Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win xp startet mit fast leerem Desktop (https://www.trojaner-board.de/126496-win-xp-startet-fast-leerem-desktop.html)

Archivar 04.11.2012 12:52

Win xp startet mit fast leerem Desktop
 
Hallo,

seit gestern habe mehrere Probleme mit Win XP. Es waere super, wenn mir jemand helfen koennte!

1. gestern hat sich win xp automatisch auf das typische xp Design umgestellt, obwohl ich die klassische Ansicht verwende. Ausserdem waren alle Symbole vom Desktop verschwunden ausser der Internet Explorer und der Papierkorb. Heute sind einige andere Symbole wieder da, es fehlen aber noch einige. Auf der Festplatte vorhanden sind alle Dateien und Ordner aber noch.

2. Es haben sich automatisch alles Einstellungen vom Firefox und Thunderbird zurueckgestellt. Ausserdem ist die Tastaturbelegung nun amerikanisch und laesst sich nicht umstellen.

3. Vor jedem Windows Start dauert es mehrere Minuten nach Eingabe des Benutzerkennwortes bis sich der Desktop zeigt.


Ich habe eben folgende Schritte durchgefuehrt:

1. defogger gestartet, jedoch gab es eine Fehlermeldung.
2. OTL gestartet, jedoch hat es keine extra.txt datei hergestellt
3. gmer gestartet, leider konnte ich zuvor den f secure Virenscanner nicht deaktivieren, da das frueher immer vorhandene Desktopsymbol nicht mehr da ist und ich im Programm selber keine Moeglichkeit gefunden habe, den Virenscanner komplett abzuschalten. Ausserdem laesst sich kein Virenscan mit f secure durchfuehren, das Programm startet zwar, es passiert aber nichts wenn man auf den scan button klickt.


OTL Scan:OTL Logfile:
Code:

OTL logfile created on: 04.11.2012 10:14:37 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale:  | Country:  | Language:  | Date Format:
 
894,17 Mb Total Physical Memory | 442,17 Mb Available Physical Memory | 49,45% Memory free
2,12 Gb Paging File | 1,78 Gb Available in Paging File | 84,26% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 0,94 Gb Free Space | 1,01% Space Free | Partition Type: NTFS
 
Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\FSGK32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FNRB32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FIH32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Device Control\fsdevcon32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 
 
========== Modules (No Company Name) ==========
 
MOD - \\?\c:\programme\f-secure\hips\fsumi.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - C:\Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fm4av.dll ()
MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe File not found
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe File not found
SRV - (MSDTC) --  File not found
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (F-Secure Network Request Broker) -- C:\Programme\F-Secure\Common\FNRB32.EXE (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (fsdevcon) -- C:\Programme\F-Secure\Device Control\\fsdevcon32.exe ()
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (TuneUp.Defrag) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\cofi\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\System32\Drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys ()
DRV - (FANTOM) -- C:\WINDOWS\System32\DRIVERS\fantom.sys (National Instruments Corporation)
DRV - (tbhsd) -- C:\WINDOWS\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (ssmdrv) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (AVIRA GmbH)
DRV - (SSHDRV62) -- C:\WINDOWS\System32\drivers\SSHDRV62.sys ()
DRV - (FWLANUSB) -- C:\WINDOWS\System32\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CAMCHALA) -- C:\WINDOWS\System32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\System32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (tifm21) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (RTL8023xp) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (Elaborate Bytes AG)
DRV - (ElbyVCD) -- C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys (Elaborate Bytes AG)
DRV - (SMCIRDA) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2012.10.10 14:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.01 20:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.01 20:09:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.02.16 08:12:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.01 20:10:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.23 21:55:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 17:49:47 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.23 21:55:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 21:55:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 21:55:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 21:55:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.01 20:58:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214247387 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6D234B9-FF90-42BD-8013-B8F51BCDFA54}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O27 - HKLM IFEO\RapportMgmtService.exe: Debugger -  File not found
O27 - HKLM IFEO\RapportService.exe: Debugger -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: coniSP32 - (C:\WINDOWS\system32\ipxrexnt.dll) -  File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.04 10:08:29 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Eigene Dateien
[2012.11.04 09:56:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen\Anwendungsdaten\Thunderbird
[2012.11.04 09:46:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2012.11.04 09:28:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten
[2012.11.04 09:25:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Favoriten
[2012.11.04 09:25:52 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Recent
[2012.11.04 09:25:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Startmenü
[2012.11.04 09:25:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop
[2012.11.04 09:19:33 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Vorlagen
[2012.11.04 09:19:33 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Cookies
[2012.11.04 09:19:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen
[2012.11.04 09:19:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2012.11.03 13:20:25 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012.11.03 13:20:25 | 000,000,000 | ---D | C] -- \Mozilla
[2012.11.01 20:09:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.04 10:16:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.04 10:13:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.04 10:11:33 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427.002\defogger_reenable
[2012.11.04 10:00:01 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.11.04 09:19:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.04 09:19:15 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.31 20:22:54 | 000,029,513 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.10.31 15:10:29 | 004,081,428 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.31 15:10:29 | 002,982,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.31 15:10:29 | 001,904,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.31 15:10:28 | 002,171,622 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.15 06:23:39 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.10.12 14:34:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 
========== Files Created - No Company Name ==========
 
[2012.11.04 10:11:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427.002\defogger_reenable
[2012.07.05 00:10:31 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.09.01 15:39:06 | 937,676,800 | -HS- | C] () -- \hiberfil.sys
[2011.03.24 23:32:35 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.11.25 13:40:55 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010.06.01 21:13:48 | 000,004,304 | ---- | C] () -- \ComboFix.zip
[2010.06.01 20:40:07 | 000,000,211 | ---- | C] () -- \Boot.bak
[2010.06.01 20:40:01 | 000,262,448 | ---- | C] () -- \cmldr
[2010.06.01 18:56:03 | 000,012,171 | ---- | C] () -- \OTL Log.zip
[2008.11.17 10:47:49 | 000,251,184 | ---- | C] () -- \ntldr
[2006.04.20 15:56:58 | 000,000,080 | RH-- | C] () -- \volumeid.zbx
[2006.04.03 18:44:10 | 000,162,304 | ---- | C] () -- \UNWISE.EXE
[2006.02.18 12:16:23 | 000,356,352 | -H-- | C] () -- \ffastun.ffo
[2006.02.18 12:16:23 | 000,005,183 | -H-- | C] () -- \ffastun.ffa
[2006.02.18 12:16:22 | 003,321,856 | -H-- | C] () -- \ffastun0.ffx
[2006.02.18 12:14:51 | 002,768,896 | -H-- | C] () -- \ffastun.ffl
[2006.02.18 12:08:28 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2006.02.18 12:08:28 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2006.02.17 17:49:52 | 000,000,192 | ---- | C] () -- \setuplog
[2004.08.07 06:07:20 | 000,000,281 | RHS- | C] () -- \boot.ini
[2004.08.04 09:00:00 | 000,004,952 | RHS- | C] () -- \bootfont.bin
[2002.08.29 08:00:00 | 000,047,564 | RHS- | C] () -- \ntdetect.com
 
========== ZeroAccess Check ==========
 
[2004.08.07 06:21:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.21 08:01:11 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:00:58 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:364682BC

< End of report >

--- --- ---

cosinus 07.11.2012 13:54

Hallo und :hallo:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Zitat:

C:\Dokumente und Einstellungen\***.PC132431016427.002
Ich vermute, das dein bisheriges Profil defekt ist und Windows automatisch ein neues angelegt hat - ein Indiz dafür könnte das angehangene .002 sein


Mach bitte einen CustomScan mit OTL .

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Code:

msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
C:\Dokumente und Einstellungen
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Archivar 07.11.2012 14:50

Vielen Dank, dass du mir bei meinem Problem hilfst!

Ich habe gerade den scan durchgefuehrt:
OTL Logfile:
Code:

OTL logfile created on: 07.11.2012 14:33:49 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale:  | Country:  | Language:  | Date Format:
 
894,17 Mb Total Physical Memory | 472,39 Mb Available Physical Memory | 52,83% Memory free
2,12 Gb Paging File | 1,74 Gb Available in Paging File | 82,40% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 0,66 Gb Free Space | 0,71% Space Free | Partition Type: NTFS
 
Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\FSGK32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FNRB32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FIH32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Device Control\fsdevcon32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - \\?\c:\programme\f-secure\hips\fsumi.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - C:\Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fm4av.dll ()
MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe File not found
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe File not found
SRV - (MSDTC) --  File not found
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (F-Secure Network Request Broker) -- C:\Programme\F-Secure\Common\FNRB32.EXE (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (fsdevcon) -- C:\Programme\F-Secure\Device Control\\fsdevcon32.exe ()
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (TuneUp.Defrag) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\cofi\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\System32\Drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys ()
DRV - (FANTOM) -- C:\WINDOWS\System32\DRIVERS\fantom.sys (National Instruments Corporation)
DRV - (tbhsd) -- C:\WINDOWS\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (ssmdrv) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (AVIRA GmbH)
DRV - (SSHDRV62) -- C:\WINDOWS\System32\drivers\SSHDRV62.sys ()
DRV - (FWLANUSB) -- C:\WINDOWS\System32\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CAMCHALA) -- C:\WINDOWS\System32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\System32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (tifm21) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (RTL8023xp) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (Elaborate Bytes AG)
DRV - (ElbyVCD) -- C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys (Elaborate Bytes AG)
DRV - (SMCIRDA) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2012.10.10 14:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.01 20:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.01 20:09:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.02.16 08:12:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.01 20:10:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.23 21:55:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 17:49:47 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.23 21:55:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 21:55:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 21:55:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 21:55:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.01 20:58:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten [2012.06.23 21:56:32 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Application Data [2008.07.25 10:01:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Desktop [2012.11.04 09:34:28 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Dokumente [2012.04.03 10:13:19 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\DRM [2012.04.14 16:53:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Favoriten [2005.11.30 08:01:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\NTUSER.DAT ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\NTUSER.DAT ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü [2012.07.15 22:51:38 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Vorlagen [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Anwendungsdaten [2012.04.03 10:12:14 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Desktop [2005.11.30 08:01:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Druckumgebung [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Eigene Dateien [2005.11.29 23:08:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Favoriten [2005.11.29 23:08:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Netzwerkumgebung [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\NTUSER.DAT ()
O4 - Startup: C:\Dokumente und Einstellungen\Default User\ntuser.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\Default User\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Recent [2005.11.29 23:08:29 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\SendTo [2012.04.08 20:58:31 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü [2005.11.30 08:01:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Vorlagen [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten [2012.02.14 11:20:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\Cookies [2010.06.02 08:10:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\Desktop [2008.07.23 17:04:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen [2010.06.01 21:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT ()
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\ntuser.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT_BAK_53768 ()
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT_BAK_74117 ()
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT_TU_53768.LOG ()
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT_TU_74117.LOG ()
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\***\.java [2006.03.03 20:20:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\.jpi_cache [2006.03.03 20:20:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\.plugin141.trace ()
O4 - Startup: C:\Dokumente und Einstellungen\***\0.6607504357915424.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\***\Anwendungsdaten [2012.07.15 22:38:34 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\AVM_Driver [2009.11.18 12:11:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Contacts [2007.09.15 18:33:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Cookies [2012.10.31 21:22:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Desktop [2012.11.04 09:28:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Druckumgebung [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Eigene Dateien [2012.07.18 07:03:45 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Favoriten [2010.11.25 13:13:28 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\hs_err_pid2360.log ()
O4 - Startup: C:\Dokumente und Einstellungen\***\hs_err_pid3044.log ()
O4 - Startup: C:\Dokumente und Einstellungen\***\hs_err_pid3340.log ()
O4 - Startup: C:\Dokumente und Einstellungen\***\hs_err_pid3500.log ()
O4 - Startup: C:\Dokumente und Einstellungen\***\IECompatCache [2011.08.01 20:14:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\IETldCache [2010.11.25 13:13:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Lokale Einstellungen [2010.06.01 21:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\LuResult.txt ()
O4 - Startup: C:\Dokumente und Einstellungen\***\Netzwerkumgebung [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Neu Microsoft Word-Dokument.doc ()
O4 - Startup: C:\Dokumente und Einstellungen\***\NTUSER.DAT ()
O4 - Startup: C:\Dokumente und Einstellungen\***\ntuser.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\***\NTUSER.DAT_BAK_16828 ()
O4 - Startup: C:\Dokumente und Einstellungen\***\NTUSER.DAT_BAK_39228 ()
O4 - Startup: C:\Dokumente und Einstellungen\***\NTUSER.DAT_TU_16828.LOG ()
O4 - Startup: C:\Dokumente und Einstellungen\***\NTUSER.DAT_TU_39228.LOG ()
O4 - Startup: C:\Dokumente und Einstellungen\***\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\***\PrivacIE [2011.02.03 14:38:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Recent [2012.11.01 23:49:10 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\SendTo [2012.04.08 20:58:31 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü [2012.04.09 08:19:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\usb ()
O4 - Startup: C:\Dokumente und Einstellungen\***\UserData [2006.04.09 16:54:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Vorlagen [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\WINDOWS [2006.04.20 15:53:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.000\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.001\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten [2012.11.04 10:28:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Cookies [2012.11.04 09:19:33 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\defogger_reenable ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop [2012.11.07 14:31:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Eigene Dateien [2012.11.04 10:08:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Favoriten [2012.11.04 09:25:53 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen [2012.11.04 09:19:33 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\ntuser.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\ntuser.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Recent [2012.11.04 09:25:53 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Startmenü [2012.11.04 09:25:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Vorlagen [2012.11.04 09:19:33 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten [2010.06.01 12:52:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\Cookies [2010.06.02 08:59:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\IETldCache [2011.02.11 09:26:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen [2010.06.01 21:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT ()
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\ntuser.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT_BAK_57325 ()
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT_BAK_89302 ()
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT_TU_57325.LOG ()
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT_TU_89302.LOG ()
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\TEMP\Anwendungsdaten [2012.11.03 13:20:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\TEMP\Cookies [2012.11.03 13:17:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\TEMP\Eigene Dateien [2012.11.03 13:18:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\TEMP\Favoriten [2012.11.03 13:20:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\TEMP\Lokale Einstellungen [2012.11.03 13:17:24 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214247387 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6D234B9-FF90-42BD-8013-B8F51BCDFA54}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O27 - HKLM IFEO\RapportMgmtService.exe: Debugger -  File not found
O27 - HKLM IFEO\RapportService.exe: Debugger -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: coniSP32 - (C:\WINDOWS\system32\ipxrexnt.dll) -  File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp -  File not found
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{D8DC91C3-CBA9-4087-91C4-4CC553E6C314}S06773 - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.04 10:08:29 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Eigene Dateien
[2012.11.04 09:56:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen\Anwendungsdaten\Thunderbird
[2012.11.04 09:46:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2012.11.04 09:28:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten
[2012.11.04 09:25:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Favoriten
[2012.11.04 09:25:52 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Recent
[2012.11.04 09:25:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Startmenü
[2012.11.04 09:25:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop
[2012.11.04 09:19:33 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Vorlagen
[2012.11.04 09:19:33 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Cookies
[2012.11.04 09:19:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen
[2012.11.04 09:19:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2012.11.03 13:20:25 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012.11.03 13:20:25 | 000,000,000 | ---D | C] -- \Mozilla
[2012.11.01 20:09:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.07 14:24:35 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.11.07 14:24:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.07 14:24:25 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.07 13:16:22 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.04 10:13:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.04 10:11:33 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427.002\defogger_reenable
[2012.10.31 20:22:54 | 000,029,513 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.10.31 15:10:29 | 004,081,428 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.31 15:10:29 | 002,982,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.31 15:10:29 | 001,904,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.31 15:10:28 | 002,171,622 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.15 06:23:39 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.10.12 14:34:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 
========== Files Created - No Company Name ==========
 
