Habe gerade versucht, im abgesicherten Modus und im abgesicherten Modus mit Eingabeaufforderung zu starten, PC stürzt aber immer noch dabei mit Bluescreen ab.

Gibt es vielleicht eine Möglichkeit, unter REATO-GO einen Windows-Emulator zu installieren und MBAM aus dieser Umgebung heraus zu installieren und laufen zu lassen?

Hm, komisch - erstell mal bitte ein neues Logfile mit OTLPE:

Erneuter Systemscan mit OTLPE

• Boote den infizierten Rechner von der OTLPE-CD (evtl. Reihenfolge im BIOS umstellen).
• Dein System sollte nun einen REATOGO-X-PE Desktop anzeigen.
• Starte OTLPE mit einem Doppelklick auf das OTLPE Icon.
• "Do you wish to load the remote registry" und "Do you wish to load remote user profile(s) for scanning" mit Yes beantworten.
• Entsichere die Box "Automatically Load All Remaining Users" wenn sie gewählt ist und drücke OK.
• Im Block "Drivers" Use SafeList auswählen und dann mit Run Scan den Scan starten.
• Nach dem Scan wird ein Logfile erstellt (C:\OTL.txt)
• Kopiere dieses auf einen USB-Stick und poste es hier.

Sollte es wieder so lang werden, kannst Du die Datei bei www.file-upload.de hochladen und hier verlinken.

Hier ist das neue OTLPE-Logfile für User Administrator:

OTL logfile created on: 4/8/2010 2:29:38 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148.80 Gb Total Space | 31.36 Gb Free Space | 21.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2009/07/26 01:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/12/10 20:03:15 | 000,417,464 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/06/18 08:46:52 | 000,036,982 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_WatchDog)
SRV - [2008/06/18 08:46:50 | 000,106,613 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2007/04/03 11:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/12/14 11:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006/11/13 07:23:40 | 000,142,128 | ---- | M] (VMware, Inc.) [Auto] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2006/11/13 07:23:26 | 000,113,456 | ---- | M] (VMware, Inc.) [Auto] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2006/11/13 07:23:16 | 000,224,048 | ---- | M] (VMware, Inc.) [Auto] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2006/11/13 06:39:22 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2006/10/09 03:00:00 | 000,323,584 | ---- | M] (AT&T) [Auto] -- C:\Programme\AT&T Global Network Client\NetCfgSv.EXE -- (NetCfgSvr)
SRV - [2005/11/17 09:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/11/12 08:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)
DRV - File not found [Adapter | Unavailable] -- -- (PnSson)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2009/01/30 04:12:00 | 006,250,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/12/10 19:50:39 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/06/18 08:46:58 | 000,047,504 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\omdrv.sys -- (CP_OMDRV)
DRV - [2008/06/18 08:46:56 | 002,235,760 | ---- | M] (Check Point Software Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1)
DRV - [2008/06/18 08:46:54 | 000,121,136 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vnasc.sys -- (VNASC)
DRV - [2008/06/18 08:46:52 | 000,673,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\vpn.sys -- (VPN-1)
DRV - [2007/11/24 15:21:06 | 000,278,984 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/11/24 15:21:06 | 000,025,416 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/11/05 09:54:54 | 000,046,448 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\net6im51.sys -- (Net6IM)
DRV - [2007/04/03 11:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 08:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 09:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/13 07:24:02 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2006/11/13 07:23:54 | 000,031,024 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2006/11/13 07:23:54 | 000,022,576 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2006/11/13 07:23:54 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006/11/13 07:23:52 | 000,102,960 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2006/11/13 06:39:24 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006/05/19 04:46:14 | 000,180,864 | ---- | M] (AT&T) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2006/03/02 18:46:54 | 000,191,968 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/18 23:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 09:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/01/17 11:30:58 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HIDSMSC.SYS -- (SMCB000)
DRV - [2006/01/12 11:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/12/29 17:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/30 13:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 05:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/11/08 18:12:00 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 18:11:00 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/08 18:11:00 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/06 00:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 00:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 00:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 00:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 00:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 00:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 00:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/14 21:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/09/11 22:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 09:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 07:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 07:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 00:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/11 00:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/05/05 09:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2005/01/26 03:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/07 12:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/14 23:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/04/29 12:19:18 | 000,019,328 | ---- | M] (AT&T) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
DRV - [2003/11/18 20:00:00 | 000,547,840 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase)
DRV - [2003/11/18 20:00:00 | 000,053,120 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2003/09/18 20:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/10 18:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/04/04 07:48:06 | 000,013,952 | ---- | M] (AT&T) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/07/23 17:53:44 | 000,019,872 | ---- | M] (Minolta Co., Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\MLPTDR_B.SYS -- (MLPTDR_B)
DRV - [2002/04/09 06:44:22 | 000,039,552 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/17 07:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2001/01/07 21:53:24 | 000,015,576 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\GerdG_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\GerdG_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010/04/04 06:55:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/04/04 06:55:03 | 000,000,000 | ---D | M]

