M] () -- C:\Programme\avira_antivir_personal611_de.exe
[2011/02/24 10:33:58 | 003,033,192 | ---- | M] (Piriform Ltd) -- C:\Programme\ccsetup304.exe
[2013/08/05 11:36:18 | 005,100,219 | R--- | M] (Swearware) -- C:\Programme\ComboFix.exe
[2010/08/17 06:21:40 | 000,252,991 | ---- | M] () -- C:\Programme\FHSetup.exe
[2011/03/01 14:15:46 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\install_flash_player.exe
[2011/03/01 14:15:32 | 002,871,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\install_flash_player_ax.exe
[2011/03/08 09:53:06 | 080,450,344 | ---- | M] (Apple Inc.) -- C:\Programme\iTunesSetup.exe
[2011/03/08 09:40:03 | 001,474,048 | ---- | M] (Irfan Skiljan) -- C:\Programme\iview428_setup.exe
[2011/03/08 09:43:44 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\jre-6u24-windows-i586.exe
[2011/03/08 09:51:41 | 038,147,376 | ---- | M] (Apple Inc.) -- C:\Programme\QuickTimeInstaller.exe
[2011/03/08 09:42:12 | 001,029,000 | ---- | M] (Skype Technologies S.A.) -- C:\Programme\SkypeSetup.exe
[2011/03/08 09:41:30 | 001,247,568 | ---- | M] (Microsoft Corporation) -- C:\Programme\wlsetup-custom.exe
[2011/03/08 09:41:14 | 001,448,614 | ---- | M] () -- C:\Programme\wrar400.exe
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/03 19:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/11 06:26:41 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/03 19:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/11 06:26:41 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2003/04/02 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/03 19:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/11 06:26:41 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/03 19:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/11 06:26:41 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/04/02 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 18:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/08/03 18:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 18:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/03 18:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/03 18:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/03 18:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/03 18:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2003/04/02 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2003/04/02 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005/09/18 04:28:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/09/18 04:28:54 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/09/18 04:28:54 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2013/05/07 18:28:26 | 011,112,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2013/05/07 18:28:26 | 002,005,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2012/06/08 10:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
< End of report >

--- --- ---

markusg · 08.08.2013, 15:54

Hi,
sehr gut, ins netz damit, weiter gehts:
Du musst, wenn wir fertig sind, alle passwörter ändern.
Es sind 2 Logs zu erstellen, poste diese möglichst gleichzeitig.
1.
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

neustarten.
2.
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Newjoe · 08.08.2013, 16:45

Hier die beiden logs:

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-08-07.01 - Heinz 08.08.2013  17:25:30.1.1 - x86
ausgeführt von:: c:\dokumente und einstellungen\Heinz\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\csiInstaller\hpbcsiInstaller0EF0EA0D-F945-4958-85CC-60FF1E86D216.xml
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\advimage.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\app.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\docuname.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\email.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\event.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\general.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\histdb_docuname.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\image.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\message.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\paper.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\save.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\text.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HP LaserJet Professional CM1410 Series Fax\watermark.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP\HPLJUT\HP LaserJet Professional CM1410 Series PCL 6\HPLaserJetCM1415fn.xml
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-08 bis 2013-08-08  ))))))))))))))))))))))))))))))
.
.
2013-08-08 20:49 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2013-08-08 20:44 . 2013-08-08 15:08	--------	d-----w-	C:\_OTL
2013-08-05 15:35 . 2013-08-05 15:36	5100219	------r-	c:\programme\ComboFix.exe
2013-07-31 15:49 . 2013-08-05 11:26	--------	d-----w-	C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-21 16:35 . 2012-04-21 18:40	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-21 16:35 . 2012-04-21 18:40	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-21 16:35 . 2013-06-21 16:35	9089416	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2011-03-08 13:53 . 2011-03-08 13:52	80450344	----a-w-	c:\programme\iTunesSetup.exe
2011-03-08 13:51 . 2011-03-08 13:51	38147376	----a-w-	c:\programme\QuickTimeInstaller.exe
2011-03-08 13:43 . 2011-03-08 13:43	16525088	----a-w-	c:\programme\jre-6u24-windows-i586.exe
2011-03-08 13:42 . 2011-03-08 13:41	1029000	----a-w-	c:\programme\SkypeSetup.exe
2011-03-08 13:41 . 2011-03-08 13:41	1247568	----a-w-	c:\programme\wlsetup-custom.exe
2011-03-08 13:41 . 2011-03-08 13:41	1448614	----a-w-	c:\programme\wrar400.exe
2011-03-08 13:40 . 2011-03-08 13:39	1474048	----a-w-	c:\programme\iview428_setup.exe
2011-03-07 11:45 . 2011-03-07 11:51	49849560	----a-w-	c:\programme\avira_antivir_personal611_de.exe
2011-03-01 18:15 . 2011-03-07 11:10	2832544	----a-w-	c:\programme\install_flash_player.exe
2011-03-01 18:15 . 2011-03-07 11:10	2871968	----a-w-	c:\programme\install_flash_player_ax.exe
2011-02-24 14:33 . 2011-03-07 11:10	3033192	----a-w-	c:\programme\ccsetup304.exe
2010-08-17 10:21 . 2011-03-07 11:10	252991	----a-w-	c:\programme\FHSetup.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\programme\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-09-30 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-09-30 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"Home Theater SchSvr"="c:\programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe" [2005-02-15 106496]
"WINCINEMAMGR"="c:\programme\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-02-15 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-26 172032]
"LWS"="c:\programme\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"ToolboxFX"="c:\programme\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton AntiVirus Server"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programme\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\windows\TEMP\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\windows\TEMP\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R2 HP LaserJet Service;HP LaserJet Service;c:\programme\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]
R2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 16:35]
.