[2012.11.04 10:11:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427.002\defogger_reenable
[2012.07.05 00:10:31 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.09.01 15:39:06 | 937,676,800 | -HS- | C] () -- \hiberfil.sys
[2011.03.24 23:32:35 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.11.25 13:40:55 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010.06.01 21:13:48 | 000,004,304 | ---- | C] () -- \ComboFix.zip
[2010.06.01 20:40:07 | 000,000,211 | ---- | C] () -- \Boot.bak
[2010.06.01 20:40:01 | 000,262,448 | ---- | C] () -- \cmldr
[2010.06.01 18:56:03 | 000,012,171 | ---- | C] () -- \OTL Log.zip
[2008.11.17 10:47:49 | 000,251,184 | ---- | C] () -- \ntldr
[2006.04.20 15:56:58 | 000,000,080 | RH-- | C] () -- \volumeid.zbx
[2006.04.03 18:44:10 | 000,162,304 | ---- | C] () -- \UNWISE.EXE
[2006.02.18 12:16:23 | 000,356,352 | -H-- | C] () -- \ffastun.ffo
[2006.02.18 12:16:23 | 000,005,183 | -H-- | C] () -- \ffastun.ffa
[2006.02.18 12:16:22 | 003,321,856 | -H-- | C] () -- \ffastun0.ffx
[2006.02.18 12:14:51 | 002,768,896 | -H-- | C] () -- \ffastun.ffl
[2006.02.18 12:08:28 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2006.02.18 12:08:28 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2006.02.17 17:49:52 | 000,000,192 | ---- | C] () -- \setuplog
[2004.08.07 06:07:20 | 000,000,281 | RHS- | C] () -- \boot.ini
[2004.08.04 09:00:00 | 000,004,952 | RHS- | C] () -- \bootfont.bin
[2002.08.29 08:00:00 | 000,047,564 | RHS- | C] () -- \ntdetect.com
 
========== ZeroAccess Check ==========
 
[2004.08.07 06:21:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.21 08:01:11 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:00:58 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.06.23 21:56:32 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
[2008.07.25 10:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data
[2012.11.04 09:34:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Desktop
[2012.04.03 10:13:19 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Dokumente
[2012.04.14 16:53:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\DRM
[2005.11.30 08:01:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Favoriten
[2012.07.15 22:51:38 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Vorlagen
[2012.04.03 10:12:14 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten
[2005.11.30 08:01:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Desktop
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Druckumgebung
[2005.11.29 23:08:29 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Default User\Eigene Dateien
[2005.11.29 23:08:29 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Default User\Favoriten
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Netzwerkumgebung
[2005.11.29 23:08:29 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Default User\Recent
[2012.04.08 20:58:31 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Default User\SendTo
[2005.11.30 08:01:42 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Default User\Startmenü
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Vorlagen
[2012.02.14 11:20:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten
[2010.06.02 08:10:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\LocalService\Cookies
[2008.07.23 17:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Desktop
[2010.06.01 21:03:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen
[2006.03.03 20:20:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\.java
[2006.03.03 20:20:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\.jpi_cache
[2012.07.15 22:38:34 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten
[2009.11.18 12:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\AVM_Driver
[2007.09.15 18:33:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Contacts
[2012.10.31 21:22:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\***\Cookies
[2012.11.04 09:28:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Desktop
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Druckumgebung
[2012.07.18 07:03:45 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\***\Eigene Dateien
[2010.11.25 13:13:28 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\***\Favoriten
[2011.08.01 20:14:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\***\IECompatCache
[2010.11.25 13:13:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\***\IETldCache
[2010.06.01 21:03:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Netzwerkumgebung
[2011.02.03 14:38:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\***\PrivacIE
[2012.11.01 23:49:10 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Recent
[2012.04.08 20:58:31 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\SendTo
[2012.04.09 08:19:12 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\***\Startmenü
[2006.04.09 16:54:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\***\UserData
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Vorlagen
[2006.04.20 15:53:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\WINDOWS
[2012.11.04 10:28:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten
[2012.11.04 09:19:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Cookies
[2012.11.07 14:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop
[2012.11.04 10:08:29 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Eigene Dateien
[2012.11.04 09:25:53 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Favoriten
[2012.11.04 09:19:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen
[2012.11.04 09:25:53 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Recent
[2012.11.04 09:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Startmenü
[2012.11.04 09:19:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Vorlagen
[2010.06.01 12:52:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten
[2010.06.02 08:59:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\NetworkService\Cookies
[2011.02.11 09:26:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\NetworkService\IETldCache
[2010.06.01 21:03:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen
[2012.11.03 13:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TEMP\Anwendungsdaten
[2012.11.03 13:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TEMP\Cookies
[2012.11.03 13:18:46 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\TEMP\Eigene Dateien
[2012.11.03 13:20:27 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\TEMP\Favoriten
[2012.11.03 13:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TEMP\Lokale Einstellungen
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< C:\Dokumente und Einstellungen >
[2004.08.04 09:00:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2004.08.07 06:32:38 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2007.12.28 00:54:41 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2008.07.23 15:16:25 | 000,000,490 | ---- | C] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012.04.09 07:55:34 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
 
< %SYSTEMDRIVE%\*. >
[2008.07.23 15:54:24 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2010.06.01 20:40:06 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2012.07.15 22:52:19 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.03.21 13:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2012.11.03 13:15:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.06.25 08:12:25 | 000,000,000 | ---D | M] -- C:\Downloads
[2006.02.17 16:52:56 | 000,000,000 | ---D | M] -- C:\hp
[2005.11.30 08:02:17 | 000,000,000 | ---D | M] -- C:\I386
[2012.11.03 13:20:25 | 000,000,000 | ---D | M] -- C:\Mozilla
[2009.11.04 19:25:06 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.11.03 12:58:26 | 000,000,000 | R--D | M] -- C:\Programme
[2010.06.01 21:03:42 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.07.21 20:00:46 | 000,000,000 | -H-D | M] -- C:\Recycle.Bi
[2010.06.01 21:15:54 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2005.11.29 23:42:20 | 000,000,000 | ---D | M] -- C:\SWSETUP
[2012.04.06 11:43:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2006.02.17 16:54:21 | 000,000,000 | ---D | M] -- C:\System.sav
[2011.08.02 14:59:49 | 000,000,000 | -H-D | M] -- C:\SystemData
[2007.04.21 07:35:02 | 000,000,000 | ---D | M] -- C:\Temp
[2008.05.22 09:17:05 | 000,000,000 | ---D | M] -- C:\unzipped
[2012.11.04 09:19:47 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2010.06.01 20:00:01 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2008.07.25 10:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Agnitum
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.11.04 09:49:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten\Adobe
[2012.11.04 09:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten\Macromedia
[2012.11.04 10:28:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten\Microsoft
[2012.11.04 09:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten\Mozilla
[2012.11.04 09:56:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten\Thunderbird
[2012.11.04 09:31:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten\TuneUp Software
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
[2004.08.07 08:01:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.08.07 08:01:00 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.08.07 08:01:00 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:364682BC

< End of report >

--- --- ---

cosinus 07.11.2012 15:19

Hm, eine Ausgabe hab ich mir anders vorgestellt. Mach es bitte nochmal so:

Code:

msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
C:\Dokumente und Einstellungen\*.
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Archivar 07.11.2012 15:36

Das neue Log:OTL Logfile:
Code:

OTL logfile created on: 07.11.2012 15:22:48 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale:  | Country:  | Language:  | Date Format:
 
894,17 Mb Total Physical Memory | 442,42 Mb Available Physical Memory | 49,48% Memory free
2,12 Gb Paging File | 1,73 Gb Available in Paging File | 81,92% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 0,63 Gb Free Space | 0,68% Space Free | Partition Type: NTFS
 
Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\FSGK32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FNRB32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FIH32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Device Control\fsdevcon32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - \\?\c:\programme\f-secure\hips\fsumi.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - C:\Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fm4av.dll ()
MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe File not found
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe File not found
SRV - (MSDTC) --  File not found
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (F-Secure Network Request Broker) -- C:\Programme\F-Secure\Common\FNRB32.EXE (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (fsdevcon) -- C:\Programme\F-Secure\Device Control\\fsdevcon32.exe ()
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (TuneUp.Defrag) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\cofi\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\System32\Drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys ()
DRV - (FANTOM) -- C:\WINDOWS\System32\DRIVERS\fantom.sys (National Instruments Corporation)
DRV - (tbhsd) -- C:\WINDOWS\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (ssmdrv) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (AVIRA GmbH)
DRV - (SSHDRV62) -- C:\WINDOWS\System32\drivers\SSHDRV62.sys ()
DRV - (FWLANUSB) -- C:\WINDOWS\System32\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CAMCHALA) -- C:\WINDOWS\System32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\System32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (tifm21) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (RTL8023xp) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (Elaborate Bytes AG)
DRV - (ElbyVCD) -- C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys (Elaborate Bytes AG)
DRV - (SMCIRDA) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2012.10.10 14:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.01 20:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.01 20:09:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.02.16 08:12:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.01 20:10:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.23 21:55:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 17:49:47 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.23 21:55:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 21:55:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 21:55:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 21:55:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.01 20:58:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten [2012.06.23 21:56:32 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Application Data [2008.07.25 10:01:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Desktop [2012.11.04 09:34:28 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Dokumente [2012.04.03 10:13:19 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\DRM [2012.04.14 16:53:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Favoriten [2005.11.30 08:01:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\NTUSER.DAT ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\NTUSER.DAT ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü [2012.07.15 22:51:38 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Vorlagen [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Anwendungsdaten [2012.04.03 10:12:14 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Desktop [2005.11.30 08:01:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Druckumgebung [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Eigene Dateien [2005.11.29 23:08:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Favoriten [2005.11.29 23:08:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Netzwerkumgebung [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\NTUSER.DAT ()
O4 - Startup: C:\Dokumente und Einstellungen\Default User\ntuser.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\Default User\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Recent [2005.11.29 23:08:29 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\SendTo [2012.04.08 20:58:31 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü [2005.11.30 08:01:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Vorlagen [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten [2012.02.14 11:20:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\Cookies [2010.06.02 08:10:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\Desktop [2008.07.23 17:04:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen [2010.06.01 21:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT ()
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\ntuser.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT_BAK_53768 ()
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT_BAK_74117 ()
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT_TU_53768.LOG ()
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT_TU_74117.LOG ()
O4 - Startup: C:\Dokumente und Einstellungen\LocalService\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\***\.java [2006.03.03 20:20:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\.jpi_cache [2006.03.03 20:20:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\.plugin141.trace ()
O4 - Startup: C:\Dokumente und Einstellungen\***\0.6607504357915424.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\***\Anwendungsdaten [2012.07.15 22:38:34 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\AVM_Driver [2009.11.18 12:11:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Contacts [2007.09.15 18:33:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Cookies [2012.10.31 21:22:01 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Desktop [2012.11.04 09:28:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Druckumgebung [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Eigene Dateien [2012.07.18 07:03:45 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Favoriten [2010.11.25 13:13:28 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\hs_err_pid2360.log ()
O4 - Startup: C:\Dokumente und Einstellungen\***\hs_err_pid3044.log ()
O4 - Startup: C:\Dokumente und Einstellungen\***\hs_err_pid3340.log ()
O4 - Startup: C:\Dokumente und Einstellungen\***\hs_err_pid3500.log ()
O4 - Startup: C:\Dokumente und Einstellungen\***\IECompatCache [2011.08.01 20:14:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\IETldCache [2010.11.25 13:13:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Lokale Einstellungen [2010.06.01 21:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\LuResult.txt ()
O4 - Startup: C:\Dokumente und Einstellungen\***\Netzwerkumgebung [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Neu Microsoft Word-Dokument.doc ()
O4 - Startup: C:\Dokumente und Einstellungen\***\NTUSER.DAT ()
O4 - Startup: C:\Dokumente und Einstellungen\***\ntuser.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\***\NTUSER.DAT_BAK_16828 ()
O4 - Startup: C:\Dokumente und Einstellungen\***\NTUSER.DAT_BAK_39228 ()
O4 - Startup: C:\Dokumente und Einstellungen\***\NTUSER.DAT_TU_16828.LOG ()
O4 - Startup: C:\Dokumente und Einstellungen\***\NTUSER.DAT_TU_39228.LOG ()
O4 - Startup: C:\Dokumente und Einstellungen\***\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\***\PrivacIE [2011.02.03 14:38:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Recent [2012.11.01 23:49:10 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\SendTo [2012.04.08 20:58:31 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü [2012.04.09 08:19:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\usb ()
O4 - Startup: C:\Dokumente und Einstellungen\***\UserData [2006.04.09 16:54:22 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\Vorlagen [2005.11.30 08:01:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***\WINDOWS [2006.04.20 15:53:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.000\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.001\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten [2012.11.04 10:28:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Cookies [2012.11.04 09:19:33 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\defogger_reenable ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop [2012.11.07 14:42:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Eigene Dateien [2012.11.04 10:08:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Favoriten [2012.11.04 09:25:53 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen [2012.11.04 09:19:33 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\ntuser.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\ntuser.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Recent [2012.11.04 09:25:53 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Startmenü [2012.11.04 09:25:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427.002\Vorlagen [2012.11.04 09:19:33 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten [2010.06.01 12:52:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\Cookies [2010.06.02 08:59:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\IETldCache [2011.02.11 09:26:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen [2010.06.01 21:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT ()
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\ntuser.dat ()
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT_BAK_57325 ()
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT_BAK_89302 ()
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT_TU_57325.LOG ()
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT_TU_89302.LOG ()
O4 - Startup: C:\Dokumente und Einstellungen\NetworkService\ntuser.ini ()
O4 - Startup: C:\Dokumente und Einstellungen\TEMP\Anwendungsdaten [2012.11.03 13:20:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\TEMP\Cookies [2012.11.03 13:17:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Dokumente und Einstellungen\TEMP\Eigene Dateien [2012.11.03 13:18:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\TEMP\Favoriten [2012.11.03 13:20:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Dokumente und Einstellungen\TEMP\Lokale Einstellungen [2012.11.03 13:17:24 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214247387 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6D234B9-FF90-42BD-8013-B8F51BCDFA54}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O27 - HKLM IFEO\RapportMgmtService.exe: Debugger -  File not found
O27 - HKLM IFEO\RapportService.exe: Debugger -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: coniSP32 - (C:\WINDOWS\system32\ipxrexnt.dll) -  File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp -  File not found
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{D8DC91C3-CBA9-4087-91C4-4CC553E6C314}S06773 - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.04 10:08:29 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Eigene Dateien
[2012.11.04 09:56:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen\Anwendungsdaten\Thunderbird
[2012.11.04 09:46:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2012.11.04 09:28:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten
[2012.11.04 09:25:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Favoriten
[2012.11.04 09:25:52 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Recent
[2012.11.04 09:25:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Startmenü
[2012.11.04 09:25:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop
[2012.11.04 09:19:33 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Vorlagen
[2012.11.04 09:19:33 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Cookies
[2012.11.04 09:19:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen
[2012.11.04 09:19:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2012.11.03 13:20:25 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012.11.03 13:20:25 | 000,000,000 | ---D | C] -- \Mozilla
[2012.11.01 20:09:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.07 15:16:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.07 15:00:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.11.07 14:24:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.07 14:24:25 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.04 10:13:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.04 10:11:33 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427.002\defogger_reenable
[2012.10.31 20:22:54 | 000,029,513 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.10.31 15:10:29 | 004,081,428 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.31 15:10:29 | 002,982,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.31 15:10:29 | 001,904,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.31 15:10:28 | 002,171,622 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.15 06:23:39 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.10.12 14:34:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 
========== Files Created - No Company Name ==========
 
[2012.11.04 10:11:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427.002\defogger_reenable
[2012.07.05 00:10:31 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.09.01 15:39:06 | 937,676,800 | -HS- | C] () -- \hiberfil.sys
[2011.03.24 23:32:35 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.11.25 13:40:55 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010.06.01 21:13:48 | 000,004,304 | ---- | C] () -- \ComboFix.zip
[2010.06.01 20:40:07 | 000,000,211 | ---- | C] () -- \Boot.bak
[2010.06.01 20:40:01 | 000,262,448 | ---- | C] () -- \cmldr
[2010.06.01 18:56:03 | 000,012,171 | ---- | C] () -- \OTL Log.zip
[2008.11.17 10:47:49 | 000,251,184 | ---- | C] () -- \ntldr
[2006.04.20 15:56:58 | 000,000,080 | RH-- | C] () -- \volumeid.zbx
[2006.04.03 18:44:10 | 000,162,304 | ---- | C] () -- \UNWISE.EXE
[2006.02.18 12:16:23 | 000,356,352 | -H-- | C] () -- \ffastun.ffo
[2006.02.18 12:16:23 | 000,005,183 | -H-- | C] () -- \ffastun.ffa
[2006.02.18 12:16:22 | 003,321,856 | -H-- | C] () -- \ffastun0.ffx
[2006.02.18 12:14:51 | 002,768,896 | -H-- | C] () -- \ffastun.ffl
[2006.02.18 12:08:28 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2006.02.18 12:08:28 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2006.02.17 17:49:52 | 000,000,192 | ---- | C] () -- \setuplog
[2004.08.07 06:07:20 | 000,000,281 | RHS- | C] () -- \boot.ini
[2004.08.04 09:00:00 | 000,004,952 | RHS- | C] () -- \bootfont.bin
[2002.08.29 08:00:00 | 000,047,564 | RHS- | C] () -- \ntdetect.com
 
========== ZeroAccess Check ==========
 
[2004.08.07 06:21:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.21 08:01:11 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:00:58 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.06.23 21:56:32 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
[2008.07.25 10:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data
[2012.11.04 09:34:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Desktop
[2012.04.03 10:13:19 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Dokumente
[2012.04.14 16:53:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\DRM
[2005.11.30 08:01:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Favoriten
[2012.07.15 22:51:38 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Vorlagen
[2012.04.03 10:12:14 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten
[2005.11.30 08:01:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Desktop
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Druckumgebung
[2005.11.29 23:08:29 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Default User\Eigene Dateien
[2005.11.29 23:08:29 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Default User\Favoriten
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Netzwerkumgebung
[2005.11.29 23:08:29 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Default User\Recent
[2012.04.08 20:58:31 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Default User\SendTo
[2005.11.30 08:01:42 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Default User\Startmenü
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User\Vorlagen
[2012.02.14 11:20:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten
[2010.06.02 08:10:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\LocalService\Cookies
[2008.07.23 17:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Desktop
[2010.06.01 21:03:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen
[2006.03.03 20:20:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\.java
[2006.03.03 20:20:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\.jpi_cache
[2012.07.15 22:38:34 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten
[2009.11.18 12:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\AVM_Driver
[2007.09.15 18:33:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Contacts
[2012.10.31 21:22:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\***\Cookies
[2012.11.04 09:28:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Desktop
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Druckumgebung
[2012.07.18 07:03:45 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\***\Eigene Dateien
[2010.11.25 13:13:28 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\***\Favoriten
[2011.08.01 20:14:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\***\IECompatCache
[2010.11.25 13:13:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\***\IETldCache
[2010.06.01 21:03:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Netzwerkumgebung
[2011.02.03 14:38:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\***\PrivacIE
[2012.11.01 23:49:10 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Recent
[2012.04.08 20:58:31 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\SendTo
[2012.04.09 08:19:12 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\***\Startmenü
[2006.04.09 16:54:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\***\UserData
[2005.11.30 08:01:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***\Vorlagen
[2006.04.20 15:53:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\WINDOWS
[2012.11.04 10:28:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten
[2012.11.04 09:19:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Cookies
[2012.11.07 14:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Desktop
[2012.11.04 10:08:29 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Eigene Dateien
[2012.11.04 09:25:53 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Favoriten
[2012.11.04 09:19:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Lokale Einstellungen
[2012.11.04 09:25:53 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Recent
[2012.11.04 09:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Startmenü
[2012.11.04 09:19:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Vorlagen
[2010.06.01 12:52:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten
[2010.06.02 08:59:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\NetworkService\Cookies
[2011.02.11 09:26:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\NetworkService\IETldCache
[2010.06.01 21:03:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen
[2012.11.03 13:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TEMP\Anwendungsdaten
[2012.11.03 13:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TEMP\Cookies
[2012.11.03 13:18:46 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\TEMP\Eigene Dateien
[2012.11.03 13:20:27 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\TEMP\Favoriten
[2012.11.03 13:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TEMP\Lokale Einstellungen
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< C:\Dokumente und Einstellungen\*. >
[2012.04.08 21:05:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users
[2010.06.01 21:03:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Default User
[2011.02.23 14:52:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\LocalService
[2012.09.02 02:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***
[2012.11.03 13:04:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427
[2012.11.03 13:05:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.000
[2012.11.03 13:14:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.001
[2012.11.07 13:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002
[2011.02.23 14:52:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\NetworkService
[2012.11.03 13:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TEMP
[2004.08.04 09:00:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2004.08.07 06:32:38 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2007.12.28 00:54:41 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2008.07.23 15:16:25 | 000,000,490 | ---- | C] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012.04.09 07:55:34 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
 