[2009/08/25 03:48:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010/03/14 07:08:18 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/03/14 07:08:18 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/03/14 07:08:18 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/04/06 12:08:31 | 000,001,208 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\search.xml
[2010/03/14 07:08:18 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/03/14 07:08:18 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010/04/08 11:44:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\GerdG_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\GerdG_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Programme\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKU\Administrator_ON_C..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\GerdG_ON_C..\Run: [BrowserChoice] C:\WINDOWS\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKU\GerdG_ON_C..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\GerdG_ON_C..\Run: [NetSP - restore settings on power failure] C:\Programme\AT&T Global Network Client\NetSP.exe (AT&T)
O4 - HKU\GerdG_ON_C..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\GerdG_ON_C..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\GerdG\Startmenü\Programme\Autostart\Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\GerdG_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\GerdG_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://myoffice.eu.goodyear.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://vpn.uniorg.de/net6helper.cab (Net6Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\GerdG_ON_C Winlogon: Shell - ("C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ec69010\SGec69.exe") - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ec69010\SGec69.exe (Security Wall Inc.)
O20 - HKU\GerdG_ON_C Winlogon: Shell - (/s /d) - File not found
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/17 08:02:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 11:43:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/02 06:00:58 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/03/10 13:30:39 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2008/01/10 10:51:24 | 003,100,672 | ---- | C] (SAP Technology,Inc) -- C:\Programme\Gemeinsame Dateien\sapxlhelper.dll
[2008/01/10 10:51:24 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Programme\Gemeinsame Dateien\sapconsr3.dll
[2008/01/10 10:51:23 | 000,626,688 | ---- | C] (SAP AG) -- C:\Programme\Gemeinsame Dateien\sapconsaccess.dll
[2008/01/10 10:51:22 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Programme\Gemeinsame Dateien\DigitalSignature.ocx
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/08 12:24:41 | 003,670,016 | -H-- | M] () -- C:\Dokumente und Einstellungen\GerdG\NTUSER.DAT
[2010/04/08 12:24:41 | 001,048,576 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2010/04/08 11:44:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/04/08 07:15:06 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2010/04/08 07:15:06 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2010/04/08 07:15:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/08 07:15:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/08 06:33:11 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/08 06:30:20 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/07 13:45:40 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\GerdG\ntuser.ini
[2010/04/07 13:24:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/06 17:24:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/05 04:32:43 | 001,077,916 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/05 04:32:43 | 000,462,024 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010/04/05 04:32:43 | 000,444,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/05 04:32:43 | 000,085,886 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010/04/05 04:32:43 | 000,072,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/03 10:44:10 | 000,197,354 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/03 10:43:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/01 14:47:59 | 000,014,620 | ---- | M] () -- C:\Dokumente und Einstellungen\GerdG\Eigene Dateien\Bücher_220310.ods
[2010/03/31 07:29:39 | 000,000,432 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2010/03/10 18:27:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/10 00:56:42 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/03/10 00:56:33 | 001,024,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/22 10:16:57 | 000,014,620 | ---- | C] () -- C:\Dokumente und Einstellungen\GerdG\Eigene Dateien\Bücher_220310.ods
[2009/12/07 06:23:57 | 000,000,000 | ---- | C] () -- C:\Programme\error.dat
[2009/03/18 12:37:58 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/03/18 12:37:58 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/01/18 14:52:52 | 000,000,207 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/01/18 14:52:52 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/01/18 14:52:45 | 000,000,432 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/01/18 14:52:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/01/18 14:52:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/01/18 14:51:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/01/18 14:45:07 | 000,027,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/11/09 10:03:32 | 001,605,632 | ---- | C] () -- C:\WINDOWS\System32\MSTMON_B.DLL
[2008/11/09 10:03:32 | 000,026,457 | R--- | C] () -- C:\WINDOWS\MSTMON_B.INI
[2008/10/07 04:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 04:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/18 08:47:02 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008/01/16 06:39:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/01/13 05:39:07 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/01/10 10:57:52 | 000,003,231 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2008/01/10 10:51:23 | 001,124,864 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL_nosig.xlt
[2008/01/10 10:51:22 | 001,129,984 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL.xlt
[2008/01/10 10:46:52 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2008/01/10 10:46:52 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2008/01/10 10:46:51 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2008/01/10 10:46:51 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2008/01/10 10:46:51 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2008/01/10 10:46:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2007/11/24 15:21:06 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/11/24 15:21:06 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/08/01 06:35:38 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2007/08/01 06:35:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI
[2007/08/01 06:30:21 | 000,003,953 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2007/08/01 06:30:20 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2007/06/27 12:51:41 | 000,000,342 | ---- | C] () -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\wklnhst.dat
[2007/04/17 15:12:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/04/03 11:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 11:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/05 04:56:48 | 000,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2006/11/23 13:30:53 | 000,174,592 | ---- | C] () -- C:\Dokumente und Einstellungen\GerdG\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/18 07:12:21 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\GerdG\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/03/22 05:12:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/22 04:56:06 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006/03/22 04:25:13 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/22 03:05:11 | 000,012,402 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/03/22 03:05:11 | 000,002,182 | R--- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/03/22 02:55:00 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/22 02:49:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/22 02:49:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/22 02:49:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/22 02:49:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/22 02:49:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/22 02:49:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/22 02:18:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/21 17:06:56 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/21 17:06:55 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/21 17:06:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/21 17:06:53 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/21 17:06:53 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/21 11:04:04 | 000,009,362 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/21 11:04:04 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/21 11:04:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/21 11:04:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/17 08:09:59 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/03/17 07:46:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/03/17 07:46:26 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/26 13:03:32 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 14:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/11/28 23:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 09:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 09:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 16:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 12:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 09:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002/07/23 17:52:22 | 000,019,124 | ---- | C] () -- C:\WINDOWS\MSUMLT_B.INI
[2002/03/04 05:16:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2006/09/06 13:00:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2006/09/06 12:55:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\toshiba
[2009/03/06 13:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\Cisco
[2009/03/20 04:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\FRITZ!
[2010/01/14 04:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\ICAClient
[2006/11/23 13:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\InterVideo
[2008/01/13 05:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\MAGIX
[2009/01/03 12:52:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\OpenOffice.org
[2009/05/01 18:25:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\Orbit
[2009/07/21 02:48:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\TeamViewer
[2008/11/09 10:06:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\Template
[2008/11/06 13:37:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\toshiba

