Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Weißer Bildschirm -Warte Sie Verbindung wird hergestellt (https://www.trojaner-board.de/113496-weisser-bildschirm-warte-verbindung-hergestellt.html)

Needshelp110 11.04.2012 22:30
Weißer Bildschirm -Warte Sie Verbindung wird hergestellt
 
Hallo zusammen!

Habe seit kurzem das Problem wenn ich meinen Rechner hochfahren will, erscheint ein weißer Bildschirm "Warten Sie während die Verbindung hergestellt wird". Das ganze steht auch noch einmal in Englisch da.
Wollte den Rechner auch über den Abgesicherten Modus starten, hatte aber den selben Effekt. --> weißer Bildschirm

Habe mich dann hier eingelesen und über die CD(REATOGO-X-PE) gebootet.
Danach habe ich mit OTLPE das LOG file erstellt.
Ich hoffe das war bis jetzt der richtige Weg!


Code:
OTL logfile created on: 4/12/2012 1:46:22 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 273.39 Gb Total Space | 248.17 Gb Free Space | 90.77% Space Free | Partition Type: NTFS
Drive I: | 6.06 Gb Total Space | 0.59 Gb Free Space | 9.81% Space Free | Partition Type: FAT32
Drive J: | 1.86 Gb Total Space | 1.79 Gb Free Space | 95.95% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2007/11/26 08:50:04 | 000,294,912 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand] -- C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2007/01/19 06:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/03/23 20:48:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/02/24 21:47:02 | 000,114,784 | ---- | M] () [Auto] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/24 21:47:00 | 000,266,338 | ---- | M] () [Auto] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/02/24 21:46:20 | 001,073,152 | ---- | M] (Cyberlink) [Auto] -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/03/14 14:05:02 | 000,069,632 | ---- | M] (HP) [Boot] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2010/08/27 08:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/09/12 11:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007/06/26 07:53:54 | 000,013,824 | ---- | M] (T-Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tsmpkt.sys -- (TSMPacket)
DRV - [2007/03/13 07:35:56 | 000,476,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/10/09 10:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006/03/08 16:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/11 06:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/10/05 13:44:06 | 000,468,768 | ---- | M] (Liteon Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wn5301.sys -- (WN5301)
DRV - [2005/06/28 14:12:32 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2005/03/09 17:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\HP_Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\HP_Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\HP_Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\HP_Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\HP_Besitzer_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\HP_Besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/02/19 06:33:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/02/09 13:24:28 | 000,000,000 | ---D | M]
 
[2012/02/09 13:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\mozilla\Extensions
[2012/02/09 13:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\ml0ubmqr.default\extensions
[2012/02/09 13:24:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/03/29 14:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\staged
[2012/03/25 05:29:51 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-1.xml
[2012/02/12 07:20:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-2.xml
[2012/02/17 10:44:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-3.xml
[2012/03/04 09:27:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-4.xml
[2007/12/16 08:10:53 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin.xml
[2012/02/09 13:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
[2012/02/19 06:33:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/01/29 10:02:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 09:50:55 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/01/29 10:02:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 10:02:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/29 10:02:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 10:02:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\HP_Besitzer_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\HP_Besitzer_ON_C\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\HP_Besitzer_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [BX6kRBeYBXtpN21] C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programme\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [HPBootOp] C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\HP_Besitzer_ON_C..\Run: [BX6kRBeYBXtpN21] C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O4 - HKU\HP_Besitzer_ON_C..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\LocalService_ON_C..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\NetworkService_ON_C..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\HP_Besitzer_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\HP_Besitzer_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - I:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - I:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61r1K7Zg-HMWm-14l4-knLL-DFbthPjzcAFc} -
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^HP_Besitzer^Startmenü^Programme^Autostart^DSL-Manager.lnk - C:\Programme\T-Online\DSL-Manager\DslMgr.exe - (T-Systems Enterprise Services GmbH)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: HPHUPD08 - hkey= - key= - C:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
MsConfig - StartUpReg: InfoCockpit - hkey= - key= - C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
MsConfig - StartUpReg: NAV CfgWiz - hkey= - key= -  File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Programme\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: T-Online DSL-Manager - hkey= - key= -  File not found
MsConfig - StartUpReg: ToADiMon.exe - hkey= - key= - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/29 14:50:11 | 000,233,472 | ---- | C] (vGHFK) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe
[2006/02/19 05:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/06 08:47:16 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/06 08:02:40 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/06 08:02:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/06 08:02:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/06 08:02:34 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/29 14:50:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/29 14:50:09 | 000,233,472 | ---- | M] (vGHFK) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe
[2012/03/27 12:09:19 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/03/27 12:08:32 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Microsoft Office Outlook 2003.lnk
[2012/03/27 12:08:15 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/03/27 12:08:15 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2012/03/25 05:19:59 | 000,464,600 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/03/25 05:19:59 | 000,445,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/25 05:19:59 | 000,086,850 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/03/25 05:19:59 | 000,073,148 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/15 04:18:44 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 03:59:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/02/16 13:34:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/04/03 12:06:58 | 000,000,264 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\wklnhst.dat
[2008/12/05 07:39:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/12/05 06:27:06 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/12/05 06:27:06 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/12/05 06:27:06 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/12/05 06:27:06 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/12/05 06:27:06 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/12/05 06:27:06 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/12/05 06:27:06 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/12/05 06:27:06 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/12/05 06:27:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/12/05 06:27:06 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2008/12/05 06:27:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/12/05 06:27:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/12/05 06:27:06 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/12/05 06:27:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/12/05 06:27:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/12/05 06:27:06 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2008/12/05 06:27:06 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2008/12/05 06:27:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/12/05 06:27:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/12/05 06:24:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX400DEFGIPS.ini
[2008/12/03 10:15:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2007/12/28 12:41:29 | 000,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini
[2007/12/28 12:41:21 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2007/12/28 12:41:21 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2007/12/28 12:41:21 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2006/10/30 05:11:00 | 000,001,152 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/19 12:45:50 | 000,029,696 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/19 12:45:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/15 04:50:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Classic.INI
[2006/09/24 06:22:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/09/21 11:07:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\spacklsp.dll
[2006/09/18 14:36:48 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/18 13:07:52 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/09/18 13:07:05 | 000,000,141 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/03/17 20:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/02 13:57:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/02 13:36:30 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/01/02 13:32:45 | 000,013,625 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/01/02 13:32:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/01/02 13:27:49 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/01/02 13:25:18 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/01/02 13:20:42 | 000,081,173 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/01/02 13:20:42 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/01/02 13:19:39 | 000,091,456 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/01/02 13:19:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/01/02 13:16:03 | 000,109,921 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2006/01/02 13:16:03 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2006/01/02 13:13:28 | 000,113,626 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/01/02 13:13:28 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/01/02 13:11:22 | 000,105,702 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/01/02 13:10:25 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/01/02 13:07:42 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/01/02 13:07:42 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/01/02 13:07:42 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/01/02 13:07:42 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/01/02 13:07:42 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/01/02 13:07:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/01/02 13:07:42 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/01/02 13:07:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/01/02 12:54:17 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/02 12:51:07 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/01/02 12:51:07 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/01/02 12:50:50 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/11/02 14:13:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/02 14:10:36 | 000,464,600 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/11/02 14:10:36 | 000,445,942 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/11/02 14:10:36 | 000,086,850 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/11/02 14:10:36 | 000,073,148 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/02 14:08:40 | 000,204,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/11/02 14:05:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/02 14:03:38 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 00:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 00:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/20 12:19:34 | 000,001,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 11:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 11:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 17:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
 