< %SYSTEMDRIVE%\*. >
[2008.07.23 15:54:24 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2010.06.01 20:40:06 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2012.07.15 22:52:19 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.03.21 13:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2012.11.03 13:15:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.06.25 08:12:25 | 000,000,000 | ---D | M] -- C:\Downloads
[2006.02.17 16:52:56 | 000,000,000 | ---D | M] -- C:\hp
[2005.11.30 08:02:17 | 000,000,000 | ---D | M] -- C:\I386
[2012.11.03 13:20:25 | 000,000,000 | ---D | M] -- C:\Mozilla
[2009.11.04 19:25:06 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.11.03 12:58:26 | 000,000,000 | R--D | M] -- C:\Programme
[2010.06.01 21:03:42 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.07.21 20:00:46 | 000,000,000 | -H-D | M] -- C:\Recycle.Bi
[2010.06.01 21:15:54 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2005.11.29 23:42:20 | 000,000,000 | ---D | M] -- C:\SWSETUP
[2012.04.06 11:43:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2006.02.17 16:54:21 | 000,000,000 | ---D | M] -- C:\System.sav
[2011.08.02 14:59:49 | 000,000,000 | -H-D | M] -- C:\SystemData
[2007.04.21 07:35:02 | 000,000,000 | ---D | M] -- C:\Temp
[2008.05.22 09:17:05 | 000,000,000 | ---D | M] -- C:\unzipped
[2012.11.04 09:19:47 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2010.06.01 20:00:01 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2008.07.25 10:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Agnitum
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.11.04 09:49:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten\Adobe
[2012.11.04 09:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten\Macromedia
[2012.11.04 10:28:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten\Microsoft
[2012.11.04 09:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten\Mozilla
[2012.11.04 09:56:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten\Thunderbird
[2012.11.04 09:31:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002\Anwendungsdaten\TuneUp Software
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
[2004.08.07 08:01:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.08.07 08:01:00 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.08.07 08:01:00 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:364682BC

< End of report >

--- --- ---

cosinus 07.11.2012 15:38

Code:

[2012.09.02 02:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***
[2012.11.03 13:04:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427
[2012.11.03 13:05:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.000
[2012.11.03 13:14:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.001
[2012.11.07 13:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.PC132431016427.002

Ich glaube hier liegt der Hund begraben.
Stehen die *** jew. immer für einen und denselben Namen?!
Bitte immer nur volle Namen unkenntlich machen, Vornamen unkenntlich zu machen macht keinen Sinn!

Archivar 07.11.2012 15:40

Ja die *** stehen immer fuer denselben Namen.

cosinus 07.11.2012 15:48

Ok, versuchen wir mal Folgendes:

1. Erstell dir einen neuen Benutzer mit Adminrechten über die Systemsteuerung
2. Starte sicherheitshalber Windows neu um Probleme mit gesperrten Dateien zu vermeiden
3. Log dich mit mit dem neuen Benutzer ein
4. Navigier nach C:\Dokumente und Einstellungen
5. Umbenennen: ***.PC132431016427 zu ***.PC132431016427.OLD
6. Umbenennen: ***.PC132431016427.000 zu ***.PC132431016427.000.OLD
7. Umbenennen: ***.PC132431016427.001 zu ***.PC132431016427.001.OLD
8. Umbenennen: ***.PC132431016427.002 zu ***.PC132431016427.002.OLD
9. Windows-Neustart, log dich mit deinem *** User ein

Berichte ob der urspüngliche Desktop nun wieder benutzt wird

Archivar 07.11.2012 16:07

Hab die Schritte durchgeführt, jedoch ist das ursprüngliche Desktop nicht wieder da...stattdessen hab ich wieder das neue Win XP Design und der Firefox wurde wieder zurückgestellt, etc.

Die Tastatureinstellung ist aber nicht mehr amerikanisch.

cosinus 07.11.2012 16:33

Welches dein richtiger Profilordner ist, weiß ich nicht. Da stehen mehrere ja zur Auswahl.

Archivar 07.11.2012 16:46

Was meinst du damit genau, bzw. welche Profilordner stehen denn zur Verfügung? Meinst du mit Profilordner die verschiedenen User-Ordner ***PC...001 und 002, etc.?

Neben den ***.PC...001 etc. Ordnern gibt es auch einen der nur *** heißt, in dem sind glaube ich die originalen Einstellungen (etwa ein Unterordner "Desktop" in dem alle Dateien des ursprünglichen Desktops stecken). Meintest du das?

cosinus 07.11.2012 16:47

Zitat:

gibt es auch einen der nur *** heißt, in dem sind glaube ich die originalen Einstellungen (etwa ein Unterordner "Desktop" in dem alle Dateien des ursprünglichen Desktops stecken). Meintest du das?
Ja möglich :pfeiff:

Archivar 07.11.2012 16:50

Also muss ich mich wieder mit dem vorher neu erstellten User anmelden und dann dort hinter ***.OLD schreiben?

cosinus 07.11.2012 16:51

Wie heißt denn der Profilordner der jetzt aktuell ist? Ist das immer noch der mit 002 am Ende?

Archivar 07.11.2012 17:01

Bin mir nicht ganz sicher:

Die mit ***.PC132431016427.000.OLD und ***.PC132431016427.001.Old und ***.PC132431016427.OLD sind leer.

In ***.PC132431016427.002.OLD ist der Desktop drin, den ich vor dem Umbenennen in OLD hatte.

Und dann gibt es neuerdings ***.PC132431016427 (ohne OLD), der unter "Desktop" allerdings nicht alle tatsächlich auf dem Desktop angezeigten Symbole enthält. Der wird aber der aktuelle sein.

cosinus 07.11.2012 17:09

Und welchen Ordner verwendet Windows jetzt?
Siehst du zB wenn du auf Start/Ausführen klickst, dort cmd eintippst
In der schwarzen Konsole siehst du dann sowas

Code:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Dokumente und Einstellungen\USER>

Was in meinem Beispiel mit USER angegeben ist, da steht bei dir der aktuelle Profilpfad

Archivar 07.11.2012 17:12

Ah ok, dass man das so nachschaut, wusste ich nicht.

Win verwendet gerade ***.PC132431016427 (also ohne .OLD aber eben auch nicht den der einfach *** heißt).

cosinus 07.11.2012 19:46

Zitat:

Win verwendet gerade ***.PC132431016427 (also ohne .OLD aber eben auch nicht den der einfach *** heißt).
Dann vertausch mal die Namen der beiden Ordner, d.h.

1. Windows neu starten
2. direkt nach dem Reboot ins heute neu erstellte Adminkonto rein
3. ***.PC132431016427 umbenennen zu ***.PC132431016427.old
4. *** umbenennen zu ***.PC132431016427
5. Windows Neustart
6. mit deinem User einloggen und Daumen drücken ;)

Archivar 07.11.2012 20:27

Wenn ich .old dranhänge, kommt die Fehlermeldung, dass es den entsprechenden Ordner schon gibt (die unterschiedliche Groß- und Kleinschreibung ändert daran nichts). Kann ich auch eine beliebeige andere Endung nehmen?

cosinus 07.11.2012 20:30

Ja natürlich! Der muss nur einen anderen Namen haben! Du kannst statt .old auch .alt oder irgendwas anderes ranhängen!

Archivar 07.11.2012 20:39

Habs so ausprobiert und es hat geklappt! :)

Aber das war wahrscheinlich noch nicht alles, also da gabs sicher einen Grund warum sich das Desktop vertauscht hat? Bzw. was passiert jetzt mit den ganzen ***.PC...OLD Ordnern?

cosinus 07.11.2012 21:09

Warum das so war, keine Ahnung. Hab schon ein paar genau solcher Hilfeschreie genau in dieser Art auch schon im Büro bekommen und mit dieser Methode immer wieder korrigieren können.
Vllt hat Windows irgendwas in deinem Profilordner nicht geschmeckt und er hat kurzerhand ohne großartige Hinweise einfach von vorn angefangen :pfui:

Wenn dein aktueller Profilordner ***.PC132431016427 nun der richtige ist können die anderen eigentlich weg, aber ich würde nochetwas warten und die paar MB mehr auf C stören auch noch nicht wirklich.

Code:

Drive C: | 93,15 Gb Total Space | 0,63 Gb Free Space | 0,68% Space Free
Es sei denn man sitzt an deinem Rechner wo C komplett zugekloppt und nocht mal mehr 1 GB freier Speicher ist :uglyhammer:
Da sollten wir mal dringend aufräumen

Zitat:

Windows XP Home Edition Service Pack 2
Das geht übrigens auch überhaupt nicht! :pfui:
Wenn wir deinen Rechner soweit fertig haben muss unbedingt das SP3 installiert werden!

Erst eine Kontrolle mit OTL bitte, das Profilverzeichnis hat sich ja auch signifikant geändert!!
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

Archivar 07.11.2012 21:42

Hab den Scan durchgeführt. aus irgendeinem Grund kann ich nach wie vor f-secure nicht deaktivieren (wobei das icon wieder in der Taskleiste ist), hoffe dass das den scan nicht beeinträchtigt hat.

OTL:OTL Logfile:
Code:

OTL logfile created on: 07.11.2012 21:16:52 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\***.PC132431016427\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,17 Mb Total Physical Memory | 409,69 Mb Available Physical Memory | 45,82% Memory free
2,12 Gb Paging File | 1,70 Gb Available in Paging File | 80,21% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 0,70 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
 
Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FNRB32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FIH32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Device Control\fsdevcon32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Java\jre1.5.0_05\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Microsoft Office\Office\OSA.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - \\?\c:\programme\f-secure\hips\fsumi.dll ()
MOD - C:\Programme\F-Secure\FSGUI\strres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\gres.dll ()
MOD - C:\Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - C:\Programme\F-Secure\FSGUI\about.dll ()
MOD - C:\Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - C:\Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fm4av.dll ()
MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Microsoft Office\Office\MSO97.DLL ()
MOD - C:\Programme\Microsoft Office\Office\OSA.EXE ()
 
 
========== Services (SafeList) ==========
 
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe File not found
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe File not found
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (F-Secure Network Request Broker) -- C:\Programme\F-Secure\common\FNRB32.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (fsdevcon) -- C:\Programme\F-Secure\Device Control\\fsdevcon32.exe ()
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\cofi\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (SSHDRV62) -- C:\WINDOWS\system32\drivers\SSHDRV62.sys ()
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (Elaborate Bytes AG)
DRV - (ElbyVCD) -- C:\WINDOWS\system32\drivers\ElbyVCD.sys (Elaborate Bytes AG)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=60282
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 145.254.22.10:8000
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2012.10.10 14:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.01 20:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.01 20:09:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.02.16 08:12:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.06.05 11:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Extensions
[2010.06.05 11:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.24 09:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\extensions
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.10 14:41:34 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- C:\PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
[2012.11.01 20:10:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.23 21:55:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 17:49:47 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.23 21:55:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 21:55:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 21:55:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 21:55:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.01 20:58:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = -1795162112
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214247387 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6D234B9-FF90-42BD-8013-B8F51BCDFA54}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O27 - HKLM IFEO\RapportMgmtService.exe: Debugger -  File not found
O27 - HKLM IFEO\RapportService.exe: Debugger -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{87431348-b948-11e0-bd9f-0014a56b88eb}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{87431348-b948-11e0-bd9f-0014a56b88eb}\Shell\verb\command - "" = F:\installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: coniSP32 - (C:\WINDOWS\system32\ipxrexnt.dll) -  File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.07 14:30:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe
[2012.11.03 13:20:25 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012.11.01 20:09:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2012.10.24 10:00:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\Scharfreuter
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\CASC1PZI.
[2012.11.07 21:16:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.07 21:00:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.11.07 20:33:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.07 20:33:51 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.07 14:30:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe
[2012.11.04 10:13:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.31 20:22:54 | 000,029,513 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.10.31 19:40:50 | 000,158,720 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.31 15:10:29 | 004,081,428 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.31 15:10:29 | 002,982,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.31 15:10:29 | 001,904,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.31 15:10:28 | 002,171,622 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.15 06:23:39 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.10.12 19:11:42 | 000,070,663 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\stoffplan_ag_4_3_bf_anwaltschaft.pdf
[2012.10.12 14:34:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\CASC1PZI.
[2012.10.12 19:11:42 | 000,070,663 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\stoffplan_ag_4_3_bf_anwaltschaft.pdf
[2012.07.05 00:10:31 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.10.01 10:16:40 | 000,162,304 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\0.6607504357915424.exe
[2011.03.24 23:32:35 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.11.25 13:40:55 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008.04.13 15:28:35 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\usb
[2006.10.21 15:09:11 | 000,001,112 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\ViewerApp.dat
[2006.03.05 22:32:50 | 000,158,720 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.03.03 20:20:09 | 000,001,954 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\.plugin141.trace
[2006.02.17 17:01:21 | 000,000,204 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\wklnhst.dat
[2006.02.17 16:51:55 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004.08.07 06:21:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.21 08:01:11 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:00:58 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:364682BC