========== Purity Check ==========


< End of report >

Und hier das neue OTLPE-Logfile für den User GerdG:

OTL logfile created on: 4/8/2010 2:36:04 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148.80 Gb Total Space | 31.36 Gb Free Space | 21.07% Space Free | Partition Type: NTFS
Drive D: | 1.88 Gb Total Space | 1.73 Gb Free Space | 91.88% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2009/07/26 01:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/12/10 20:03:15 | 000,417,464 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/06/18 08:46:52 | 000,036,982 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_WatchDog)
SRV - [2008/06/18 08:46:50 | 000,106,613 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2007/04/03 11:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/12/14 11:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006/11/13 07:23:40 | 000,142,128 | ---- | M] (VMware, Inc.) [Auto] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2006/11/13 07:23:26 | 000,113,456 | ---- | M] (VMware, Inc.) [Auto] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2006/11/13 07:23:16 | 000,224,048 | ---- | M] (VMware, Inc.) [Auto] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2006/11/13 06:39:22 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2006/10/09 03:00:00 | 000,323,584 | ---- | M] (AT&T) [Auto] -- C:\Programme\AT&T Global Network Client\NetCfgSv.EXE -- (NetCfgSvr)
SRV - [2005/11/17 09:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/11/12 08:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)
DRV - File not found [Adapter | Unavailable] -- -- (PnSson)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2009/01/30 04:12:00 | 006,250,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/12/10 19:50:39 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/06/18 08:46:58 | 000,047,504 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\omdrv.sys -- (CP_OMDRV)
DRV - [2008/06/18 08:46:56 | 002,235,760 | ---- | M] (Check Point Software Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1)
DRV - [2008/06/18 08:46:54 | 000,121,136 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vnasc.sys -- (VNASC)
DRV - [2008/06/18 08:46:52 | 000,673,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\vpn.sys -- (VPN-1)
DRV - [2007/11/24 15:21:06 | 000,278,984 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/11/24 15:21:06 | 000,025,416 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/11/05 09:54:54 | 000,046,448 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\net6im51.sys -- (Net6IM)
DRV - [2007/04/03 11:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 08:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 09:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/13 07:24:02 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2006/11/13 07:23:54 | 000,031,024 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2006/11/13 07:23:54 | 000,022,576 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2006/11/13 07:23:54 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006/11/13 07:23:52 | 000,102,960 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2006/11/13 06:39:24 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006/05/19 04:46:14 | 000,180,864 | ---- | M] (AT&T) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2006/03/02 18:46:54 | 000,191,968 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/18 23:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 09:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/01/17 11:30:58 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HIDSMSC.SYS -- (SMCB000)
DRV - [2006/01/12 11:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/12/29 17:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/30 13:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 05:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/11/08 18:12:00 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 18:11:00 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/08 18:11:00 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/06 00:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 00:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 00:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 00:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 00:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 00:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 00:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/14 21:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/09/11 22:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 09:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 07:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 07:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 00:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/11 00:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/05/05 09:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2005/01/26 03:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/07 12:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/14 23:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/04/29 12:19:18 | 000,019,328 | ---- | M] (AT&T) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
DRV - [2003/11/18 20:00:00 | 000,547,840 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase)
DRV - [2003/11/18 20:00:00 | 000,053,120 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2003/09/18 20:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/10 18:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/04/04 07:48:06 | 000,013,952 | ---- | M] (AT&T) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/07/23 17:53:44 | 000,019,872 | ---- | M] (Minolta Co., Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\MLPTDR_B.SYS -- (MLPTDR_B)
DRV - [2002/04/09 06:44:22 | 000,039,552 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/17 07:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2001/01/07 21:53:24 | 000,015,576 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\GerdG_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\GerdG_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010/04/04 06:55:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/04/04 06:55:03 | 000,000,000 | ---D | M]