========== LOP Check ==========
 
[2008/12/05 06:26:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2006/10/24 11:03:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2006/10/13 13:35:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007/11/02 05:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online DSL-Manager
[2008/04/20 18:20:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Test Drive Unlimited
[2008/12/05 06:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2006/11/19 08:27:19 | 000,000,000 | ---D | M] -- C:\641dbc88cc1ea253373b678c09
[2006/09/24 06:43:39 | 000,000,000 | ---D | M] -- C:\Banking
[2006/01/02 13:19:06 | 000,000,000 | ---D | M] -- C:\bin
[2006/09/19 07:02:24 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2006/09/18 13:07:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2006/09/19 11:00:27 | 000,000,000 | -H-D | M] -- C:\hp
[2006/09/18 14:33:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2007/01/19 10:27:55 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/03/29 14:42:37 | 000,000,000 | R--D | M] -- C:\Programme
[2006/01/02 12:51:09 | 000,000,000 | -H-D | M] -- C:\Python22
[2006/09/19 11:20:59 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2006/09/18 13:05:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2006/01/02 12:50:50 | 000,000,000 | -H-D | M] -- C:\system.sav
[2006/12/16 08:06:34 | 000,000,000 | ---D | M] -- C:\temp
[2012/03/15 04:18:52 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/04 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/12/17 16:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/03 17:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/12/17 16:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/04 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/12/17 16:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/03 17:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/12/17 16:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/08/04 00:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 00:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/04 00:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 00:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 00:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/08/04 00:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/08/04 00:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004/11/02 14:55:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/11/02 14:55:34 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/11/02 14:55:34 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2011/12/18 09:43:24 | 011,082,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2011/12/17 15:43:23 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
Kann sich das Virus/Trojaner über den USB Stick den ich benutzt habe auf meinen Laptop ausbreiten?

Bitte verzeiht mir Fehler die ich evtl. gemacht habe, habe von Computern leider nur sehr wenig Ahnung.

Ich hoffe Ihr könnt mir auch helfen!
Vielen Dank...

cosinus 12.04.2012 20:26
Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKLM..\Run: [BX6kRBeYBXtpN21] C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O4 - HKU\HP_Besitzer_ON_C..\Run: [BX6kRBeYBXtpN21] C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\HP_Besitzer_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\HP_Besitzer_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - I:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - I:\Autorun.inf -- [ FAT32 ]
[2012/03/29 14:50:11 | 000,233,472 | ---- | C] (vGHFK) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe
[2012/03/29 14:50:09 | 000,233,472 | ---- | M] (vGHFK) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Needshelp110 12.04.2012 22:27
Hallo,
erstmal ein riesen Dankeschön für die schnelle Antwort!
Der Rechner lässt sich wieder starten.
Einziges Problem was ich noch habe ist das auf dem Desktop keine Icons angezeigt werden.

Hier wäre das fix.log
Die OTL Datei habe ich Upload Channel hochgeladen!

PHP-Code:
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BX6kRBeYBXtpN21 deleted successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Registry value HKEY_USERS\HP_Besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\BX6kRBeYBXtpN21 deleted successfully.
File C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe not found.
Registry value HKEY_USERS\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe deleted successfully.
File C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe deleted successfully.
File C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe not found.
Registry value HKEY_USERS\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe deleted successfully.
File C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe not found.
Registry value HKEY_USERS\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe deleted successfully.
File C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:/value set successfully!
I:\AUTOEXEC.BAT moved successfully.
I:\Autorun.inf moved successfully.
File C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe not found.
File C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer Version 3.1.48.0 log created on 04132012_024750 
Vielen Dank!

cosinus 13.04.2012 08:50
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Needshelp110 16.04.2012 20:36
Hallo,
habe beide Programme wie beschrieben ausgeführt!

Zuerst das logfile vom Malewarebytes Vollscan:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.12.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Besitzer :: KLAUS01 [Administrator]

Schutz: Aktiviert

12.04.2012 23:56:28
mbam-log-2012-04-12 (23-56-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 302408
Laufzeit: 1 Stunde(n), 42 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{61r1K7Zg-HMWm-14l4-knLL-DFbthPjzcAFc} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Trojan.Agent) -> Daten: c:\dokumente und einstellungen\hp_besitzer\anwendungsdaten\y6drxuj c7ti.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CXMVSTIB\about[1].exe (Worm.KoobFace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\04132012_024750\C_Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (Worm.KoobFace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Und hier noch das Logfile von Eset:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0bd5a9e4274a6e49bbf6ada72aa1cb0a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-16 06:46:46
# local_time=2012-04-16 08:46:46 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 87 192228 31471857 0 0
# compatibility_mode=8192 67108863 100 0 381 381 0 0
# scanned=115303
# found=1
# cleaned=0
# scan_time=4624
C:\_OTL\MovedFiles.zip        Win32/Spy.Zbot.YW trojan (unable to clean)        00000000000000000000000000000000        I
Die Icons auf meinem Desktop sind immer noch nicht da, leider!

Vielen Dank Nochmal!

Grüße
Stephan

cosinus 16.04.2012 20:41
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Needshelp110 16.04.2012 21:19
Hallo,

hat funktioniert habe den Rechner nocheinmal neu gestartet und jetzt sind wieder alle Icons da!

Hier noch das logfile dazu:

Code:
Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  hxxp://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 04/16/2012 10:10:39 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 109900 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 14276 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 0 files processed.

Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.

Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.

Processing the I:\ drive
Finished processing the I:\ drive. 0 files processed.

Processing the K:\ drive
Finished processing the K:\ drive. 0 files processed.

The C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: hxxp://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 04/16/2012 10:11:25 PM
Execution time: 0 hours(s), 0 minute(s), and 45 seconds(s)
Sonst ist mir nichts weiteres aufgefallen.
Ich hoffe das somit wieder alles in Ordnung ist!?

Ich kann mich an dieser Stelle nur noch einmal Bedanken!
Vielen, vielen Dank für eure Hilfe!

cosinus 17.04.2012 11:32
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Needshelp110 18.04.2012 18:46
Hallo,

habe heute den Scan mit OTL durchgeführt.