< End of report >

--- --- ---




Extras:
OTL Logfile:
Code:

OTL Extras logfile created on: 07.11.2012 21:16:52 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\***.PC132431016427\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,17 Mb Total Physical Memory | 409,69 Mb Available Physical Memory | 45,82% Memory free
2,12 Gb Paging File | 1,70 Gb Available in Paging File | 80,21% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 0,70 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
 
Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{24638AD1-5F7E-9900-147E-B3EEA1B84EAE}" = Napster 5.0 Beta
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe  1.4.44.1
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 C1
"{43A6AA2A-74B5-4E1C-91DB-ECB2F99D9ED7}" = HP User Guides 0008
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5F2F0392-05F6-4D71-B0F9-0BE3733992FB}" = F-Secure Client Security
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 D2
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F7875264-810A-4ABB-B185-2C5A332E483B}" = F-Secure PSC Prerequisites
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneCD" = CloneCD
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"com.Rhapsody.Napster5" = Napster 5.0 Beta
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"F-Secure Anti-Virus" = F-Secure Client Security - AntiVirus & AntiSpy-Schutz
"F-Secure Device Control" = F-Secure Gerätesteuerung
"F-Secure E-mail Scanning" = F-Secure Client Security - E-Mail-Scanning
"F-Secure ExploitShield" = F-Secure Client Security - Browser-Schutz
"F-Secure HIPS" = F-Secure Client Security - DeepGuard
"F-Secure Internet Shield" = F-Secure Client Security - Internet-Schutzschild
"F-Secure Protocol Scanner" = F-Secure Client Security - Web-Datenverkehr-Scanning
"Guitar Pro 5_is1" = Guitar Pro 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"LastFM_is1" = Last.fm 1.5.4.27091
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"PhotoRecord" = Canon PhotoRecord
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnderCoverXP_is1" = UnderCoverXP 1.19
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR Archivierer
"XP Codec Pack" = XP Codec Pack
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.11.2012 09:36:11 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 10  2012-11-07  14:36:11+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP109\SNAPSHOT\_REGISTRY_MACHINE_SAM.
   
 
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 11  2012-11-07  15:24:48+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-20.
   
 
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 12  2012-11-07  15:24:49+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_USRCLASS_S-1-5-20.
   
 
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 13  2012-11-07  15:24:49+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-19.
   
 
Error - 07.11.2012 10:24:53 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 14  2012-11-07  15:24:53+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-21-3895385494-3161838611-3957656901-1006.
   
 
Error - 07.11.2012 10:24:54 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 15  2012-11-07  15:24:53+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_USRCLASS_S-1-5-21-3895385494-3161838611-3957656901-1006.
   
 
Error - 07.11.2012 10:25:00 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 16  2012-11-07  15:25:00+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SECURITY.
   
 
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 17  2012-11-07  15:25:06+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SOFTWARE.
   
 
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 18  2012-11-07  15:25:06+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SYSTEM.
   
 
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 19  2012-11-07  15:25:06+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SAM.
   
 
[ System Events ]
Error - 05.11.2012 14:32:31 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 06.11.2012 02:42:51 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 06.11.2012 14:36:16 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 07.11.2012 08:07:45 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 07.11.2012 09:24:32 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 07.11.2012 10:54:08 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 07.11.2012 11:01:23 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 07.11.2012 11:10:30 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 07.11.2012 15:20:24 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 07.11.2012 15:34:16 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
 
< End of report >

--- --- ---

cosinus 07.11.2012 21:48

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL
O27 - HKLM IFEO\RapportMgmtService.exe: Debugger -  File not found
O27 - HKLM IFEO\RapportService.exe: Debugger -  File not found
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:364682BC
:Files
C:\Dokumente und Einstellungen\***.PC132431016427\0.6607504357915424.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Archivar 07.11.2012 22:47

So ausgeführt:

Code:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe\ deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:364682BC deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\***.PC132431016427\0.6607504357915424.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ***.PC132431016427
->Temp folder emptied: 5887731 bytes
->Temporary Internet Files folder emptied: 47892749 bytes
->Java cache emptied: 3439933 bytes
->FireFox cache emptied: 56679403 bytes
->Flash cache emptied: 167026 bytes
 
User: ***.PC132431016427.000.OLD
 
User: ***.PC132431016427.001.OLD
 
User: ***.PC132431016427.002.OLD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 80547722 bytes
->Flash cache emptied: 566 bytes
 
User: ***.PC132431016427.alt
->Temp folder emptied: 2868 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 54570815 bytes
->Flash cache emptied: 56922 bytes
 
User: ***.PC132431016427.OLD
 
User: ***ie
->Temp folder emptied: 2868 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 19573057 bytes
->Flash cache emptied: 56922 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5852382 bytes
RecycleBin emptied: 95392 bytes
 
Total Files Cleaned = 262,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11072012_221932

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AEIPWEUI\42=4;i44=4;d13=0;f1=1;f2=1;d17=1;c1=1;c3=1;c5=0;c8=0;c9=1;c10=0;c11=1;c12=0;c19=1;c20=0;c21=1;c22=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=9055211250[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AEIPWEUI\i15=4;i17=4;i40=4;i42=4;i44=4;f1=2;f2=2;d17=1;c3=1;c4=0;c5=0;c6=1;c8=0;c9=1;c11=1;c21=1;c19=1;c20=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=5387608681[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1N81PH9G\42=4;i44=4;d13=2;f1=1;f2=1;d17=1;c1=1;c3=1;c5=1;c8=0;c11=1;c12=0;c19=1;c20=0;c21=1;c22=0;c9=1;c10=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=1285678491[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1N81PH9G\42=4;i44=4;d13=7;f1=2;f2=2;d17=1;c1=1;c3=1;c5=0;c8=0;c9=1;c10=0;c11=1;c12=0;c19=1;c20=0;c21=1;c22=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=5528150384[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1N81PH9G\42=4;i44=4;d13=7;f1=2;f2=2;d17=1;c1=1;c3=1;c5=1;c8=0;c11=1;c12=0;c19=1;c20=0;c21=1;c22=0;c9=1;c10=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=3738941611[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1N81PH9G\i15=4;i17=4;i40=4;i42=4;i44=4;f1=1;f2=1;d17=1;c3=1;c4=0;c5=0;c6=0;c8=0;c9=1;c11=1;c21=1;c19=1;c20=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=6253828205[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0M9522XS\cu=15968__camp=71084__no=90740__kw=link1-90740__uuid=85849fee-6056-11e1-a68c-0026b928e1d3__cman1=76__cman2=1057__csit=111111111111111111__EASLink=[1] not found!
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VBNSFLX4\www.totallynsfw.com\[[IMPORT]]\plugins.longtailvideo.com\5\ltas\ltas.swf\httpwwwtotallynsfwcomvideosvideos.sol not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


cosinus 07.11.2012 22:49

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Archivar 07.11.2012 23:01

Ich kann leider aswMBR kann ich nicht runterladen. Beim Draufklicken kommt die Meldung "Schädliche Webseite blockiert" von f-secure. Die Meldung ignorieren und trotzdem speichern?

cosinus 07.11.2012 23:07

Ja was denn sonst? :pfeiff:

Archivar 08.11.2012 11:13

Beide Scans sind fertig.

aswMBR:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-08 09:51:27
-----------------------------
09:51:27.875    OS Version: Windows 5.1.2600 Service Pack 2
09:51:27.875    Number of processors: 1 586 0x2402
09:51:27.875    ComputerName: PC132431016427  UserName: ***
09:51:33.109    Initialize success
09:52:09.359    AVAST engine defs: 12110701
09:52:34.765    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:52:34.781    Disk 0 Vendor: TOSHIBA_MK1031GAS AA204C Size: 95396MB BusType: 3
09:52:34.812    Disk 0 MBR read successfully
09:52:34.828    Disk 0 MBR scan
09:52:35.078    Disk 0 Windows XP default MBR code
09:52:35.078    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        95385 MB offset 63
09:52:35.156    Disk 0 scanning sectors +195350400
09:52:35.328    Disk 0 scanning C:\WINDOWS\system32\drivers
09:53:17.125    Service scanning
09:53:56.953    Modules scanning
09:54:10.703    Disk 0 trace - called modules:
09:54:10.718    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:54:10.718    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85358ab8]
09:54:10.718    3 CLASSPNP.SYS[f757305b] -> nt!IofCallDriver -> \Device\00000075[0x853c9030]
09:54:10.718    5 ACPI.sys[f73e8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85398030]
09:54:11.406    AVAST engine scan C:\WINDOWS
09:54:30.468    AVAST engine scan C:\WINDOWS\system32
10:00:00.156    AVAST engine scan C:\WINDOWS\system32\drivers
10:00:20.890    AVAST engine scan C:\Dokumente und Einstellungen\***.PC132431016427
10:46:26.578    AVAST engine scan C:\Dokumente und Einstellungen\All Users
10:47:57.843    Scan finished successfully
10:48:58.359    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\MBR.dat"
10:48:58.421    The log file has been saved successfully to "C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\aswMBR.txt"


TDSS:


Code:

10:50:50.0218 3972  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:50:51.0656 3972  ============================================================
10:50:51.0656 3972  Current date / time: 2012/11/08 10:50:51.0656
10:50:51.0656 3972  SystemInfo:
10:50:51.0656 3972 
10:50:51.0656 3972  OS Version: 5.1.2600 ServicePack: 2.0
10:50:51.0656 3972  Product type: Workstation
10:50:51.0656 3972  ComputerName: PC132431016427
10:50:51.0656 3972  UserName: ***
10:50:51.0656 3972  Windows directory: C:\WINDOWS
10:50:51.0656 3972  System windows directory: C:\WINDOWS
10:50:51.0656 3972  Processor architecture: Intel x86
10:50:51.0656 3972  Number of processors: 1
10:50:51.0656 3972  Page size: 0x1000
10:50:51.0656 3972  Boot type: Normal boot
10:50:51.0656 3972  ============================================================
10:50:54.0390 3972  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:50:54.0390 3972  ============================================================
10:50:54.0390 3972  \Device\Harddisk0\DR0:
10:50:54.0390 3972  MBR partitions:
10:50:54.0390 3972  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
10:50:54.0390 3972  ============================================================
10:50:54.0406 3972  C: <-> \Device\Harddisk0\DR0\Partition1
10:50:54.0437 3972  ============================================================
10:50:54.0437 3972  Initialize success
10:50:54.0437 3972  ============================================================
10:51:38.0250 3828  ============================================================
10:51:38.0250 3828  Scan started
10:51:38.0250 3828  Mode: Manual; SigCheck; TDLFS;
10:51:38.0250 3828  ============================================================
10:51:38.0531 3828  ================ Scan system memory ========================
10:51:46.0968 3828  System memory - ok
10:51:46.0968 3828  ================ Scan services =============================
10:51:47.0093 3828  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
10:51:47.0296 3828  AAV UpdateService - ok
10:51:47.0468 3828  Abiosdsk - ok
10:51:47.0484 3828  abp480n5 - ok
10:51:47.0531 3828  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:51:54.0796 3828  ACPI - ok
10:51:54.0859 3828  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:51:55.0093 3828  ACPIEC - ok
10:51:55.0187 3828  [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:51:55.0296 3828  AdobeFlashPlayerUpdateSvc - ok
10:51:55.0312 3828  adpu160m - ok
10:51:55.0375 3828  [ 1EE7B434BA961EF845DE136224C30FEC ] aec            C:\WINDOWS\system32\drivers\aec.sys
10:51:55.0906 3828  aec - ok
10:51:55.0953 3828  [ 55E6E1C51B6D30E54335750955453702 ] AFD            C:\WINDOWS\System32\drivers\afd.sys
10:51:56.0046 3828  AFD - ok
10:51:56.0062 3828  Aha154x - ok
10:51:56.0078 3828  aic78u2 - ok
10:51:56.0093 3828  aic78xx - ok
10:51:56.0140 3828  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
10:51:56.0312 3828  Alerter - ok
10:51:56.0343 3828  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG            C:\WINDOWS\System32\alg.exe
10:51:56.0546 3828  ALG - ok
10:51:56.0609 3828  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
10:51:56.0859 3828  AliIde - ok
10:51:56.0906 3828  [ 769844EB65DF6A62AA51B886290FE51D ] AmdK8          C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:51:57.0015 3828  AmdK8 - ok
10:51:57.0031 3828  amsint - ok
10:51:57.0140 3828  [ 69DA2BB73AC426CDEEBDACC68438BA3D ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
10:51:57.0234 3828  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
10:51:57.0234 3828  Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
10:51:57.0250 3828  AppMgmt - ok
10:51:57.0296 3828  [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394        C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:51:57.0484 3828  Arp1394 - ok
10:51:57.0500 3828  asc - ok
10:51:57.0515 3828  asc3350p - ok
10:51:57.0531 3828  asc3550 - ok
10:51:57.0609 3828  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
10:51:57.0687 3828  aspnet_state ( UnsignedFile.Multi.Generic ) - warning
10:51:57.0687 3828  aspnet_state - detected UnsignedFile.Multi.Generic (1)
10:51:57.0718 3828  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:51:57.0890 3828  AsyncMac - ok
10:51:57.0937 3828  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
10:51:58.0156 3828  atapi - ok
10:51:58.0171 3828  Atdisk - ok
10:51:58.0250 3828  [ E548EB303255721145418F85B77B9D8A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
10:51:58.0500 3828  Ati HotKey Poller - ok
10:51:58.0593 3828  [ 6EF070828E7B8C6F45D8F0E9CE28CA8B ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:51:58.0937 3828  ati2mtag - ok
10:51:59.0000 3828  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:51:59.0203 3828  Atmarpc - ok
10:51:59.0265 3828  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:51:59.0468 3828  AudioSrv - ok
10:51:59.0531 3828  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
10:51:59.0750 3828  audstub - ok
10:51:59.0843 3828  [ FA4A4A50B4B2647AFEDC676CC68C69CC ] BCM43XX        C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:52:00.0046 3828  BCM43XX - ok
10:52:00.0078 3828  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:52:00.0312 3828  Beep - ok
10:52:00.0375 3828  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll
10:52:02.0437 3828  BITS - ok
10:52:02.0500 3828  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser        C:\WINDOWS\System32\browser.dll
10:52:02.0656 3828  Browser - ok
10:52:02.0703 3828  [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
10:52:02.0765 3828  BTWUSB ( UnsignedFile.Multi.Generic ) - warning
10:52:02.0765 3828  BTWUSB - detected UnsignedFile.Multi.Generic (1)
10:52:02.0828 3828  [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD        C:\WINDOWS\system32\drivers\camc6aud.sys
10:52:02.0937 3828  CAMCAUD - ok
10:52:02.0984 3828  [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA        C:\WINDOWS\system32\drivers\camc6hal.sys
10:52:03.0171 3828  CAMCHALA - ok
10:52:03.0187 3828  catchme - ok
10:52:03.0218 3828  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
10:52:03.0437 3828  cbidf2k - ok
10:52:03.0484 3828  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:52:03.0687 3828  CCDECODE - ok
10:52:03.0703 3828  cd20xrnt - ok
10:52:03.0734 3828  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
10:52:03.0953 3828  Cdaudio - ok
10:52:04.0015 3828  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:52:04.0187 3828  Cdfs - ok
10:52:04.0218 3828  [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv        C:\WINDOWS\system32\drivers\cdrbsdrv.sys
10:52:04.0250 3828  cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
10:52:04.0250 3828  cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
10:52:04.0296 3828  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:52:04.0453 3828  Cdrom - ok
10:52:04.0468 3828  Changer - ok
10:52:04.0515 3828  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc          C:\WINDOWS\system32\cisvc.exe
10:52:04.0703 3828  CiSvc - ok
10:52:04.0750 3828  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
10:52:04.0953 3828  ClipSrv - ok
10:52:04.0984 3828  [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:52:05.0171 3828  CmBatt - ok
10:52:05.0187 3828  CmdIde - ok
10:52:05.0250 3828  [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:52:05.0484 3828  Compbatt - ok
10:52:05.0500 3828  COMSysApp - ok
10:52:05.0531 3828  Cpqarray - ok
10:52:05.0578 3828  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:52:05.0765 3828  CryptSvc - ok
10:52:05.0781 3828  dac2w2k - ok
10:52:05.0796 3828  dac960nt - ok
10:52:05.0859 3828  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:52:06.0156 3828  DcomLaunch - ok
10:52:06.0218 3828  [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:52:06.0781 3828  Dhcp - ok
10:52:06.0859 3828  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:52:07.0046 3828  Disk - ok
10:52:07.0062 3828  dmadmin - ok
10:52:07.0156 3828  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:52:07.0390 3828  dmboot - ok
10:52:07.0437 3828  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:52:07.0625 3828  dmio - ok
10:52:07.0671 3828  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:52:07.0890 3828  dmload - ok
10:52:07.0937 3828  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:52:08.0125 3828  dmserver - ok
10:52:08.0156 3828  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:52:08.0375 3828  DMusic - ok
10:52:08.0406 3828  [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:52:08.0968 3828  Dnscache - ok
10:52:08.0968 3828  dpti2o - ok
10:52:09.0015 3828  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
10:52:09.0203 3828  drmkaud - ok
10:52:09.0250 3828  [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr        C:\WINDOWS\system32\drivers\EABFiltr.sys
10:52:09.0312 3828  eabfiltr - ok
10:52:09.0343 3828  [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb          C:\WINDOWS\system32\drivers\eabusb.sys
10:52:09.0406 3828  eabusb - ok
10:52:09.0453 3828  [ 59C9E1336A4508F059827D638E924C62 ] ElbyCDFL        C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
10:52:09.0515 3828  ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
10:52:09.0515 3828  ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
10:52:09.0546 3828  [ 389823DB299B350F2EE830D47376EEAC ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
10:52:09.0609 3828  ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
10:52:09.0609 3828  ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
10:52:09.0656 3828  [ C4143FC2F7D39A5A8B1CFE0BC4BD8A9E ] ElbyVCD        C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
10:52:09.0718 3828  ElbyVCD ( UnsignedFile.Multi.Generic ) - warning
10:52:09.0718 3828  ElbyVCD - detected UnsignedFile.Multi.Generic (1)
10:52:09.0765 3828  [ 877A4512CC9074D6954776AF47021766 ] ERSvc          C:\WINDOWS\System32\ersvc.dll
10:52:09.0937 3828  ERSvc - ok
10:52:09.0984 3828  [ A07CA23EA361A01E627D911CF139B950 ] Eventlog        C:\WINDOWS\system32\services.exe
10:52:10.0125 3828  Eventlog - ok
10:52:10.0171 3828  [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem    C:\WINDOWS\system32\es.dll
10:52:10.0296 3828  EventSystem - ok
10:52:10.0406 3828  [ 4A076E190BB9DC3202D95D496878923C ] F-Secure Filter C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys
10:52:10.0453 3828  F-Secure Filter - ok
10:52:10.0562 3828  [ C5D80C3A419BA6BED9AAB9385031A308 ] F-Secure Gatekeeper C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys
10:52:10.0640 3828  F-Secure Gatekeeper - ok
10:52:10.0703 3828  [ 45A0A9A8415DF0C22D0A683D798968CD ] F-Secure Gatekeeper Handler Starter C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
10:52:10.0781 3828  F-Secure Gatekeeper Handler Starter - ok
10:52:10.0859 3828  [ 51B6194B06F8373C7BE83F507F94F405 ] F-Secure HIPS  C:\Programme\F-Secure\HIPS\drivers\fshs.sys
10:52:10.0921 3828  F-Secure HIPS - ok
10:52:11.0000 3828  [ 3F3EC2023F3F5C8ADEE89FC21D67FA8B ] F-Secure Network Request Broker C:\Programme\F-Secure\Common\FNRB32.EXE
10:52:11.0093 3828  F-Secure Network Request Broker - ok
10:52:11.0125 3828  [ 958C6C79676E34582CFD3DA2B32CB343 ] F-Secure Recognizer C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys
10:52:11.0171 3828  F-Secure Recognizer - ok
10:52:11.0234 3828  [ E3B0CD18146F9D51A34969E9BC2458D2 ] FANTOM          C:\WINDOWS\system32\DRIVERS\fantom.sys
10:52:11.0296 3828  FANTOM ( UnsignedFile.Multi.Generic ) - warning
10:52:11.0296 3828  FANTOM - detected UnsignedFile.Multi.Generic (1)
10:52:11.0328 3828  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
10:52:11.0546 3828  Fastfat - ok
10:52:11.0578 3828  [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:52:12.0171 3828  FastUserSwitchingCompatibility - ok
10:52:12.0218 3828  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc            C:\WINDOWS\system32\DRIVERS\fdc.sys
10:52:12.0406 3828  Fdc - ok
10:52:12.0453 3828  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:52:12.0656 3828  Fips - ok
10:52:12.0687 3828  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:52:12.0859 3828  Flpydisk - ok
10:52:12.0921 3828  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:52:13.0484 3828  FltMgr - ok
10:52:13.0515 3828  [ 18DA737DD5122A475DA4948ED4643675 ] fsbts          C:\WINDOWS\system32\Drivers\fsbts.sys
10:52:13.0562 3828  fsbts - ok
10:52:13.0656 3828  [ 00F5156562FEA93C8CAF5EACC0B9524F ] fsdevcon        C:\Programme\F-Secure\Device Control\\fsdevcon32.exe
10:52:13.0828 3828  fsdevcon - ok
10:52:13.0937 3828  [ AA59C15C31B53A4F26B165737B2E4FEB ] FSDFWD          C:\Programme\F-Secure\FWES\Program\fsdfwd.exe
10:52:14.0140 3828  FSDFWD - ok
10:52:14.0187 3828  [ D7261B0876E4238D680E96B69292B9E0 ] FSFW            C:\WINDOWS\system32\drivers\fsdfw.sys
10:52:14.0234 3828  FSFW - ok
10:52:14.0296 3828  [ E0229353879FD33E15462B862A064FD6 ] FSMA            C:\Programme\F-Secure\Common\FSMA32.EXE
10:52:14.0375 3828  FSMA - ok
10:52:14.0453 3828  [ DD4A7ECF77AD120310648602C0B262EC ] FSORSPClient    C:\Programme\F-Secure\ORSP Client\fsorsp.exe
10:52:14.0515 3828  FSORSPClient - ok
10:52:14.0562 3828  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:52:14.0765 3828  Fs_Rec - ok
10:52:14.0812 3828  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:52:15.0046 3828  Ftdisk - ok
10:52:15.0125 3828  [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB        C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
10:52:15.0281 3828  FWLANUSB - ok
10:52:15.0328 3828  [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM    C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:52:15.0359 3828  GEARAspiWDM - ok
10:52:15.0406 3828  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:52:15.0578 3828  Gpc - ok
10:52:15.0671 3828  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:52:15.0859 3828  helpsvc - ok
10:52:15.0921 3828  [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ        C:\WINDOWS\System32\hidserv.dll
10:52:16.0109 3828  HidServ - ok
10:52:16.0156 3828  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:52:16.0375 3828  HidUsb - ok
10:52:16.0390 3828  hpn - ok
10:52:16.0468 3828  [ 7463E7CBDF29B50ACB90574D5769A160 ] hpqwmi          C:\Programme\HPQ\SHARED\HPQWMI.exe
10:52:16.0531 3828  hpqwmi ( UnsignedFile.Multi.Generic ) - warning
10:52:16.0531 3828  hpqwmi - detected UnsignedFile.Multi.Generic (1)
10:52:16.0593 3828  [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI        C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
10:52:16.0671 3828  HSFHWATI - ok
10:52:16.0765 3828  [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
10:52:17.0078 3828  HSF_DP - ok
10:52:17.0156 3828  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:52:17.0375 3828  HTTP - ok
10:52:17.0421 3828  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:52:17.0625 3828  HTTPFilter - ok
10:52:17.0640 3828  i2omgmt - ok
10:52:17.0656 3828  i2omp - ok
10:52:17.0703 3828  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:52:17.0906 3828  i8042prt - ok
10:52:18.0031 3828  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:52:18.0093 3828  IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:52:18.0093 3828  IDriverT - detected UnsignedFile.Multi.Generic (1)
10:52:18.0140 3828  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
10:52:18.0312 3828  Imapi - ok
10:52:18.0359 3828  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:52:18.0562 3828  ImapiService - ok
10:52:18.0593 3828  ini910u - ok
10:52:18.0625 3828  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
10:52:18.0828 3828  IntelIde - ok
10:52:18.0875 3828  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw          C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:52:19.0078 3828  Ip6Fw - ok
10:52:19.0125 3828  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:52:19.0312 3828  IpFilterDriver - ok
10:52:19.0343 3828  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:52:19.0531 3828  IpInIp - ok
10:52:19.0578 3828  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:52:20.0156 3828  IpNat - ok
10:52:20.0250 3828  [ E1BD28CA09EE8F30E8EDBD6C19F5579D ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
10:52:20.0453 3828  iPod Service - ok
10:52:20.0484 3828  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:52:20.0671 3828  IPSec - ok
10:52:20.0703 3828  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:52:20.0890 3828  IRENUM - ok
10:52:20.0953 3828  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:52:21.0171 3828  isapnp - ok
10:52:21.0218 3828  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:52:21.0390 3828  Kbdclass - ok
10:52:21.0437 3828  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:52:22.0015 3828  kmixer - ok
10:52:22.0062 3828  [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:52:22.0218 3828  KSecDD - ok
10:52:22.0281 3828  [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:52:22.0906 3828  lanmanserver - ok
10:52:22.0953 3828  [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:52:23.0078 3828  lanmanworkstation - ok
10:52:23.0093 3828  lbrtfdc - ok
10:52:23.0156 3828  [ C12476DE1AFFB1BBA1A48A459CEB3D39 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
10:52:23.0296 3828  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:52:23.0296 3828  LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:52:23.0343 3828  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
10:52:23.0515 3828  LmHosts - ok
10:52:23.0562 3828  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk        C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:52:23.0625 3828  mdmxsdk - ok
10:52:23.0640 3828  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger      C:\WINDOWS\System32\msgsvc.dll
10:52:23.0843 3828  Messenger - ok
10:52:23.0906 3828  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
10:52:24.0093 3828  mnmdd - ok
10:52:24.0125 3828  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
10:52:24.0328 3828  mnmsrvc - ok
10:52:24.0359 3828  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
10:52:24.0578 3828  Modem - ok
10:52:24.0640 3828  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:52:24.0843 3828  Mouclass - ok
10:52:24.0906 3828  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:52:25.0109 3828  mouhid - ok
10:52:25.0156 3828  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:52:25.0343 3828  MountMgr - ok
10:52:25.0437 3828  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:52:25.0515 3828  MozillaMaintenance - ok
10:52:25.0531 3828  mraid35x - ok
10:52:25.0578 3828  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:52:26.0218 3828  MRxDAV - ok
10:52:26.0265 3828  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:52:26.0593 3828  MRxSmb - ok
10:52:26.0593 3828  MSCSPTISRV - ok
10:52:26.0656 3828  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC          C:\WINDOWS\system32\msdtc.exe
10:52:26.0828 3828  MSDTC - ok
10:52:26.0875 3828  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:52:27.0078 3828  Msfs - ok
10:52:27.0093 3828  MSIServer - ok
10:52:27.0140 3828  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:52:27.0312 3828  MSKSSRV - ok
10:52:27.0343 3828  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:52:27.0546 3828  MSPCLOCK - ok
10:52:27.0593 3828  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
10:52:27.0781 3828  MSPQM - ok
10:52:27.0828 3828  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:52:28.0000 3828  mssmbios - ok
10:52:28.0046 3828  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE          C:\WINDOWS\system32\drivers\MSTEE.sys