[2009/08/25 03:48:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010/03/14 07:08:18 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/03/14 07:08:18 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/03/14 07:08:18 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/04/06 12:08:31 | 000,001,208 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\search.xml
[2010/03/14 07:08:18 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/03/14 07:08:18 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010/04/08 11:44:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\GerdG_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\GerdG_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Programme\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKU\Administrator_ON_C..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\GerdG_ON_C..\Run: [BrowserChoice] C:\WINDOWS\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKU\GerdG_ON_C..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\GerdG_ON_C..\Run: [NetSP - restore settings on power failure] C:\Programme\AT&T Global Network Client\NetSP.exe (AT&T)
O4 - HKU\GerdG_ON_C..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\GerdG_ON_C..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\GerdG\Startmenü\Programme\Autostart\Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\GerdG_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\GerdG_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://myoffice.eu.goodyear.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://vpn.uniorg.de/net6helper.cab (Net6Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\GerdG_ON_C Winlogon: Shell - ("C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ec69010\SGec69.exe") - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ec69010\SGec69.exe (Security Wall Inc.)
O20 - HKU\GerdG_ON_C Winlogon: Shell - (/s /d) - File not found
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/17 08:02:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 11:43:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/02 06:00:58 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/03/10 13:30:39 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2008/01/10 10:51:24 | 003,100,672 | ---- | C] (SAP Technology,Inc) -- C:\Programme\Gemeinsame Dateien\sapxlhelper.dll
[2008/01/10 10:51:24 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Programme\Gemeinsame Dateien\sapconsr3.dll
[2008/01/10 10:51:23 | 000,626,688 | ---- | C] (SAP AG) -- C:\Programme\Gemeinsame Dateien\sapconsaccess.dll
[2008/01/10 10:51:22 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Programme\Gemeinsame Dateien\DigitalSignature.ocx
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/08 12:24:41 | 003,670,016 | -H-- | M] () -- C:\Dokumente und Einstellungen\GerdG\NTUSER.DAT
[2010/04/08 12:24:41 | 001,048,576 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2010/04/08 11:44:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/04/08 07:15:06 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2010/04/08 07:15:06 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2010/04/08 07:15:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/08 07:15:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/08 06:33:11 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/08 06:30:20 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/07 13:45:40 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\GerdG\ntuser.ini
[2010/04/07 13:24:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/06 17:24:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/05 04:32:43 | 001,077,916 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/05 04:32:43 | 000,462,024 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010/04/05 04:32:43 | 000,444,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/05 04:32:43 | 000,085,886 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010/04/05 04:32:43 | 000,072,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/03 10:44:10 | 000,197,354 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/03 10:43:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/01 14:47:59 | 000,014,620 | ---- | M] () -- C:\Dokumente und Einstellungen\GerdG\Eigene Dateien\Bücher_220310.ods
[2010/03/31 07:29:39 | 000,000,432 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2010/03/10 18:27:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/10 00:56:42 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/03/10 00:56:33 | 001,024,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/22 10:16:57 | 000,014,620 | ---- | C] () -- C:\Dokumente und Einstellungen\GerdG\Eigene Dateien\Bücher_220310.ods
[2009/12/07 06:23:57 | 000,000,000 | ---- | C] () -- C:\Programme\error.dat
[2009/03/18 12:37:58 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/03/18 12:37:58 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/01/18 14:52:52 | 000,000,207 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/01/18 14:52:52 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/01/18 14:52:45 | 000,000,432 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/01/18 14:52:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/01/18 14:52:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/01/18 14:51:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/01/18 14:45:07 | 000,027,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/11/09 10:03:32 | 001,605,632 | ---- | C] () -- C:\WINDOWS\System32\MSTMON_B.DLL