Hier die OTL.txt

Code:
OTL logfile created on: 18.04.2012 19:34:56 - Run 1
OTL by OldTimer - Version 3.2.40.0    Folder = C:\Dokumente und Einstellungen\HP_Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 78,18% Memory free
3,85 Gb Paging File | 3,55 Gb Available in Paging File | 92,18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 273,39 Gb Total Space | 247,38 Gb Free Space | 90,49% Space Free | Partition Type: NTFS
Drive D: | 6,06 Gb Total Space | 0,59 Gb Free Space | 9,79% Space Free | Partition Type: FAT32
 
Computer Name: KLAUS01 | User Name: HP_Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.18 19:27:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe
PRC - [2011.11.08 21:51:22 | 000,796,080 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe
PRC - [2011.11.08 21:51:22 | 000,111,960 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
PRC - [2011.11.08 21:51:20 | 001,226,152 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.04.08 16:59:26 | 000,286,720 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.17 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEGE.EXE
PRC - [2007.10.22 13:34:20 | 000,421,888 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MInfraIS.exe
PRC - [2007.01.19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2006.03.24 02:48:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.02.25 03:47:02 | 000,114,784 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006.02.25 03:47:00 | 000,266,338 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2006.02.25 03:46:20 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005.08.27 02:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.02.25 03:47:12 | 000,225,384 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll
MOD - [2006.02.25 03:47:12 | 000,065,634 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll
MOD - [2006.02.25 03:47:12 | 000,032,768 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll
MOD - [2006.02.25 03:47:02 | 000,114,784 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
MOD - [2006.02.25 03:47:00 | 000,266,338 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
MOD - [2006.02.14 06:05:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006.02.14 06:05:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2007.01.19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006.03.24 02:48:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.02.25 03:47:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.02.25 03:47:00 | 000,266,338 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.02.25 03:46:20 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.03.14 20:05:02 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004.10.22 11:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tsmpkt.sys -- (TSMPacket)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\dsltestSp5.sys -- (dsltestSp5)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.04.18 19:24:34 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{E914526D-40F2-4FE9-BB85-DC293C277ABD}\MpKsl98c8eff4.sys -- (MpKsl98c8eff4)
DRV - [2010.08.27 14:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.03.13 13:35:56 | 000,476,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006.10.09 16:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.03.08 22:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.03.03 23:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.03 23:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.12.13 02:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005.12.11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005.10.05 19:44:06 | 000,468,768 | ---- | M] (Liteon Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wn5301.sys -- (WN5301)
DRV - [2005.06.28 20:12:32 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2005.03.09 23:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {3AA14DC7-363D-485D-AF49-341F900196B7}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{3AA14DC7-363D-485D-AF49-341F900196B7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\SearchScopes,DefaultScope = {3AA14DC7-363D-485D-AF49-341F900196B7}
IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\SearchScopes\{3AA14DC7-363D-485D-AF49-341F900196B7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE466
IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.19 12:33:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.15 21:53:23 | 000,000,000 | ---D | M]
 
[2012.02.09 19:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Extensions
[2012.04.12 23:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions
[2012.04.12 23:28:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.04.14 13:00:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-1.xml
[2012.02.12 13:20:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-2.xml
[2012.02.17 16:44:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-3.xml
[2012.03.04 15:27:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-4.xml
[2012.04.15 12:04:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-5.xml
[2007.12.16 14:10:53 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin.xml
[2012.02.09 19:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.19 12:33:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.13 08:47:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [HPBootOp] C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74037B92-63E7-40CD-96A6-F0EF1D14DABA}: DhcpNameServer = 15.243.128.51 15.243.160.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF20080A-42C9-4596-9255-ADD7BE9B7338}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^HP_Besitzer^Startmenü^Programme^Autostart^DSL-Manager.lnk -  - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: HPHUPD08 - hkey= - key= - c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
MsConfig - StartUpReg: InfoCockpit - hkey= - key= - C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
MsConfig - StartUpReg: NAV CfgWiz - hkey= - key= -  File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Programme\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: T-Online DSL-Manager - hkey= - key= -  File not found
MsConfig - StartUpReg: ToADiMon.exe - hkey= - key= - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.18 19:27:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe
[2012.04.18 18:48:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in
[2012.04.18 18:48:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2012.04.16 22:40:45 | 000,048,128 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO64.sys
[2012.04.16 22:40:45 | 000,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIOApi.dll
[2012.04.16 22:40:45 | 000,028,195 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO.sys
[2012.04.16 22:40:45 | 000,011,904 | ---- | C] (ANI                                          ) -- C:\WINDOWS\System32\anio4.sys
[2012.04.16 22:40:14 | 000,249,856 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\wnicapi.dll
[2012.04.16 22:40:14 | 000,225,280 | ---- | C] (ANI                                                                      ) -- C:\WINDOWS\System32\WlanApp.dll
[2012.04.16 22:40:14 | 000,204,800 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\aIPH.dll
[2012.04.16 22:40:13 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\WINDOWS\System32\odSupp_M.dll
[2012.04.16 22:40:12 | 000,667,648 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\ANIWZCS2.dll
[2012.04.16 22:40:12 | 000,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\AQCKGen.dll
[2012.04.16 22:40:12 | 000,045,115 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANICtl.dll
[2012.04.16 22:40:11 | 000,000,000 | ---D | C] -- C:\Programme\ANI
[2012.04.16 22:22:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Eigene Dateien\Meine empfangenen Dateien
[2012.04.14 19:56:34 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft CAPICOM 2.1.0.2
[2012.04.13 08:47:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.12 23:54:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Malwarebytes
[2012.04.12 23:53:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.04.12 23:33:01 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.18 19:31:29 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Microsoft Office Outlook 2003.lnk
[2012.04.18 19:27:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe
[2012.04.18 19:23:57 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012.04.18 19:19:27 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012.04.18 19:18:52 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.04.18 19:18:52 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2012.04.18 19:18:51 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.18 19:18:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.18 19:18:46 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.18 19:14:02 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.04.18 18:47:01 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.17 22:24:29 | 000,445,980 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.17 22:24:28 | 000,464,638 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.17 22:24:28 | 000,086,888 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.17 22:24:28 | 000,073,186 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.16 22:39:32 | 000,002,459 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\T-Online DataSync Outlook.lnk
[2012.04.16 17:12:24 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.04.15 12:04:23 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Internet.lnk
[2012.04.15 12:03:34 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Microsoft Office Excel 2003.lnk
[2012.04.14 12:44:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.12 23:34:48 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.04.12 23:03:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.03.29 20:50:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.16 22:40:45 | 000,016,997 | ---- | C] () -- C:\WINDOWS\System32\ANIO.VXD
[2012.04.16 22:40:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2012.04.15 12:04:23 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Internet.lnk
[2012.04.12 23:38:47 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012.04.12 23:34:48 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012.04.12 23:33:21 | 000,001,663 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk
[2012.02.16 19:34:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
 