10:52:28.0234 3828  MSTEE - ok
10:52:28.0281 3828  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
10:52:28.0500 3828  Mup - ok
10:52:28.0546 3828  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:52:28.0734 3828  NABTSFEC - ok
10:52:28.0765 3828  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:52:28.0984 3828  NDIS - ok
10:52:29.0015 3828  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:52:29.0203 3828  NdisIP - ok
10:52:29.0250 3828  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:52:29.0437 3828  NdisTapi - ok
10:52:29.0468 3828  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:52:29.0656 3828  Ndisuio - ok
10:52:29.0687 3828  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:52:29.0875 3828  NdisWan - ok
10:52:29.0906 3828  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
10:52:30.0109 3828  NDProxy - ok
10:52:30.0156 3828  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
10:52:30.0343 3828  NetBIOS - ok
10:52:30.0375 3828  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
10:52:30.0562 3828  NetBT - ok
10:52:30.0625 3828  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:52:30.0843 3828  NetDDE - ok
10:52:30.0859 3828  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:52:31.0046 3828  NetDDEdsdm - ok
10:52:31.0078 3828  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:52:31.0250 3828  Netlogon - ok
10:52:31.0296 3828  [ 1E5218FBE323C375B488318950E10FB4 ] Netman          C:\WINDOWS\System32\netman.dll
10:52:31.0906 3828  Netman - ok
10:52:31.0968 3828  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394        C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:52:32.0156 3828  NIC1394 - ok
10:52:32.0203 3828  [ 774274C487493452DF3B0126DBE7FF3B ] Nla            C:\WINDOWS\System32\mswsock.dll
10:52:32.0328 3828  Nla - ok
10:52:32.0375 3828  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:52:32.0562 3828  Npfs - ok
10:52:32.0609 3828  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:52:33.0390 3828  Ntfs - ok
10:52:33.0421 3828  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
10:52:33.0593 3828  NtLmSsp - ok
10:52:33.0640 3828  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
10:52:33.0937 3828  NtmsSvc - ok
10:52:34.0000 3828  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:52:34.0218 3828  Null - ok
10:52:34.0265 3828  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:52:34.0484 3828  NwlnkFlt - ok
10:52:34.0515 3828  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:52:34.0734 3828  NwlnkFwd - ok
10:52:34.0812 3828  [ 197DDF60B254A84D8656850397B5F923 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:52:35.0453 3828  ohci1394 - ok
10:52:35.0453 3828  PACSPTISVR - ok
10:52:35.0531 3828  [ B2F17A2EDB5450E61973A037F63A595B ] Parport        C:\WINDOWS\system32\DRIVERS\parport.sys
10:52:35.0718 3828  Parport - ok
10:52:35.0750 3828  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
10:52:35.0921 3828  PartMgr - ok
10:52:35.0953 3828  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:52:36.0140 3828  ParVdm - ok
10:52:36.0187 3828  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
10:52:36.0375 3828  PCI - ok
10:52:36.0390 3828  PCIDump - ok
10:52:36.0437 3828  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
10:52:36.0609 3828  PCIIde - ok
10:52:36.0640 3828  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:52:36.0843 3828  Pcmcia - ok
10:52:36.0859 3828  PDCOMP - ok
10:52:36.0875 3828  PDFRAME - ok
10:52:36.0890 3828  PDRELI - ok
10:52:36.0906 3828  PDRFRAME - ok
10:52:36.0921 3828  perc2 - ok
10:52:36.0937 3828  perc2hib - ok
10:52:37.0000 3828  [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:52:37.0125 3828  PlugPlay - ok
10:52:37.0156 3828  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
10:52:37.0312 3828  PolicyAgent - ok
10:52:37.0343 3828  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:52:37.0531 3828  PptpMiniport - ok
10:52:37.0578 3828  [ F04317FB351B75233979DC65D4CEAD54 ] Processor      C:\WINDOWS\system32\DRIVERS\processr.sys
10:52:38.0187 3828  Processor - ok
10:52:38.0187 3828  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:52:38.0375 3828  ProtectedStorage - ok
10:52:38.0406 3828  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:52:38.0593 3828  PSched - ok
10:52:38.0640 3828  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:52:38.0812 3828  Ptilink - ok
10:52:38.0875 3828  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:52:38.0921 3828  PxHelp20 - ok
10:52:38.0937 3828  ql1080 - ok
10:52:38.0953 3828  Ql10wnt - ok
10:52:38.0968 3828  ql12160 - ok
10:52:38.0984 3828  ql1240 - ok
10:52:39.0000 3828  ql1280 - ok
10:52:39.0062 3828  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:52:39.0265 3828  RasAcd - ok
10:52:39.0328 3828  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto        C:\WINDOWS\System32\rasauto.dll
10:52:39.0500 3828  RasAuto - ok
10:52:39.0546 3828  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda        C:\WINDOWS\system32\DRIVERS\rasirda.sys
10:52:39.0687 3828  Rasirda - ok
10:52:39.0734 3828  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:52:39.0906 3828  Rasl2tp - ok
10:52:39.0968 3828  [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:52:40.0609 3828  RasMan - ok
10:52:40.0640 3828  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:52:40.0812 3828  RasPppoe - ok
10:52:40.0859 3828  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:52:41.0031 3828  Raspti - ok
10:52:41.0062 3828  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:52:41.0828 3828  Rdbss - ok
10:52:41.0875 3828  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:52:42.0093 3828  RDPCDD - ok
10:52:42.0156 3828  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
10:52:42.0765 3828  RDPWD - ok
10:52:42.0812 3828  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
10:52:43.0015 3828  RDSessMgr - ok
10:52:43.0078 3828  [ AA56702E230860565CB8D43680F57F33 ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
10:52:43.0281 3828  redbook - ok
10:52:43.0328 3828  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:52:43.0546 3828  RemoteAccess - ok
10:52:43.0593 3828  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:52:43.0750 3828  RpcLocator - ok
10:52:43.0812 3828  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs          C:\WINDOWS\System32\rpcss.dll
10:52:44.0031 3828  RpcSs - ok
10:52:44.0093 3828  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:52:44.0343 3828  RSVP - ok
10:52:44.0406 3828  [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp      C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
10:52:44.0531 3828  RTL8023xp - ok
10:52:44.0562 3828  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs          C:\WINDOWS\system32\lsass.exe
10:52:44.0734 3828  SamSs - ok
10:52:44.0796 3828  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:52:44.0984 3828  SCardSvr - ok
10:52:45.0046 3828  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:52:45.0234 3828  Schedule - ok
10:52:45.0281 3828  [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus          C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:52:45.0484 3828  sdbus - ok
10:52:45.0515 3828  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:52:46.0125 3828  Secdrv - ok
10:52:46.0171 3828  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:52:46.0359 3828  seclogon - ok
10:52:46.0390 3828  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll
10:52:46.0578 3828  SENS - ok
10:52:46.0625 3828  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum        C:\WINDOWS\system32\DRIVERS\serenum.sys
10:52:46.0765 3828  serenum - ok
10:52:46.0796 3828  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:52:47.0000 3828  Serial - ok
10:52:47.0031 3828  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy        C:\WINDOWS\system32\drivers\Sfloppy.sys
10:52:47.0187 3828  Sfloppy - ok
10:52:47.0265 3828  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:52:47.0531 3828  SharedAccess - ok
10:52:47.0562 3828  [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:52:48.0187 3828  ShellHWDetection - ok
10:52:48.0203 3828  Simbad - ok
10:52:48.0265 3828  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:52:48.0453 3828  SLIP - ok
10:52:48.0500 3828  [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA        C:\WINDOWS\system32\DRIVERS\smcirda.sys
10:52:48.0656 3828  SMCIRDA - ok
10:52:48.0703 3828  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:52:48.0906 3828  SONYPVU1 - ok
10:52:48.0921 3828  Sparrow - ok
10:52:48.0968 3828  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:52:49.0562 3828  splitter - ok
10:52:49.0609 3828  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
10:52:50.0406 3828  Spooler - ok
10:52:50.0406 3828  SPTISRV - ok
10:52:50.0468 3828  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:52:50.0671 3828  sr - ok
10:52:50.0734 3828  [ E150E7618328562598F4CE0B5851B5CD ] srservice      C:\WINDOWS\system32\srsvc.dll
10:52:51.0421 3828  srservice - ok
10:52:51.0484 3828  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
10:52:51.0734 3828  Srv - ok
10:52:51.0781 3828  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
10:52:51.0984 3828  SSDPSRV - ok
10:52:52.0046 3828  [ 5FFB52404158ABC5D9FF4081BCD67033 ] SSHDRV62        C:\WINDOWS\system32\drivers\SSHDRV62.sys
10:52:52.0093 3828  SSHDRV62 ( UnsignedFile.Multi.Generic ) - warning
10:52:52.0109 3828  SSHDRV62 - detected UnsignedFile.Multi.Generic (1)
10:52:52.0125 3828  [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:52:52.0187 3828  ssmdrv ( UnsignedFile.Multi.Generic ) - warning
10:52:52.0187 3828  ssmdrv - detected UnsignedFile.Multi.Generic (1)
10:52:52.0265 3828  [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:52:53.0093 3828  stisvc - ok
10:52:53.0125 3828  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:52:53.0296 3828  streamip - ok
10:52:53.0343 3828  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:52:53.0515 3828  swenum - ok
10:52:53.0546 3828  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:52:53.0765 3828  swmidi - ok
10:52:53.0796 3828  SwPrv - ok
10:52:53.0812 3828  symc810 - ok
10:52:53.0828 3828  symc8xx - ok
10:52:53.0843 3828  sym_hi - ok
10:52:53.0859 3828  sym_u3 - ok
10:52:53.0921 3828  [ F484C77F748729129D5CC9C965D9F701 ] SynTP          C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:52:54.0031 3828  SynTP - ok
10:52:54.0078 3828  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:52:54.0265 3828  sysaudio - ok
10:52:54.0328 3828  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
10:52:54.0531 3828  SysmonLog - ok
10:52:54.0578 3828  [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
10:52:55.0421 3828  TapiSrv - ok
10:52:55.0468 3828  [ 0A396237C3C4164DE12D7C26450BD69C ] tbhsd          C:\WINDOWS\system32\drivers\tbhsd.sys
10:52:55.0500 3828  tbhsd - ok
10:52:55.0562 3828  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:52:55.0812 3828  Tcpip - ok
10:52:55.0875 3828  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:52:56.0062 3828  TDPIPE - ok
10:52:56.0093 3828  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
10:52:56.0296 3828  TDTCP - ok
10:52:56.0328 3828  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:52:56.0531 3828  TermDD - ok
10:52:56.0593 3828  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService    C:\WINDOWS\System32\termsrv.dll
10:52:56.0875 3828  TermService - ok
10:52:56.0921 3828  [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:52:57.0515 3828  Themes - ok
10:52:57.0578 3828  [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21          C:\WINDOWS\system32\drivers\tifm21.sys
10:52:57.0671 3828  tifm21 - ok
10:52:57.0703 3828  TosIde - ok
10:52:57.0734 3828  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:52:57.0921 3828  TrkWks - ok
10:52:58.0000 3828  [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag  C:\WINDOWS\System32\TuneUpDefragService.exe
10:52:58.0203 3828  TuneUp.Defrag - ok
10:52:58.0250 3828  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:52:58.0453 3828  Udfs - ok
10:52:58.0468 3828  ultra - ok
10:52:58.0515 3828  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf          C:\WINDOWS\system32\wdfmgr.exe
10:52:58.0640 3828  UMWdf - ok
10:52:58.0687 3828  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:52:58.0906 3828  Update - ok
10:52:58.0937 3828  [ BA85BCF1A2BCF927C3600574173403E0 ] uploadmgr      C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:52:59.0171 3828  uploadmgr - ok
10:52:59.0234 3828  [ 855790C1BACED245A6B210AF430ED17B ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:52:59.0906 3828  upnphost - ok
10:52:59.0968 3828  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS            C:\WINDOWS\System32\ups.exe
10:53:00.0140 3828  UPS - ok
10:53:00.0203 3828  [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL        C:\WINDOWS\system32\Drivers\usbaapl.sys
10:53:00.0312 3828  USBAAPL - ok
10:53:00.0359 3828  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
10:53:00.0546 3828  usbaudio - ok
10:53:00.0578 3828  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp        C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:53:00.0765 3828  usbccgp - ok
10:53:00.0796 3828  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:53:00.0984 3828  usbehci - ok
10:53:01.0031 3828  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:53:01.0218 3828  usbhub - ok
10:53:01.0250 3828  [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci        C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:53:01.0421 3828  usbohci - ok
10:53:01.0468 3828  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:53:01.0656 3828  usbprint - ok
10:53:01.0687 3828  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan        C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:53:01.0875 3828  usbscan - ok
10:53:01.0921 3828  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:53:02.0109 3828  USBSTOR - ok
10:53:02.0156 3828  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:53:02.0328 3828  usbuhci - ok
10:53:02.0390 3828  [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
10:53:02.0593 3828  usbvideo - ok
10:53:02.0656 3828  [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp        C:\WINDOWS\System32\uxtuneup.dll
10:53:02.0703 3828  UxTuneUp - ok
10:53:02.0750 3828  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
10:53:02.0937 3828  VgaSave - ok
10:53:02.0968 3828  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
10:53:03.0125 3828  ViaIde - ok
10:53:03.0171 3828  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
10:53:03.0359 3828  VolSnap - ok
10:53:03.0421 3828  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS            C:\WINDOWS\System32\vssvc.exe
10:53:03.0703 3828  VSS - ok
10:53:03.0781 3828  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time        C:\WINDOWS\system32\w32time.dll
10:53:03.0984 3828  W32Time - ok
10:53:04.0015 3828  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:53:04.0218 3828  Wanarp - ok
10:53:04.0234 3828  WDICA - ok
10:53:04.0281 3828  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:53:04.0843 3828  wdmaud - ok
10:53:04.0890 3828  [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient      C:\WINDOWS\System32\webclnt.dll
10:53:05.0531 3828  WebClient - ok
10:53:05.0593 3828  [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:53:05.0859 3828  winachsf - ok
10:53:05.0968 3828  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
10:53:06.0140 3828  winmgmt - ok
10:53:06.0218 3828  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
10:53:06.0312 3828  WmdmPmSN - ok
10:53:06.0375 3828  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi        C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:53:06.0546 3828  WmiAcpi - ok
10:53:06.0609 3828  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:53:06.0828 3828  WmiApSrv - ok
10:53:06.0921 3828  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:53:07.0109 3828  wscsvc - ok
10:53:07.0140 3828  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:53:07.0343 3828  WSTCODEC - ok
10:53:07.0390 3828  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:53:07.0562 3828  wuauserv - ok
10:53:07.0609 3828  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:53:07.0953 3828  WZCSVC - ok
10:53:08.0000 3828  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
10:53:08.0296 3828  xmlprov - ok
10:53:08.0328 3828  ================ Scan global ===============================
10:53:08.0390 3828  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
10:53:08.0437 3828  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
10:53:08.0468 3828  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
10:53:08.0500 3828  [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe
10:53:08.0500 3828  [Global] - ok
10:53:08.0500 3828  ================ Scan MBR ==================================
10:53:08.0531 3828  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:53:08.0687 3828  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:53:08.0687 3828  \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:53:08.0687 3828  ================ Scan VBR ==================================
10:53:08.0703 3828  [ BB5271B3CA9D84C96B48592682BEBF32 ] \Device\Harddisk0\DR0\Partition1
10:53:08.0703 3828  \Device\Harddisk0\DR0\Partition1 - ok
10:53:08.0703 3828  ============================================================
10:53:08.0703 3828  Scan finished
10:53:08.0703 3828  ============================================================
10:53:08.0859 0200  Detected object count: 14
10:53:08.0859 0200  Actual detected object count: 14
10:54:16.0265 0200  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0265 0200  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0265 0200  aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0265 0200  aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0265 0200  BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0265 0200  BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0265 0200  cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0265 0200  cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0281 0200  ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0281 0200  ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0281 0200  ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0281 0200  ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0281 0200  ElbyVCD ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0281 0200  ElbyVCD ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0281 0200  FANTOM ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0281 0200  FANTOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0296 0200  hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0296 0200  hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0296 0200  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0296 0200  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0296 0200  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0296 0200  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0296 0200  SSHDRV62 ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0296 0200  SSHDRV62 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0312 0200  ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:54:16.0312 0200  ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:54:16.0312 0200  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:54:16.0312 0200  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:58:12.0265 3984  Deinitialize success