2012-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce944af39d107e.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-01 17:14]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-01 17:14]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1677128483-682003330-1003Core.job
- c:\dokumente und einstellungen\Heinz\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2009-10-06 18:29]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1677128483-682003330-1003UA.job
- c:\dokumente und einstellungen\Heinz\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2009-10-06 18:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Gratree - c:\dokumente und einstellungen\Heinz\Anwendungsdaten\Packfree\torhelp.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-LiveUpdate1.6 - c:\programme\Symantec\LiveUpdate\LSETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-08-08 17:36
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\NavLogon.dll
.
Zeit der Fertigstellung: 2013-08-08  17:39:17
ComboFix-quarantined-files.txt  2013-08-08 15:39
.
Vor Suchlauf: 10 Verzeichnis(se), 62.489.001.984 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 62.906.970.112 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
[spybotsd]
timeout.old=3
.
- - End Of File - - E3C00621E1D628A150F433F1945A37E9

--- --- ---
72B8CE41AF0DE751C946802B3ED844B4

17:43:42.0471 2384 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:43:42.0534 2384 ============================================================
17:43:42.0534 2384 Current date / time: 2013/08/08 17:43:42.0534
17:43:42.0534 2384 SystemInfo:
17:43:42.0534 2384
17:43:42.0534 2384 OS Version: 5.1.2600 ServicePack: 3.0
17:43:42.0534 2384 Product type: Workstation
17:43:42.0534 2384 ComputerName: HP
17:43:42.0534 2384 UserName: Heinz
17:43:42.0534 2384 Windows directory: C:\WINDOWS
17:43:42.0534 2384 System windows directory: C:\WINDOWS
17:43:42.0534 2384 Processor architecture: Intel x86
17:43:42.0534 2384 Number of processors: 1
17:43:42.0534 2384 Page size: 0x1000
17:43:42.0534 2384 Boot type: Normal boot
17:43:42.0534 2384 ============================================================
17:43:43.0752 2384 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:43:43.0768 2384 Drive \Device\Harddisk3\DR8 - Size: 0x1D8200000 (7.38 Gb), SectorSize: 0x200, Cylinders: 0x3C2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:43:43.0768 2384 ============================================================
17:43:43.0768 2384 \Device\Harddisk0\DR0:
17:43:43.0768 2384 MBR partitions:
17:43:43.0768 2384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
17:43:43.0768 2384 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C41B17, BlocksNum 0x84D0D9D
17:43:43.0768 2384 \Device\Harddisk3\DR8:
17:43:43.0768 2384 MBR partitions:
17:43:43.0768 2384 \Device\Harddisk3\DR8\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEBD142
17:43:43.0768 2384 ============================================================
17:43:43.0799 2384 C: <-> \Device\Harddisk0\DR0\Partition1
17:43:43.0831 2384 D: <-> \Device\Harddisk0\DR0\Partition2
17:43:43.0831 2384 ============================================================
17:43:43.0831 2384 Initialize success
17:43:43.0831 2384 ============================================================
17:44:08.0502 3236 ============================================================
17:44:08.0502 3236 Scan started
17:44:08.0502 3236 Mode: Manual;
17:44:08.0502 3236 ============================================================
17:44:08.0721 3236 ================ Scan system memory ========================
17:44:08.0721 3236 System memory - ok
17:44:08.0721 3236 ================ Scan services =============================
17:44:08.0815 3236 Abiosdsk - ok
17:44:08.0815 3236 abp480n5 - ok
17:44:08.0846 3236 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:44:08.0862 3236 ACPI - ok
17:44:08.0893 3236 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:44:08.0893 3236 ACPIEC - ok
17:44:08.0956 3236 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:44:08.0956 3236 AdobeFlashPlayerUpdateSvc - ok
17:44:08.0971 3236 adpu160m - ok
17:44:09.0002 3236 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:44:09.0002 3236 aec - ok
17:44:09.0034 3236 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:44:09.0034 3236 AFD - ok
17:44:09.0112 3236 [ B894A08F2A01E27C1989C31C96FDDE83 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:44:09.0127 3236 AgereSoftModem - ok
17:44:09.0127 3236 Aha154x - ok
17:44:09.0143 3236 aic78u2 - ok
17:44:09.0143 3236 aic78xx - ok
17:44:09.0252 3236 [ 9A8AA4DF3999BD7C60B90A4E799B1CD0 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:44:09.0268 3236 ALCXWDM - ok
17:44:09.0299 3236 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:44:09.0299 3236 Alerter - ok