========== LOP Check ==========
 
[2008.12.05 12:26:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2006.10.24 17:03:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2012.04.16 22:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007.11.02 11:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online DSL-Manager
[2008.04.21 00:20:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Test Drive Unlimited
[2008.12.05 12:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2012.04.18 19:23:57 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.27 12:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Adobe
[2007.05.28 16:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\AdobeUM
[2007.10.07 18:42:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\CyberLink
[2008.12.05 13:44:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\EPSON
[2007.11.10 15:42:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Google
[2006.09.24 12:49:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Help
[2006.10.24 16:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\HP
[2006.11.02 17:10:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\HPQ
[2007.07.19 15:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\ICQ Toolbar
[2005.10.27 01:32:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Identities
[2007.01.28 15:15:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Leadertech
[2009.12.14 20:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Macromedia
[2012.04.12 23:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Malwarebytes
[2012.02.26 16:37:28 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Microsoft
[2012.02.09 19:13:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla
[2006.11.02 17:03:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Real
[2007.10.04 13:37:56 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\SecuROM
[2007.01.28 15:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Sonic
[2006.09.23 11:51:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Sun
[2006.09.24 10:08:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\T-DSL SpeedManager
[2008.02.01 19:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\T-Online
[2009.04.03 18:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Template
[2008.12.17 17:43:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\vlc
 
< %APPDATA%\*.exe /s >
[2011.10.23 16:54:38 | 008,188,064 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.12.17 22:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.03 23:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010.12.17 22:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.12.17 22:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.03 23:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010.12.17 22:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 06:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 06:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 06:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 06:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004.11.02 20:55:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.11.02 20:55:34 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.11.02 20:55:34 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >

< End of report >

Hier noch die Extras.txt


Code:
OTL Extras logfile created on: 18.04.2012 19:34:56 - Run 1
OTL by OldTimer - Version 3.2.40.0    Folder = C:\Dokumente und Einstellungen\HP_Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 78,18% Memory free
3,85 Gb Paging File | 3,55 Gb Available in Paging File | 92,18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 273,39 Gb Total Space | 247,38 Gb Free Space | 90,49% Space Free | Partition Type: NTFS
Drive D: | 6,06 Gb Total Space | 0,59 Gb Free Space | 9,79% Space Free | Partition Type: FAT32
 
Computer Name: KLAUS01 | User Name: HP_Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\CyberLink\PowerCinema\PowerCinema.exe" = C:\Programme\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Programme\CyberLink\PowerCinema\PCMService.exe" = C:\Programme\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL Germany
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C9171AC-5519-4DF4-B44D-B28F678DEB4C}" = DataSync Outlook
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe  1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Kameras 6.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A70500000002}" = Adobe Reader 7.0.5 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C9171AC-5519-4DF4-B44D-B28F678DEB4C}" = DataSync Outlook
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.01.2012 05:36:43 | Computer Name = KLAUS01 | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
Error - 09.02.2012 13:09:45 | Computer Name = KLAUS01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x02c9c114.
 
Error - 10.02.2012 11:01:37 | Computer Name = KLAUS01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ANIWZCSdS.exe, Version 1.0.3.7034, fehlgeschlagenes
 Modul user32.dll, Version 5.1.2600.5512, Fehleradresse 0x00014acd.
 
Error - 10.02.2012 13:09:16 | Computer Name = KLAUS01 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 22.02.2012 15:10:41 | Computer Name = KLAUS01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ANIWZCSdS.exe, Version 1.0.3.7034, fehlgeschlagenes
 Modul user32.dll, Version 5.1.2600.5512, Fehleradresse 0x00014acd.
 
Error - 15.03.2012 14:19:42 | Computer Name = KLAUS01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ANIWZCSdS.exe, Version 1.0.3.7034, fehlgeschlagenes
 Modul user32.dll, Version 5.1.2600.5512, Fehleradresse 0x00014acd.
 
Error - 12.04.2012 17:33:34 | Computer Name = KLAUS01 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
 P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 12.04.2012 17:52:29 | Computer Name = KLAUS01 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 16.04.2012 16:22:37 | Computer Name = KLAUS01 | Source = MsiInstaller | ID = 11500
Description = Produkt: Java(TM) 6 Update 30 -- Fehler 1500. Im Augenblick wird eine
 weitere Installation ausgeführt. Sie müssen erst die zweite Installation abschließen,
 bevor Sie mit dieser Installation fortfahren können.
 
Error - 18.04.2012 13:30:38 | Computer Name = KLAUS01 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.40.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 13.04.2012 00:23:01 | Computer Name = KLAUS01 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  IntelIde  ViaIde
 
Error - 14.04.2012 06:55:05 | Computer Name = KLAUS01 | Source = Print | ID = 19
Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker Microsoft Office
 Document Image Writer, Freigabename Drucker.
 
Error - 14.04.2012 06:55:15 | Computer Name = KLAUS01 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 15.04.2012 15:53:44 | Computer Name = KLAUS01 | Source = Print | ID = 22
Description = Die Aktualisierung der Einstellungen für den Drucker Microsoft Office
 Document Image Writer,0 Treiber Microsoft Office Document Image Writer Driver Fehler
 1801 ist fehlgeschlagen.
 
Error - 16.04.2012 13:19:06 | Computer Name = KLAUS01 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 16.04.2012 16:38:22 | Computer Name = KLAUS01 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 
< End of report >
Das war alles.

Vielen Dank!

cosinus 18.04.2012 21:17
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
FF - user.js - File not found
[2012.04.12 23:28:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.04.14 13:00:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-1.xml
[2012.02.12 13:20:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-2.xml
[2012.02.17 16:44:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-3.xml
[2012.03.04 15:27:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-4.xml
[2012.04.15 12:04:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-5.xml
[2007.12.16 14:10:53 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin.xml
O3 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
[2012.04.16 22:40:45 | 000,016,997 | ---- | C] () -- C:\WINDOWS\System32\ANIO.VXD
[2012.04.16 22:40:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2007.07.19 15:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\ICQ Toolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Needshelp110 21.04.2012 10:18
Hallo,

hier das OTL Logfile da sich nach dem Neustart geöffnet hat...

Code:
All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-2717608700-3096058131-2984273410-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-2717608700-3096058131-2984273410-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
C:\WINDOWS\system32\ANIO.VXD moved successfully.
C:\WINDOWS\system32\JJAKEn.dll moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\ICQ Toolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 30130 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: HP_Besitzer
->Temp folder emptied: 1093961431 bytes
->Temporary Internet Files folder emptied: 249712137 bytes
->Java cache emptied: 29141544 bytes
->FireFox cache emptied: 61523797 bytes
->Flash cache emptied: 8225696 bytes
 
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 42558 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42487000 bytes
RecycleBin emptied: 79798744 bytes
 
Total Files Cleaned = 1.493,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
 
User: HP_Besitzer
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.40.0 log created on 04212012_090046

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Viele Dank!

Gruß
Stephan

cosinus 21.04.2012 16:48
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Needshelp110 12.05.2012 09:29
Hallo,
sorry hat diesmal etwas länger gedauert.

Hier das Log file vom TDSS-Killer.