[2008/11/09 10:03:32 | 000,026,457 | R--- | C] () -- C:\WINDOWS\MSTMON_B.INI
[2008/10/07 04:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 04:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/18 08:47:02 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008/01/16 06:39:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/01/13 05:39:07 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/01/10 10:57:52 | 000,003,231 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2008/01/10 10:51:23 | 001,124,864 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL_nosig.xlt
[2008/01/10 10:51:22 | 001,129,984 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL.xlt
[2008/01/10 10:46:52 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2008/01/10 10:46:52 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2008/01/10 10:46:51 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2008/01/10 10:46:51 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2008/01/10 10:46:51 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2008/01/10 10:46:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2007/11/24 15:21:06 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/11/24 15:21:06 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/08/01 06:35:38 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2007/08/01 06:35:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI
[2007/08/01 06:30:21 | 000,003,953 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2007/08/01 06:30:20 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2007/06/27 12:51:41 | 000,000,342 | ---- | C] () -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\wklnhst.dat
[2007/04/17 15:12:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/04/03 11:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 11:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/05 04:56:48 | 000,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2006/11/23 13:30:53 | 000,174,592 | ---- | C] () -- C:\Dokumente und Einstellungen\GerdG\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/18 07:12:21 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\GerdG\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/03/22 05:12:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/22 04:56:06 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006/03/22 04:25:13 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/22 03:05:11 | 000,012,402 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/03/22 03:05:11 | 000,002,182 | R--- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/03/22 02:55:00 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/22 02:49:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/22 02:49:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/22 02:49:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/22 02:49:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/22 02:49:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/22 02:49:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/22 02:18:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/21 17:06:56 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/21 17:06:55 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/21 17:06:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/21 17:06:53 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/21 17:06:53 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/21 11:04:04 | 000,009,362 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/21 11:04:04 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/21 11:04:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/21 11:04:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/17 08:09:59 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/03/17 07:46:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/03/17 07:46:26 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/26 13:03:32 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 14:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/11/28 23:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 09:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 09:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 16:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 12:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 09:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002/07/23 17:52:22 | 000,019,124 | ---- | C] () -- C:\WINDOWS\MSUMLT_B.INI
[2002/03/04 05:16:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2006/09/06 13:00:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2006/09/06 12:55:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\toshiba
[2009/03/06 13:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\Cisco
[2009/03/20 04:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\FRITZ!
[2010/01/14 04:42:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\ICAClient
[2006/11/23 13:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\InterVideo
[2008/01/13 05:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\MAGIX
[2009/01/03 12:52:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\OpenOffice.org
[2009/05/01 18:25:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\Orbit
[2009/07/21 02:48:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\TeamViewer
[2008/11/09 10:06:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\Template
[2008/11/06 13:37:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GerdG\Anwendungsdaten\toshiba