17:44:09.0315 3236 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:44:09.0315 3236 ALG - ok
17:44:09.0331 3236 AliIde - ok
17:44:09.0331 3236 amsint - ok
17:44:09.0456 3236 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
17:44:09.0456 3236 AntiVirSchedulerService - ok
17:44:09.0502 3236 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:44:09.0502 3236 AntiVirService - ok
17:44:09.0565 3236 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:44:09.0565 3236 Apple Mobile Device - ok
17:44:09.0596 3236 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:44:09.0612 3236 AppMgmt - ok
17:44:09.0643 3236 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:44:09.0643 3236 Arp1394 - ok
17:44:09.0643 3236 asc - ok
17:44:09.0659 3236 asc3350p - ok
17:44:09.0674 3236 asc3550 - ok
17:44:09.0752 3236 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:44:09.0752 3236 aspnet_state - ok
17:44:09.0799 3236 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:44:09.0799 3236 AsyncMac - ok
17:44:09.0831 3236 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:44:09.0846 3236 atapi - ok
17:44:09.0846 3236 Atdisk - ok
17:44:09.0877 3236 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:44:09.0877 3236 Atmarpc - ok
17:44:09.0909 3236 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:44:09.0909 3236 AudioSrv - ok
17:44:09.0940 3236 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:44:09.0940 3236 audstub - ok
17:44:09.0987 3236 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Programme\Avira\AntiVir Desktop\avgio.sys
17:44:09.0987 3236 avgio - ok
17:44:10.0002 3236 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:44:10.0002 3236 avgntflt - ok
17:44:10.0034 3236 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:44:10.0049 3236 avipbb - ok
17:44:10.0065 3236 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:44:10.0065 3236 Beep - ok
17:44:10.0112 3236 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:44:10.0112 3236 BITS - ok
17:44:10.0190 3236 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
17:44:10.0190 3236 Bonjour Service - ok
17:44:10.0221 3236 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:44:10.0221 3236 Browser - ok
17:44:10.0252 3236 catchme - ok
17:44:10.0299 3236 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:44:10.0299 3236 cbidf2k - ok
17:44:10.0315 3236 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:44:10.0315 3236 CCDECODE - ok
17:44:10.0331 3236 cd20xrnt - ok
17:44:10.0377 3236 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:44:10.0377 3236 Cdaudio - ok
17:44:10.0409 3236 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:44:10.0409 3236 Cdfs - ok
17:44:10.0440 3236 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:44:10.0440 3236 Cdrom - ok
17:44:10.0456 3236 Changer - ok
17:44:10.0487 3236 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:44:10.0487 3236 CiSvc - ok
17:44:10.0518 3236 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:44:10.0518 3236 ClipSrv - ok
17:44:10.0549 3236 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:44:10.0549 3236 clr_optimization_v2.0.50727_32 - ok
17:44:10.0565 3236 CmdIde - ok
17:44:10.0581 3236 COMSysApp - ok
17:44:10.0596 3236 Cpqarray - ok
17:44:10.0643 3236 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:44:10.0643 3236 CryptSvc - ok
17:44:10.0643 3236 dac2w2k - ok
17:44:10.0659 3236 dac960nt - ok
17:44:10.0706 3236 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:44:10.0706 3236 DcomLaunch - ok
17:44:10.0752 3236 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:44:10.0752 3236 Dhcp - ok
17:44:10.0784 3236 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:44:10.0784 3236 Disk - ok
17:44:10.0799 3236 dmadmin - ok
17:44:10.0862 3236 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:44:10.0862 3236 dmboot - ok
17:44:10.0893 3236 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:44:10.0893 3236 dmio - ok
17:44:10.0924 3236 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:44:10.0924 3236 dmload - ok
17:44:10.0956 3236 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:44:10.0956 3236 dmserver - ok
17:44:10.0971 3236 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:44:10.0971 3236 DMusic - ok
17:44:11.0002 3236 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:44:11.0002 3236 Dnscache - ok
17:44:11.0034 3236 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:44:11.0049 3236 Dot3svc - ok
17:44:11.0049 3236 dpti2o - ok
17:44:11.0081 3236 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:44:11.0081 3236 drmkaud - ok
17:44:11.0112 3236 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:44:11.0112 3236 EapHost - ok
17:44:11.0143 3236 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:44:11.0143 3236 ERSvc - ok
17:44:11.0174 3236 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:44:11.0174 3236 Eventlog - ok