Code:
10:25:55.0859 3132        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
10:25:56.0062 3132        ============================================================
10:25:56.0062 3132        Current date / time: 2012/05/12 10:25:56.0062
10:25:56.0062 3132        SystemInfo:
10:25:56.0062 3132       
10:25:56.0062 3132        OS Version: 5.1.2600 ServicePack: 3.0
10:25:56.0062 3132        Product type: Workstation
10:25:56.0062 3132        ComputerName: KLAUS01
10:25:56.0062 3132        UserName: HP_Besitzer
10:25:56.0062 3132        Windows directory: C:\WINDOWS
10:25:56.0062 3132        System windows directory: C:\WINDOWS
10:25:56.0062 3132        Processor architecture: Intel x86
10:25:56.0062 3132        Number of processors: 2
10:25:56.0062 3132        Page size: 0x1000
10:25:56.0062 3132        Boot type: Normal boot
10:25:56.0062 3132        ============================================================
10:25:58.0359 3132        Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:25:58.0453 3132        ============================================================
10:25:58.0453 3132        \Device\Harddisk0\DR0:
10:25:58.0453 3132        MBR partitions:
10:25:58.0453 3132        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x222C87EA
10:25:58.0453 3132        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x222C8829, BlocksNum 0xC22518
10:25:58.0453 3132        ============================================================
10:25:58.0500 3132        C: <-> \Device\Harddisk0\DR0\Partition0
10:25:58.0515 3132        D: <-> \Device\Harddisk0\DR0\Partition1
10:25:58.0515 3132        ============================================================
10:25:58.0515 3132        Initialize success
10:25:58.0515 3132        ============================================================
10:26:34.0031 2604        ============================================================
10:26:34.0031 2604        Scan started
10:26:34.0031 2604        Mode: Manual; SigCheck; TDLFS;
10:26:34.0031 2604        ============================================================
10:26:34.0578 2604        Abiosdsk - ok
10:26:34.0593 2604        abp480n5 - ok
10:26:34.0640 2604        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:26:34.0921 2604        ACPI - ok
10:26:34.0937 2604        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:26:35.0078 2604        ACPIEC - ok
10:26:35.0078 2604        adpu160m - ok
10:26:35.0109 2604        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:26:35.0234 2604        aec - ok
10:26:35.0281 2604        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:26:35.0312 2604        AFD - ok
10:26:35.0312 2604        Aha154x - ok
10:26:35.0328 2604        aic78u2 - ok
10:26:35.0328 2604        aic78xx - ok
10:26:35.0375 2604        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
10:26:35.0500 2604        Alerter - ok
10:26:35.0515 2604        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
10:26:35.0656 2604        ALG - ok
10:26:35.0656 2604        AliIde - ok
10:26:35.0687 2604        AmdK8          (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:26:35.0687 2604        AmdK8 - ok
10:26:35.0703 2604        amsint - ok
10:26:35.0734 2604        ANIO            (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
10:26:35.0750 2604        ANIO ( UnsignedFile.Multi.Generic ) - warning
10:26:35.0750 2604        ANIO - detected UnsignedFile.Multi.Generic (1)
10:26:35.0812 2604        ANIWZCSdService (aa3d68f26b2a27f660afc46039b061a4) C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
10:26:35.0828 2604        ANIWZCSdService ( UnsignedFile.Multi.Generic ) - warning
10:26:35.0828 2604        ANIWZCSdService - detected UnsignedFile.Multi.Generic (1)
10:26:35.0843 2604        AppMgmt - ok
10:26:35.0875 2604        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:26:36.0015 2604        Arp1394 - ok
10:26:36.0015 2604        asc - ok
10:26:36.0015 2604        asc3350p - ok
10:26:36.0031 2604        asc3550 - ok
10:26:36.0125 2604        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:26:36.0187 2604        aspnet_state - ok
10:26:36.0203 2604        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:26:36.0328 2604        AsyncMac - ok
10:26:36.0343 2604        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:26:36.0468 2604        atapi - ok
10:26:36.0484 2604        Atdisk - ok
10:26:36.0500 2604        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:26:36.0640 2604        Atmarpc - ok
10:26:36.0687 2604        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
10:26:36.0796 2604        AudioSrv - ok
10:26:36.0843 2604        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:26:36.0968 2604        audstub - ok
10:26:37.0000 2604        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:26:37.0140 2604        Beep - ok
10:26:37.0187 2604        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
10:26:37.0312 2604        BITS - ok
10:26:37.0343 2604        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
10:26:37.0484 2604        Browser - ok
10:26:37.0515 2604        BVRPMPR5        (2120b6607cbbe426ce821643838ea1d3) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
10:26:37.0531 2604        BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
10:26:37.0531 2604        BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
10:26:37.0562 2604        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:26:37.0703 2604        cbidf2k - ok
10:26:37.0703 2604        cd20xrnt - ok
10:26:37.0718 2604        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:26:37.0859 2604        Cdaudio - ok
10:26:37.0875 2604        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:26:38.0000 2604        Cdfs - ok
10:26:38.0046 2604        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:26:38.0171 2604        Cdrom - ok
10:26:38.0171 2604        Changer - ok
10:26:38.0203 2604        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
10:26:38.0312 2604        CiSvc - ok
10:26:38.0406 2604        CLCapSvc        (15bbbedd7b17bf2b6b5ce84213992969) C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
10:26:38.0437 2604        CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
10:26:38.0437 2604        CLCapSvc - detected UnsignedFile.Multi.Generic (1)
10:26:38.0453 2604        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
10:26:38.0593 2604        ClipSrv - ok
10:26:38.0671 2604        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:26:38.0765 2604        clr_optimization_v2.0.50727_32 - ok
10:26:38.0796 2604        CLSched        (07a0617aecf017457d7358ef178fccbd) C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
10:26:38.0812 2604        CLSched ( UnsignedFile.Multi.Generic ) - warning
10:26:38.0812 2604        CLSched - detected UnsignedFile.Multi.Generic (1)
10:26:38.0812 2604        CmdIde - ok
10:26:38.0828 2604        COMSysApp - ok
10:26:38.0843 2604        Cpqarray - ok
10:26:38.0875 2604        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
10:26:39.0015 2604        CryptSvc - ok
10:26:39.0125 2604        CyberLink Media Library Service (1cfdcb99812c62e19c47896a5857d342) C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
10:26:39.0156 2604        CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
10:26:39.0156 2604        CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
10:26:39.0203 2604        dac2w2k - ok
10:26:39.0218 2604        dac960nt - ok
10:26:39.0265 2604        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
10:26:39.0343 2604        DcomLaunch - ok
10:26:39.0390 2604        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
10:26:39.0546 2604        Dhcp - ok
10:26:39.0562 2604        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:26:39.0703 2604        Disk - ok
10:26:39.0703 2604        dmadmin - ok
10:26:39.0765 2604        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
10:26:39.0921 2604        dmboot - ok
10:26:39.0953 2604        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
10:26:40.0093 2604        dmio - ok
10:26:40.0125 2604        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:26:40.0250 2604        dmload - ok
10:26:40.0281 2604        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
10:26:40.0406 2604        dmserver - ok
10:26:40.0453 2604        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:26:40.0562 2604        DMusic - ok
10:26:40.0609 2604        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
10:26:40.0640 2604        Dnscache - ok
10:26:40.0671 2604        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
10:26:40.0796 2604        Dot3svc - ok
10:26:40.0812 2604        dpti2o - ok
10:26:40.0828 2604        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:26:40.0937 2604        drmkaud - ok
10:26:40.0953 2604        dsltestSp5 - ok
10:26:40.0968 2604        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
10:26:41.0093 2604        EapHost - ok