========== Purity Check ==========


< End of report >

Hallo,

lass mal bitte die c:\windows\system32\svchost.exe auswerten:

• Doppelklicke in der PE-Umgebung auf "My Computer", oben links.
• Navigiere nach Local Disk (C) -> WINDOWS -> system32
• Kopiere dann die svchost.exe auf den USB-Stick.
• Lade sie dann von Deinem anderen PC auf www.virustotal.com hoch und lasse sie auf Viren prüfen.
• Poste bitte den Ergebnislink.
• Achte darauf, dass Du nicht auf die svchost.exe doppelklickst. Dies könnte eine Infizierung Deines sauberen PCs herbeiführen.

Hier ist der Ergebnislink:

Virustotal. MD5: 65a819b121eb6fdab4400ea42bdffe64

Die 'svchost.exe' scheint ok zu sein.

Das ist kein Ergebnislink, nur die Prüfsumme

Stand oben drüber: "Die Datei wurde bereits analysiert:" ?

Dann bitte noch mal analysieren lassen, und auf "Analysiere die Datei" gehen.

Ja, oben drüber stand: 'Die Datei wurde bereits analysiert'

Wenn ich jetzt auf den Button 'Datei analysieren ' drücke, gibt es eine Fehlermeldung, dass die Datei nicht mehr vorhanden ist.

Du musst die Datei nochmal hochladen und dann auf Datei nochmal analysieren klicken.

Ok, hier ist der neue Link, nachdem ich svchost.exe nochmal hochgeladen habe:

hxxp://www.virustotal.com/de/analisis/1569ba783cec423f6d01f8aded247d60e17b14f7ade34f58c18b882ab7068bf5-1270740466

Sieht für mich (als Laie) immer noch ok aus.

Sry, hab eben Deine PN übersehen. Klappt das mit nem normalen Start jetzt?

Hallo Arne,
leider haben die ganzen Versuche bisher nicht genutzt, bei normalem Start hab ich wieder genau das gleiche Verhalten wie zu Beginn des Threads beschrieben.

Gerd

Probier das mal, Login als Administrator. Mehr kaputtmachen kann man nicht.
Ich hatte einen ähnlichen Fall behandelt > http://www.trojaner-board.de/84575-s...-moeglich.html

Ich hab juwe77 Dateien und Ordner verschieben lassen, aber nicht per Script über OTL. Evtl. findest Du auch noch Dateien die bei Dir drauf sind, sowas wie c:\windows\system32\lowsec bzw. c:\windows\lowsec oder die anderen Dateien, die juwe77 verschieben sollte (betrachte dazu mal den strang von ihm, oben verlinkt)

Durch das Verschieben konnte er den PC wieder normal hochfahren.

Hallo Arne,
ich habe mal nach den folgenden Files gesucht:
C:\WINDOWS\SYSTEM\LOWSEC bzw. C:\WINDOWS\SYSTEM32\LOWSEC ----> nicht vorhanden

Aus dem anderen Thread habe ich mal nach diesen Files gesucht:
C:\WINDOWS\servicelayer.exe ----> nicht gefunden
C:\WINDOWS\System32\y1zufuyfj.dll ----> nicht gefunden
C:\WINDOWS\System32\rqrqom.dll ----> nicht gefunden
C:\WINDOWS\odbnsy.exe ----> nicht gefunden

Ich habe nicht nur in den Windows-Verzeichnissen, sondern auf dem gesamten laufwerk gesucht und habe auch hidden files in die Suche einbezogen.

Das mit der Anmeldung als User 'Administrator' klappt nicht, da er mir den User nicht zum Login anbietet und ich keine Möglichkeit finde, aus dem Windows-Login den vorgegebenen Benutzer abzumelden, um einen anderen Benutzer anzumelden.