17:44:11.0221 3236 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
17:44:11.0221 3236 EventSystem - ok
17:44:11.0252 3236 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:44:11.0252 3236 Fastfat - ok
17:44:11.0284 3236 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:44:11.0284 3236 FastUserSwitchingCompatibility - ok
17:44:11.0315 3236 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:44:11.0315 3236 Fdc - ok
17:44:11.0362 3236 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:44:11.0362 3236 Fips - ok
17:44:11.0362 3236 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:44:11.0362 3236 Flpydisk - ok
17:44:11.0409 3236 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:44:11.0409 3236 FltMgr - ok
17:44:11.0487 3236 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:44:11.0487 3236 FontCache3.0.0.0 - ok
17:44:11.0502 3236 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:44:11.0502 3236 Fs_Rec - ok
17:44:11.0534 3236 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:44:11.0534 3236 Ftdisk - ok
17:44:11.0565 3236 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:44:11.0565 3236 GEARAspiWDM - ok
17:44:11.0565 3236 GMSIPCI - ok
17:44:11.0612 3236 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:44:11.0612 3236 Gpc - ok
17:44:11.0674 3236 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
17:44:11.0674 3236 gupdate - ok
17:44:11.0706 3236 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
17:44:11.0706 3236 gupdatem - ok
17:44:11.0752 3236 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:44:11.0752 3236 helpsvc - ok
17:44:11.0799 3236 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
17:44:11.0799 3236 HidServ - ok
17:44:11.0831 3236 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:44:11.0831 3236 HidUsb - ok
17:44:11.0862 3236 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:44:11.0862 3236 hkmsvc - ok
17:44:11.0940 3236 [ 16959F84844DC9B2CEF0D5B1A412370F ] HP LaserJet Service C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe
17:44:11.0940 3236 HP LaserJet Service - ok
17:44:12.0002 3236 [ 58176988FBA04153D35D7EB92825A14F ] HP Port Resolver C:\WINDOWS\system32\hpbpro.exe
17:44:12.0002 3236 HP Port Resolver - ok
17:44:12.0018 3236 [ B00044476F6D091922DA76A086ECC15B ] HP Status Server C:\WINDOWS\system32\hpboid.exe
17:44:12.0018 3236 HP Status Server - ok
17:44:12.0018 3236 hpn - ok
17:44:12.0065 3236 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:44:12.0065 3236 HTTP - ok
17:44:12.0096 3236 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:44:12.0096 3236 HTTPFilter - ok
17:44:12.0112 3236 i2omgmt - ok
17:44:12.0112 3236 i2omp - ok
17:44:12.0143 3236 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:44:12.0143 3236 i8042prt - ok
17:44:12.0206 3236 [ 1432958DC80B7BBACF07377763D70E91 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:44:12.0221 3236 ialm - ok
17:44:12.0268 3236 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:44:12.0268 3236 IDriverT - ok
17:44:12.0331 3236 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:44:12.0346 3236 idsvc - ok
17:44:12.0377 3236 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:44:12.0377 3236 Imapi - ok
17:44:12.0409 3236 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:44:12.0409 3236 ImapiService - ok
17:44:12.0424 3236 ini910u - ok
17:44:12.0440 3236 IntelIde - ok
17:44:12.0471 3236 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:44:12.0471 3236 intelppm - ok
17:44:12.0502 3236 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:44:12.0502 3236 ip6fw - ok
17:44:12.0534 3236 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:44:12.0534 3236 IpFilterDriver - ok
17:44:12.0565 3236 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:44:12.0565 3236 IpInIp - ok
17:44:12.0596 3236 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:44:12.0596 3236 IpNat - ok
17:44:12.0674 3236 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
17:44:12.0674 3236 iPod Service - ok
17:44:12.0706 3236 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:44:12.0706 3236 IPSec - ok
17:44:12.0737 3236 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:44:12.0737 3236 IRENUM - ok
17:44:12.0768 3236 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:44:12.0768 3236 isapnp - ok
17:44:12.0784 3236 [ CD8ABFFF1387E0F42CF6C6D7CDC19F0D ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
17:44:12.0784 3236 Iviaspi - ok
17:44:12.0877 3236 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
17:44:12.0893 3236 JavaQuickStarterService - ok
17:44:12.0924 3236 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:44:12.0924 3236 Kbdclass - ok
17:44:12.0956 3236 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:44:12.0956 3236 kbdhid - ok
17:44:13.0002 3236 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:44:13.0002 3236 kmixer - ok