10:26:41.0109 2604        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
10:26:41.0234 2604        ERSvc - ok
10:26:41.0265 2604        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
10:26:41.0328 2604        Eventlog - ok
10:26:41.0375 2604        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
10:26:41.0406 2604        EventSystem - ok
10:26:41.0421 2604        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:26:41.0531 2604        Fastfat - ok
10:26:41.0578 2604        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:26:41.0609 2604        FastUserSwitchingCompatibility - ok
10:26:41.0656 2604        Fax            (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
10:26:41.0781 2604        Fax - ok
10:26:41.0828 2604        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:26:41.0937 2604        Fdc - ok
10:26:41.0953 2604        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
10:26:42.0062 2604        Fips - ok
10:26:42.0093 2604        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:26:42.0203 2604        Flpydisk - ok
10:26:42.0234 2604        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:26:42.0343 2604        FltMgr - ok
10:26:42.0453 2604        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:26:42.0468 2604        FontCache3.0.0.0 - ok
10:26:42.0500 2604        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:26:42.0640 2604        Fs_Rec - ok
10:26:42.0640 2604        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:26:42.0781 2604        Ftdisk - ok
10:26:42.0828 2604        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:26:42.0953 2604        Gpc - ok
10:26:43.0046 2604        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
10:26:43.0062 2604        gupdate - ok
10:26:43.0078 2604        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
10:26:43.0078 2604        gupdatem - ok
10:26:43.0125 2604        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
10:26:43.0140 2604        gusvc - ok
10:26:43.0156 2604        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:26:43.0281 2604        HDAudBus - ok
10:26:43.0359 2604        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:26:43.0484 2604        helpsvc - ok
10:26:43.0515 2604        HidServ        (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
10:26:43.0640 2604        HidServ - ok
10:26:43.0671 2604        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:26:43.0796 2604        hidusb - ok
10:26:43.0859 2604        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
10:26:43.0968 2604        hkmsvc - ok
10:26:43.0968 2604        hpn - ok
10:26:44.0015 2604        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:26:44.0046 2604        HTTP - ok
10:26:44.0078 2604        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
10:26:44.0203 2604        HTTPFilter - ok
10:26:44.0203 2604        i2omgmt - ok
10:26:44.0218 2604        i2omp - ok
10:26:44.0234 2604        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:26:44.0359 2604        i8042prt - ok
10:26:44.0437 2604        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:26:44.0453 2604        IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:26:44.0453 2604        IDriverT - detected UnsignedFile.Multi.Generic (1)
10:26:44.0593 2604        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:26:44.0640 2604        idsvc - ok
10:26:44.0656 2604        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:26:44.0781 2604        Imapi - ok
10:26:44.0828 2604        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
10:26:44.0953 2604        ImapiService - ok
10:26:44.0968 2604        ini910u - ok
10:26:45.0218 2604        IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:26:45.0359 2604        IntcAzAudAddService - ok
10:26:45.0515 2604        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:26:45.0625 2604        IntelIde - ok
10:26:45.0640 2604        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:26:45.0765 2604        intelppm - ok
10:26:45.0796 2604        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:26:45.0921 2604        Ip6Fw - ok
10:26:45.0953 2604        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:26:46.0093 2604        IpFilterDriver - ok
10:26:46.0109 2604        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:26:46.0218 2604        IpInIp - ok
10:26:46.0250 2604        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:26:46.0359 2604        IpNat - ok
10:26:46.0375 2604        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:26:46.0500 2604        IPSec - ok
10:26:46.0515 2604        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:26:46.0640 2604        IRENUM - ok
10:26:46.0656 2604        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:26:46.0765 2604        isapnp - ok
10:26:46.0781 2604        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:26:46.0906 2604        Kbdclass - ok
10:26:46.0906 2604        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:26:47.0031 2604        kbdhid - ok
10:26:47.0062 2604        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:26:47.0171 2604        kmixer - ok
10:26:47.0203 2604        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:26:47.0203 2604        KSecDD - ok
10:26:47.0250 2604        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
10:26:47.0265 2604        lanmanserver - ok
10:26:47.0296 2604        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
10:26:47.0312 2604        lanmanworkstation - ok
10:26:47.0312 2604        lbrtfdc - ok
10:26:47.0390 2604        LightScribeService (e4973b3229e0015345afbe43a8a8eb3b) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
10:26:47.0421 2604        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:26:47.0421 2604        LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:26:47.0453 2604        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
10:26:47.0578 2604        LmHosts - ok
10:26:47.0609 2604        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
10:26:47.0734 2604        Messenger - ok
10:26:47.0812 2604        MIINPazX        (5e5024d9e2351db2563b30912b4c4146) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
10:26:47.0828 2604        MIINPazX ( UnsignedFile.Multi.Generic ) - warning
10:26:47.0828 2604        MIINPazX - detected UnsignedFile.Multi.Generic (1)
10:26:47.0859 2604        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:26:48.0015 2604        mnmdd - ok
10:26:48.0031 2604        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
10:26:48.0171 2604        mnmsrvc - ok
10:26:48.0203 2604        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
10:26:48.0328 2604        Modem - ok
10:26:48.0343 2604        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:26:48.0468 2604        Mouclass - ok
10:26:48.0484 2604        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:26:48.0656 2604        mouhid - ok
10:26:48.0671 2604        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:26:48.0796 2604        MountMgr - ok
10:26:48.0812 2604        MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:26:48.0843 2604        MpFilter - ok
10:26:48.0843 2604        mraid35x - ok
10:26:48.0859 2604        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:26:48.0984 2604        MRxDAV - ok
10:26:49.0046 2604        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:26:49.0078 2604        MRxSmb - ok
10:26:49.0093 2604        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:26:49.0390 2604        Msfs - ok
10:26:49.0390 2604        MSIServer - ok
10:26:49.0421 2604        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:26:49.0531 2604        MSKSSRV - ok
10:26:49.0593 2604        MsMpSvc        (24516bf4e12a46cb67302e2cdcb8cddf) c:\Programme\Microsoft Security Client\MsMpEng.exe
10:26:49.0609 2604        MsMpSvc - ok
10:26:49.0640 2604        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:26:49.0750 2604        MSPCLOCK - ok
10:26:49.0750 2604        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:26:49.0875 2604        MSPQM - ok
10:26:49.0906 2604        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:26:50.0015 2604        mssmbios - ok
10:26:50.0093 2604        MTOnlPktAlyX    (036300114255b3c78bfb616ce8bc7ad9) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
10:26:50.0093 2604        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
10:26:50.0093 2604        MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
10:26:50.0109 2604        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:26:50.0140 2604        Mup - ok
10:26:50.0218 2604        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
10:26:50.0343 2604        napagent - ok
10:26:50.0375 2604        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:26:50.0500 2604        NDIS - ok
10:26:50.0546 2604        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:26:50.0562 2604        NdisTapi - ok
10:26:50.0609 2604        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:26:50.0734 2604        Ndisuio - ok
10:26:50.0734 2604        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:26:50.0843 2604        NdisWan - ok
10:26:50.0890 2604        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:26:50.0906 2604        NDProxy - ok
10:26:50.0921 2604        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:26:51.0046 2604        NetBIOS - ok
10:26:51.0062 2604        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:26:51.0187 2604        NetBT - ok
10:26:51.0234 2604        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
10:26:51.0359 2604        NetDDE - ok
10:26:51.0359 2604        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
10:26:51.0484 2604        NetDDEdsdm - ok
10:26:51.0531 2604        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:26:51.0656 2604        Netlogon - ok
10:26:51.0687 2604        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
10:26:51.0828 2604        Netman - ok
10:26:51.0921 2604        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:26:51.0937 2604        NetTcpPortSharing - ok
10:26:51.0953 2604        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:26:52.0062 2604        NIC1394 - ok
10:26:52.0109 2604        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
10:26:52.0140 2604        Nla - ok
10:26:52.0156 2604        nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
10:26:52.0296 2604        nm - ok
10:26:52.0343 2604        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:26:52.0468 2604        Npfs - ok
10:26:52.0515 2604        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:26:52.0671 2604        Ntfs - ok
10:26:52.0703 2604        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:26:52.0812 2604        NtLmSsp - ok
10:26:52.0875 2604        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
10:26:53.0015 2604        NtmsSvc - ok
10:26:53.0046 2604        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:26:53.0187 2604        Null - ok
10:26:53.0375 2604        nv              (34da533ef41bafa187a38a78146fbe49) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:26:53.0515 2604        nv - ok
10:26:53.0671 2604        NVENETFD        (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
10:26:53.0703 2604        NVENETFD - ok
10:26:53.0718 2604        nvnetbus        (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
10:26:53.0734 2604        nvnetbus - ok
10:26:53.0796 2604        NVSvc          (cde37723e151f52f63a76e92bc19780b) C:\WINDOWS\system32\nvsvc32.exe
10:26:53.0812 2604        NVSvc - ok
10:26:53.0843 2604        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:26:54.0046 2604        NwlnkFlt - ok
10:26:54.0062 2604        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:26:54.0234 2604        NwlnkFwd - ok
10:26:54.0281 2604        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:26:54.0390 2604        ohci1394 - ok
10:26:54.0500 2604        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
10:26:54.0515 2604        ose - ok
10:26:54.0546 2604        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
10:26:54.0671 2604        Parport - ok
10:26:54.0671 2604        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:26:54.0781 2604        PartMgr - ok
10:26:54.0812 2604        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
10:26:54.0968 2604        ParVdm - ok
10:26:54.0984 2604        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
10:26:55.0109 2604        PCI - ok
10:26:55.0109 2604        PCIDump - ok
10:26:55.0109 2604        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:26:55.0250 2604        PCIIde - ok
10:26:55.0281 2604        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:26:55.0406 2604        Pcmcia - ok
10:26:55.0406 2604        PDCOMP - ok
10:26:55.0421 2604        PDFRAME - ok
10:26:55.0421 2604        PDRELI - ok
10:26:55.0437 2604        PDRFRAME - ok
10:26:55.0437 2604        perc2 - ok
10:26:55.0437 2604        perc2hib - ok
10:26:55.0500 2604        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
10:26:55.0531 2604        PlugPlay - ok
10:26:55.0578 2604        Pml Driver HPZ12 (a38b3ce68e7f126190cde4aa3fdf050f) C:\WINDOWS\system32\HPZipm12.exe
10:26:55.0640 2604        Pml Driver HPZ12 - ok
10:26:55.0656 2604        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:26:55.0765 2604        PolicyAgent - ok
10:26:55.0781 2604        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:26:55.0921 2604        PptpMiniport - ok
10:26:55.0937 2604        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
10:26:56.0062 2604        Processor - ok
10:26:56.0078 2604        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:26:56.0187 2604        ProtectedStorage - ok
10:26:56.0218 2604        Ps2            (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
10:26:56.0250 2604        Ps2 - ok
10:26:56.0250 2604        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:26:56.0359 2604        PSched - ok
10:26:56.0375 2604        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:26:56.0515 2604        Ptilink - ok
10:26:56.0531 2604        PxHelp20        (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:26:56.0562 2604        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
10:26:56.0562 2604        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
10:26:56.0562 2604        ql1080 - ok
10:26:56.0562 2604        Ql10wnt - ok
10:26:56.0578 2604        ql12160 - ok
10:26:56.0578 2604        ql1240 - ok
10:26:56.0578 2604        ql1280 - ok
10:26:56.0609 2604        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:26:56.0750 2604        RasAcd - ok
10:26:56.0765 2604        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
10:26:56.0906 2604        RasAuto - ok
10:26:56.0921 2604        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:26:57.0031 2604        Rasl2tp - ok
10:26:57.0078 2604        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
10:26:57.0203 2604        RasMan - ok
10:26:57.0203 2604        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:26:57.0328 2604        RasPppoe - ok
10:26:57.0328 2604        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:26:57.0484 2604        Raspti - ok
10:26:57.0562 2604        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:26:57.0687 2604        Rdbss - ok
10:26:57.0687 2604        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:26:57.0843 2604        RDPCDD - ok
10:26:57.0890 2604        RDPWD          (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:26:57.0906 2604        RDPWD - ok
10:26:57.0921 2604        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
10:26:58.0046 2604        RDSessMgr - ok
10:26:58.0062 2604        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:26:58.0187 2604        redbook - ok
10:26:58.0234 2604        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
10:26:58.0359 2604        RemoteAccess - ok
10:26:58.0390 2604        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
10:26:58.0500 2604        RpcLocator - ok
10:26:58.0562 2604        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
10:26:58.0609 2604        RpcSs - ok
10:26:58.0656 2604        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
10:26:58.0812 2604        RSVP - ok
10:26:58.0859 2604        rt2870          (2be6b34244e2a2aaaf1e93d765483512) C:\WINDOWS\system32\DRIVERS\rt2870.sys
10:26:58.0890 2604        rt2870 - ok
10:26:58.0937 2604        rtl8139        (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:26:59.0046 2604        rtl8139 - ok
10:26:59.0078 2604        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:26:59.0187 2604        SamSs - ok
10:26:59.0234 2604        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
10:26:59.0359 2604        SCardSvr - ok
10:26:59.0406 2604        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
10:26:59.0531 2604        Schedule - ok
10:26:59.0578 2604        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:26:59.0687 2604        Secdrv - ok
10:26:59.0703 2604        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
10:26:59.0828 2604        seclogon - ok
10:26:59.0828 2604        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
10:26:59.0937 2604        SENS - ok
10:26:59.0953 2604        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:27:00.0078 2604        serenum - ok
10:27:00.0109 2604        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
10:27:00.0234 2604        Serial - ok
10:27:00.0265 2604        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:27:00.0375 2604        Sfloppy - ok
10:27:00.0437 2604        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
10:27:00.0562 2604        SharedAccess - ok
10:27:00.0609 2604        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:27:00.0625 2604        ShellHWDetection - ok
10:27:00.0625 2604        Simbad - ok
10:27:00.0640 2604        Sparrow - ok