17:44:13.0034 3236 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:44:13.0034 3236 KSecDD - ok
17:44:13.0065 3236 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:44:13.0065 3236 lanmanserver - ok
17:44:13.0096 3236 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:44:13.0096 3236 lanmanworkstation - ok
17:44:13.0112 3236 lbrtfdc - ok
17:44:13.0143 3236 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:44:13.0159 3236 LmHosts - ok
17:44:13.0174 3236 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
17:44:13.0190 3236 LVPr2Mon - ok
17:44:13.0221 3236 [ 2333057542C91AE8228BDCCC2E5F2632 ] LVPrcSrv C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe
17:44:13.0221 3236 LVPrcSrv - ok
17:44:13.0268 3236 [ A1857FBB9B4930EEB2FD92386C45C529 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
17:44:13.0268 3236 LVRS - ok
17:44:13.0424 3236 [ 3703406AF0726BADD24C5E552493E5B1 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
17:44:13.0456 3236 LVUVC - ok
17:44:13.0487 3236 [ AA976B567C3A04EA29A7F3E93920AF59 ] M2500 C:\WINDOWS\system32\DRIVERS\M2500.sys
17:44:13.0502 3236 M2500 - ok
17:44:13.0534 3236 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:44:13.0534 3236 Messenger - ok
17:44:13.0565 3236 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:44:13.0565 3236 mnmdd - ok
17:44:13.0596 3236 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:44:13.0596 3236 mnmsrvc - ok
17:44:13.0612 3236 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:44:13.0612 3236 Modem - ok
17:44:13.0659 3236 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:44:13.0659 3236 Mouclass - ok
17:44:13.0690 3236 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:44:13.0690 3236 mouhid - ok
17:44:13.0706 3236 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:44:13.0706 3236 MountMgr - ok
17:44:13.0721 3236 mraid35x - ok
17:44:13.0752 3236 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:44:13.0752 3236 MRxDAV - ok
17:44:13.0799 3236 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:44:13.0799 3236 MRxSmb - ok
17:44:13.0831 3236 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:44:13.0846 3236 MSDTC - ok
17:44:13.0877 3236 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:44:13.0877 3236 Msfs - ok
17:44:13.0893 3236 MSIServer - ok
17:44:13.0940 3236 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:44:13.0940 3236 MSKSSRV - ok
17:44:13.0956 3236 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:44:13.0956 3236 MSPCLOCK - ok
17:44:13.0987 3236 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:44:13.0987 3236 MSPQM - ok
17:44:14.0018 3236 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:44:14.0018 3236 mssmbios - ok
17:44:14.0034 3236 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:44:14.0034 3236 MSTEE - ok
17:44:14.0065 3236 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:44:14.0065 3236 Mup - ok
17:44:14.0112 3236 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:44:14.0112 3236 NABTSFEC - ok
17:44:14.0159 3236 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:44:14.0159 3236 napagent - ok
17:44:14.0174 3236 NAVAP - ok
17:44:14.0206 3236 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:44:14.0206 3236 NDIS - ok
17:44:14.0237 3236 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:44:14.0237 3236 NdisIP - ok
17:44:14.0268 3236 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:44:14.0268 3236 NdisTapi - ok
17:44:14.0299 3236 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:44:14.0299 3236 Ndisuio - ok
17:44:14.0315 3236 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:44:14.0315 3236 NdisWan - ok
17:44:14.0346 3236 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:44:14.0346 3236 NDProxy - ok
17:44:14.0377 3236 [ 80B7A96F908DA13617E7E6832C5C6A64 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
17:44:14.0393 3236 Net Driver HPZ12 - ok
17:44:14.0424 3236 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:44:14.0424 3236 NetBIOS - ok
17:44:14.0440 3236 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:44:14.0456 3236 NetBT - ok
17:44:14.0471 3236 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:44:14.0471 3236 NetDDE - ok
17:44:14.0487 3236 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:44:14.0487 3236 NetDDEdsdm - ok
17:44:14.0518 3236 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:44:14.0518 3236 Netlogon - ok
17:44:14.0549 3236 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:44:14.0565 3236 Netman - ok
17:44:14.0596 3236 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:44:14.0596 3236 NetTcpPortSharing - ok
17:44:14.0612 3236 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:44:14.0627 3236 NIC1394 - ok
17:44:14.0659 3236 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:44:14.0659 3236 Nla - ok