10:27:00.0656 2604        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:27:00.0765 2604        splitter - ok
10:27:00.0812 2604        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:27:00.0843 2604        Spooler - ok
10:27:00.0875 2604        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
10:27:01.0000 2604        sr - ok
10:27:01.0062 2604        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
10:27:01.0187 2604        srservice - ok
10:27:01.0234 2604        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:27:01.0281 2604        Srv - ok
10:27:01.0296 2604        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
10:27:01.0437 2604        SSDPSRV - ok
10:27:01.0468 2604        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
10:27:01.0593 2604        stisvc - ok
10:27:01.0609 2604        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:27:01.0734 2604        swenum - ok
10:27:01.0765 2604        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:27:01.0890 2604        swmidi - ok
10:27:01.0890 2604        SwPrv - ok
10:27:01.0906 2604        symc810 - ok
10:27:01.0906 2604        symc8xx - ok
10:27:01.0921 2604        sym_hi - ok
10:27:01.0921 2604        sym_u3 - ok
10:27:01.0937 2604        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:27:02.0046 2604        sysaudio - ok
10:27:02.0078 2604        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
10:27:02.0203 2604        SysmonLog - ok
10:27:02.0234 2604        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
10:27:02.0359 2604        TapiSrv - ok
10:27:02.0421 2604        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:27:02.0437 2604        Tcpip - ok
10:27:02.0468 2604        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:27:02.0593 2604        TDPIPE - ok
10:27:02.0609 2604        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:27:02.0734 2604        TDTCP - ok
10:27:02.0750 2604        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:27:02.0875 2604        TermDD - ok
10:27:02.0921 2604        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
10:27:03.0046 2604        TermService - ok
10:27:03.0093 2604        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:27:03.0109 2604        Themes - ok
10:27:03.0109 2604        TosIde - ok
10:27:03.0156 2604        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
10:27:03.0281 2604        TrkWks - ok
10:27:03.0281 2604        TSMPacket - ok
10:27:03.0328 2604        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:27:03.0453 2604        Udfs - ok
10:27:03.0453 2604        ultra - ok
10:27:03.0500 2604        UMWdf          (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
10:27:03.0515 2604        UMWdf - ok
10:27:03.0578 2604        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:27:03.0718 2604        Update - ok
10:27:03.0750 2604        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
10:27:03.0875 2604        upnphost - ok
10:27:03.0906 2604        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
10:27:04.0031 2604        UPS - ok
10:27:04.0062 2604        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:27:04.0187 2604        usbaudio - ok
10:27:04.0250 2604        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:27:04.0453 2604        usbccgp - ok
10:27:04.0453 2604        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:27:04.0578 2604        usbehci - ok
10:27:04.0578 2604        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:27:04.0687 2604        usbhub - ok
10:27:04.0703 2604        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:27:04.0828 2604        usbohci - ok
10:27:04.0843 2604        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:27:04.0953 2604        usbprint - ok
10:27:04.0968 2604        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:27:05.0078 2604        usbscan - ok
10:27:05.0078 2604        usbstor        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:27:05.0203 2604        usbstor - ok
10:27:05.0203 2604        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:27:05.0312 2604        usbuhci - ok
10:27:05.0312 2604        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:27:05.0421 2604        VgaSave - ok
10:27:05.0437 2604        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:27:05.0546 2604        ViaIde - ok
10:27:05.0562 2604        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
10:27:05.0687 2604        VolSnap - ok
10:27:05.0718 2604        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
10:27:05.0828 2604        VSS - ok
10:27:05.0859 2604        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
10:27:05.0968 2604        W32Time - ok
10:27:06.0000 2604        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:27:06.0109 2604        Wanarp - ok
10:27:06.0125 2604        WDICA - ok
10:27:06.0140 2604        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:27:06.0265 2604        wdmaud - ok
10:27:06.0281 2604        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
10:27:06.0406 2604        WebClient - ok
10:27:06.0484 2604        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:27:06.0609 2604        winmgmt - ok
10:27:06.0656 2604        WmdmPmSN        (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
10:27:06.0687 2604        WmdmPmSN - ok
10:27:06.0703 2604        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:27:06.0828 2604        WmiApSrv - ok
10:27:06.0890 2604        WN5301          (b72d232e46ff5ee2bd8f61498b748df7) C:\WINDOWS\system32\DRIVERS\wn5301.sys
10:27:06.0953 2604        WN5301 - ok
10:27:06.0968 2604        WpdUsb          (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
10:27:06.0984 2604        WpdUsb - ok
10:27:07.0000 2604        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:27:07.0171 2604        WS2IFSL - ok
10:27:07.0218 2604        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
10:27:07.0343 2604        wscsvc - ok
10:27:07.0359 2604        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
10:27:07.0468 2604        wuauserv - ok
10:27:07.0531 2604        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
10:27:07.0703 2604        WZCSVC - ok
10:27:07.0718 2604        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
10:27:07.0859 2604        xmlprov - ok
10:27:07.0906 2604        xnacc          (a668f64fe42b3b0d8d87ecad14963b00) C:\WINDOWS\system32\DRIVERS\xnacc.sys
10:27:07.0968 2604        xnacc - ok
10:27:07.0984 2604        MBR (0x1B8)    (958338c2d641d56774cebb0acd294050) \Device\Harddisk0\DR0
10:27:08.0109 2604        \Device\Harddisk0\DR0 - ok
10:27:08.0109 2604        Boot (0x1200)  (4bcf7b540463aa5bfee5727c53abcb34) \Device\Harddisk0\DR0\Partition0
10:27:08.0109 2604        \Device\Harddisk0\DR0\Partition0 - ok
10:27:08.0109 2604        Boot (0x1200)  (9ccb6a6a3122ba97db1073a6f2c04e63) \Device\Harddisk0\DR0\Partition1
10:27:08.0109 2604        \Device\Harddisk0\DR0\Partition1 - ok
10:27:08.0109 2604        ============================================================
10:27:08.0109 2604        Scan finished
10:27:08.0109 2604        ============================================================
10:27:08.0218 2600        Detected object count: 11
10:27:08.0218 2600        Actual detected object count: 11
10:27:37.0203 2600        ANIO ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0203 2600        ANIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0203 2600        ANIWZCSdService ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0203 2600        ANIWZCSdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0218 2600        BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0218 2600        BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0218 2600        CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0218 2600        CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0218 2600        CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0218 2600        CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0218 2600        CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0218 2600        CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0234 2600        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0234 2600        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0234 2600        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0234 2600        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0234 2600        MIINPazX ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0234 2600        MIINPazX ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0250 2600        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0250 2600        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0250 2600        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0250 2600        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Grüße
Stephan

cosinus 12.05.2012 20:23
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19