17:44:14.0690 3236 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:44:14.0690 3236 Npfs - ok
17:44:14.0721 3236 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:44:14.0721 3236 Ntfs - ok
17:44:14.0752 3236 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:44:14.0752 3236 NtLmSsp - ok
17:44:14.0799 3236 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:44:14.0799 3236 NtmsSvc - ok
17:44:14.0831 3236 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:44:14.0831 3236 Null - ok
17:44:14.0862 3236 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:44:14.0862 3236 NwlnkFlt - ok
17:44:14.0877 3236 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:44:14.0877 3236 NwlnkFwd - ok
17:44:14.0877 3236 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:44:14.0893 3236 ohci1394 - ok
17:44:14.0924 3236 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:44:14.0924 3236 ose - ok
17:44:14.0956 3236 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:44:14.0956 3236 Parport - ok
17:44:14.0987 3236 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:44:14.0987 3236 PartMgr - ok
17:44:15.0018 3236 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:44:15.0018 3236 ParVdm - ok
17:44:15.0018 3236 PCANDIS5 - ok
17:44:15.0034 3236 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:44:15.0034 3236 PCI - ok
17:44:15.0049 3236 PCIDump - ok
17:44:15.0065 3236 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:44:15.0065 3236 PCIIde - ok
17:44:15.0096 3236 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:44:15.0096 3236 Pcmcia - ok
17:44:15.0096 3236 PDCOMP - ok
17:44:15.0112 3236 PDFRAME - ok
17:44:15.0127 3236 PDRELI - ok
17:44:15.0127 3236 PDRFRAME - ok
17:44:15.0143 3236 perc2 - ok
17:44:15.0174 3236 perc2hib - ok
17:44:15.0221 3236 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:44:15.0221 3236 PlugPlay - ok
17:44:15.0252 3236 [ 0C155C5D8942B3CBCF9506A9D376B9AD ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
17:44:15.0268 3236 Pml Driver HPZ12 - ok
17:44:15.0284 3236 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:44:15.0284 3236 PolicyAgent - ok
17:44:15.0315 3236 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:44:15.0315 3236 PptpMiniport - ok
17:44:15.0346 3236 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:44:15.0346 3236 Processor - ok
17:44:15.0346 3236 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:44:15.0346 3236 ProtectedStorage - ok
17:44:15.0393 3236 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:44:15.0393 3236 PSched - ok
17:44:15.0393 3236 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:44:15.0393 3236 Ptilink - ok
17:44:15.0409 3236 ql1080 - ok
17:44:15.0424 3236 Ql10wnt - ok
17:44:15.0424 3236 ql12160 - ok
17:44:15.0440 3236 ql1240 - ok
17:44:15.0456 3236 ql1280 - ok
17:44:15.0456 3236 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:44:15.0456 3236 RasAcd - ok
17:44:15.0487 3236 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:44:15.0487 3236 RasAuto - ok
17:44:15.0518 3236 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:44:15.0518 3236 Rasl2tp - ok
17:44:15.0565 3236 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:44:15.0565 3236 RasMan - ok
17:44:15.0581 3236 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:44:15.0596 3236 RasPppoe - ok
17:44:15.0612 3236 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:44:15.0612 3236 Raspti - ok
17:44:15.0643 3236 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:44:15.0659 3236 Rdbss - ok
17:44:15.0674 3236 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:44:15.0674 3236 RDPCDD - ok
17:44:15.0706 3236 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:44:15.0706 3236 rdpdr - ok
17:44:15.0752 3236 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:44:15.0752 3236 RDPWD - ok
17:44:15.0784 3236 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:44:15.0799 3236 RDSessMgr - ok
17:44:15.0831 3236 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:44:15.0831 3236 redbook - ok
17:44:15.0862 3236 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:44:15.0862 3236 RemoteAccess - ok
17:44:15.0893 3236 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:44:15.0893 3236 RemoteRegistry - ok
17:44:15.0909 3236 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
17:44:15.0909 3236 RpcLocator - ok
17:44:15.0956 3236 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:44:15.0956 3236 RpcSs - ok
17:44:16.0002 3236 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
17:44:16.0002 3236 RSVP - ok
17:44:16.0034 3236 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:44:16.0034 3236 rtl8139 - ok
17:44:16.0065 3236 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:44:16.0065 3236 SamSs - ok
17:44:16.0065 3236 SASDIFSV - ok
17:44:16.0081 3236 SASKUTIL - ok
17:44:16.0112 3236 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:44:16.0112 3236 SCardSvr - ok
17:44:16.0159 3236 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:44:16.0159 3236 Schedule - ok
17:44:16.0206 3236 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:44:16.0206 3236 Secdrv - ok
17:44:16.0237 3236 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:44:16.0237 3236 seclogon - ok
17:44:16.0252 3236 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:44:16.0252 3236 SENS - ok
17:44:16.0284 3236 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:44:16.0284 3236 serenum - ok
17:44:16.0315 3236 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:44:16.0315 3236 Serial - ok
17:44:16.0362 3236 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:44:16.0362 3236 Sfloppy - ok
17:44:16.0424 3236 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:44:16.0424 3236 SharedAccess - ok
17:44:16.0549 3236 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:44:16.0565 3236 ShellHWDetection - ok
17:44:16.0565 3236 Simbad - ok
17:44:16.0612 3236 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
17:44:16.0612 3236 SkypeUpdate - ok
17:44:16.0643 3236 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:44:16.0643 3236 SLIP - ok
17:44:16.0659 3236 Sparrow - ok
17:44:16.0706 3236 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:44:16.0706 3236 splitter - ok
17:44:16.0737 3236 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:44:16.0737 3236 Spooler - ok
17:44:16.0768 3236 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:44:16.0768 3236 sr - ok
17:44:16.0799 3236 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:44:16.0815 3236 srservice - ok
17:44:16.0846 3236 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:44:16.0862 3236 Srv - ok
17:44:16.0877 3236 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:44:16.0877 3236 SSDPSRV - ok
17:44:16.0924 3236 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:44:16.0924 3236 ssmdrv - ok
17:44:16.0956 3236 [ BD15182E9D2D3FABC1D1313BADBD2415 ] ss_bus C:\WINDOWS\system32\DRIVERS\ss_bus.sys
17:44:16.0956 3236 ss_bus - ok
17:44:16.0971 3236 [ 67D1144F249A3C5E03EBD7A2304DEE11 ] ss_mdfl C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
17:44:16.0971 3236 ss_mdfl - ok
17:44:17.0002 3236 [ 954B7CE2D54C703D6A8471D6B05A5E13 ] ss_mdm C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
17:44:17.0002 3236 ss_mdm - ok
17:44:17.0034 3236 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
17:44:17.0034 3236 StarOpen - ok
17:44:17.0081 3236 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:44:17.0081 3236 stisvc - ok
17:44:17.0112 3236 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:44:17.0112 3236 streamip - ok
17:44:17.0143 3236 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:44:17.0143 3236 swenum - ok
17:44:17.0174 3236 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:44:17.0174 3236 swmidi - ok
17:44:17.0190 3236 SwPrv - ok
17:44:17.0206 3236 symc810 - ok
17:44:17.0221 3236 symc8xx - ok
17:44:17.0221 3236 sym_hi - ok
17:44:17.0237 3236 sym_u3 - ok
17:44:17.0252 3236 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:44:17.0252 3236 sysaudio - ok
17:44:17.0284 3236 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:44:17.0299 3236 SysmonLog - ok
17:44:17.0331 3236 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:44:17.0331 3236 TapiSrv - ok
17:44:17.0377 3236 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:44:17.0377 3236 Tcpip - ok
17:44:17.0409 3236 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:44:17.0409 3236 TDPIPE - ok
17:44:17.0424 3236 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:44:17.0424 3236 TDTCP - ok
17:44:17.0456 3236 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:44:17.0456 3236 TermDD - ok
17:44:17.0502 3236 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:44:17.0502 3236 TermService - ok
17:44:17.0534 3236 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:44:17.0534 3236 Themes - ok
17:44:17.0565 3236 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
17:44:17.0565 3236 TlntSvr - ok
17:44:17.0612 3236 [ FBD16717FD68B206C4CE3BB3C9EE5CB3 ] TomTomHOMEService C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
17:44:17.0612 3236 TomTomHOMEService - ok
17:44:17.0627 3236 TosIde - ok
17:44:17.0674 3236 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:44:17.0674 3236 TrkWks - ok
17:44:17.0721 3236 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:44:17.0721 3236 Udfs - ok
17:44:17.0721 3236 ultra - ok
17:44:17.0768 3236 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:44:17.0784 3236 Update - ok
17:44:17.0799 3236 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:44:17.0799 3236 upnphost - ok
17:44:17.0831 3236 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:44:17.0846 3236 UPS - ok
17:44:17.0862 3236 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:44:17.0862 3236 USBAAPL - ok
17:44:17.0893 3236 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:44:17.0893 3236 usbaudio - ok
17:44:17.0940 3236 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:44:17.0940 3236 usbccgp - ok
17:44:17.0971 3236 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:44:17.0971 3236 usbehci - ok
17:44:18.0002 3236 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:44:18.0002 3236 usbhub - ok
17:44:18.0049 3236 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:44:18.0049 3236 usbscan - ok
17:44:18.0081 3236 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:44:18.0081 3236 usbstor - ok
17:44:18.0096 3236 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:44:18.0096 3236 usbuhci - ok
17:44:18.0127 3236 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
17:44:18.0127 3236 usbvideo - ok
17:44:18.0159 3236 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:44:18.0159 3236 VgaSave - ok
17:44:18.0159 3236 ViaIde - ok
17:44:18.0190 3236 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:44:18.0190 3236 VolSnap - ok
17:44:18.0237 3236 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:44:18.0237 3236 VSS - ok
17:44:18.0284 3236 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
17:44:18.0284 3236 W32Time - ok
17:44:18.0315 3236 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:44:18.0315 3236 Wanarp - ok
17:44:18.0331 3236 WDICA - ok
17:44:18.0362 3236 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:44:18.0362 3236 wdmaud - ok
17:44:18.0393 3236 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:44:18.0393 3236 WebClient - ok
17:44:18.0456 3236 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:44:18.0471 3236 winmgmt - ok
17:44:18.0502 3236 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:44:18.0518 3236 WmdmPmSN - ok
17:44:18.0565 3236 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:44:18.0581 3236 Wmi - ok
17:44:18.0627 3236 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:44:18.0627 3236 WmiApSrv - ok
17:44:18.0643 3236 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:44:18.0659 3236 WS2IFSL - ok
17:44:18.0690 3236 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:44:18.0690 3236 wscsvc - ok
17:44:18.0721 3236 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:44:18.0721 3236 WSTCODEC - ok
17:44:18.0752 3236 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:44:18.0752 3236 wuauserv - ok
17:44:18.0799 3236 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:44:18.0815 3236 WZCSVC - ok
17:44:18.0846 3236 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:44:18.0846 3236 xmlprov - ok
17:44:18.0877 3236 ================ Scan global ===============================
17:44:18.0909 3236 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:44:18.0940 3236 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
17:44:18.0971 3236 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
17:44:18.0987 3236 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:44:18.0987 3236 [Global] - ok
17:44:18.0987 3236 ================ Scan MBR ==================================
17:44:19.0018 3236 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:44:19.0190 3236 \Device\Harddisk0\DR0 - ok
17:44:19.0190 3236 [ 6EF3B35686BE2662BD1FA10B31BE15BD ] \Device\Harddisk3\DR8
17:44:19.0206 3236 \Device\Harddisk3\DR8 - ok
17:44:19.0206 3236 ================ Scan VBR ==================================
17:44:19.0221 3236 [ 6C5F5EB0573A1D55124F9E8EBBEBA584 ] \Device\Harddisk0\DR0\Partition1
17:44:19.0221 3236 \Device\Harddisk0\DR0\Partition1 - ok
17:44:19.0252 3236 [ 4C76700E90D6F9B5D9B68409C81D4BA1 ] \Device\Harddisk0\DR0\Partition2
17:44:19.0252 3236 \Device\Harddisk0\DR0\Partition2 - ok
17:44:19.0252 3236 [ 6DAED0B0DCA3F1975EB914FE396127AB ] \Device\Harddisk3\DR8\Partition1
17:44:19.0252 3236 \Device\Harddisk3\DR8\Partition1 - ok
17:44:19.0252 3236 ============================================================
17:44:19.0252 3236 Scan finished
17:44:19.0252 3236 ============================================================
17:44:19.0268 3184 Detected object count: 0
17:44:19.0268 3184 Actual detected object count: 0
17:44:26.0643 1396 Deinitialize success

markusg · 08.08.2013, 17:30

Hi, prüfe mal, falls noch verwendet, ob es jetzt probleme mit deinem
HP LaserJet gibt.
2. TDSS Killer nach Anleitung konfigurieren und noch mal ausführen.

05.08.2013, 17:36	#20
markusg /// Malware-holic	GVU-Trojaner: Ich kann noch nicht mal von CD/USB starten geht der normale Modus __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

GVU-Trojaner: Ich kann noch nicht mal von CD/USB starten

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner: Ich kann noch nicht mal von CD/USB starten