cosinus 08.11.2012 13:44

Code:

10:54:16.0312 0200  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.

Archivar 08.11.2012 14:45

Das erste log (der Durchlauf bei dem gelöscht wurde):

Code:

14:24:10.0156 3952  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:24:10.0250 3952  ============================================================
14:24:10.0250 3952  Current date / time: 2012/11/08 14:24:10.0250
14:24:10.0250 3952  SystemInfo:
14:24:10.0250 3952 
14:24:10.0250 3952  OS Version: 5.1.2600 ServicePack: 2.0
14:24:10.0250 3952  Product type: Workstation
14:24:10.0250 3952  ComputerName: PC132431016427
14:24:10.0250 3952  UserName: ***
14:24:10.0250 3952  Windows directory: C:\WINDOWS
14:24:10.0250 3952  System windows directory: C:\WINDOWS
14:24:10.0250 3952  Processor architecture: Intel x86
14:24:10.0250 3952  Number of processors: 1
14:24:10.0250 3952  Page size: 0x1000
14:24:10.0250 3952  Boot type: Normal boot
14:24:10.0250 3952  ============================================================
14:24:19.0359 3952  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:24:19.0390 3952  ============================================================
14:24:19.0390 3952  \Device\Harddisk0\DR0:
14:24:19.0390 3952  MBR partitions:
14:24:19.0390 3952  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
14:24:19.0390 3952  ============================================================
14:24:19.0437 3952  C: <-> \Device\Harddisk0\DR0\Partition1
14:24:19.0453 3952  ============================================================
14:24:19.0453 3952  Initialize success
14:24:19.0453 3952  ============================================================
14:24:34.0171 2096  ============================================================
14:24:34.0171 2096  Scan started
14:24:34.0171 2096  Mode: Manual; SigCheck; TDLFS;
14:24:34.0171 2096  ============================================================
14:24:36.0906 2096  ================ Scan system memory ========================
14:24:48.0109 2096  System memory - ok
14:24:48.0125 2096  ================ Scan services =============================
14:24:48.0234 2096  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
14:24:48.0453 2096  AAV UpdateService - ok
14:24:48.0625 2096  Abiosdsk - ok
14:24:48.0640 2096  abp480n5 - ok
14:24:48.0703 2096  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:24:48.0984 2096  ACPI - ok
14:24:49.0015 2096  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:24:49.0250 2096  ACPIEC - ok
14:24:49.0328 2096  [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:24:49.0453 2096  AdobeFlashPlayerUpdateSvc - ok
14:24:49.0468 2096  adpu160m - ok
14:24:49.0546 2096  [ 1EE7B434BA961EF845DE136224C30FEC ] aec            C:\WINDOWS\system32\drivers\aec.sys
14:24:50.0031 2096  aec - ok
14:24:50.0078 2096  [ 55E6E1C51B6D30E54335750955453702 ] AFD            C:\WINDOWS\System32\drivers\afd.sys
14:24:50.0609 2096  AFD - ok
14:24:50.0625 2096  Aha154x - ok
14:24:50.0656 2096  aic78u2 - ok
14:24:50.0671 2096  aic78xx - ok
14:24:50.0703 2096  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
14:24:50.0921 2096  Alerter - ok
14:24:50.0968 2096  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG            C:\WINDOWS\System32\alg.exe
14:24:51.0187 2096  ALG - ok
14:24:51.0234 2096  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
14:24:51.0468 2096  AliIde - ok
14:24:51.0531 2096  [ 769844EB65DF6A62AA51B886290FE51D ] AmdK8          C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:24:51.0671 2096  AmdK8 - ok
14:24:51.0687 2096  amsint - ok
14:24:51.0796 2096  [ 69DA2BB73AC426CDEEBDACC68438BA3D ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:24:51.0906 2096  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
14:24:51.0906 2096  Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
14:24:51.0921 2096  AppMgmt - ok
14:24:51.0984 2096  [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394        C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:24:52.0171 2096  Arp1394 - ok
14:24:52.0187 2096  asc - ok
14:24:52.0218 2096  asc3350p - ok
14:24:52.0234 2096  asc3550 - ok
14:24:52.0328 2096  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
14:24:52.0531 2096  aspnet_state ( UnsignedFile.Multi.Generic ) - warning
14:24:52.0531 2096  aspnet_state - detected UnsignedFile.Multi.Generic (1)
14:24:52.0562 2096  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:24:52.0734 2096  AsyncMac - ok
14:24:52.0781 2096  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
14:24:53.0000 2096  atapi - ok
14:24:53.0000 2096  Atdisk - ok
14:24:53.0078 2096  [ E548EB303255721145418F85B77B9D8A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:24:53.0265 2096  Ati HotKey Poller - ok
14:24:53.0359 2096  [ 6EF070828E7B8C6F45D8F0E9CE28CA8B ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:24:53.0812 2096  ati2mtag - ok
14:24:53.0890 2096  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:24:54.0281 2096  Atmarpc - ok
14:24:54.0328 2096  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:24:54.0531 2096  AudioSrv - ok
14:24:54.0578 2096  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
14:24:54.0843 2096  audstub - ok
14:24:54.0937 2096  [ FA4A4A50B4B2647AFEDC676CC68C69CC ] BCM43XX        C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:24:55.0171 2096  BCM43XX - ok
14:24:55.0187 2096  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:24:55.0546 2096  Beep - ok
14:24:55.0625 2096  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll
14:24:58.0828 2096  BITS - ok
14:24:58.0953 2096  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser        C:\WINDOWS\System32\browser.dll
14:24:59.0125 2096  Browser - ok
14:24:59.0171 2096  [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
14:24:59.0281 2096  BTWUSB ( UnsignedFile.Multi.Generic ) - warning
14:24:59.0281 2096  BTWUSB - detected UnsignedFile.Multi.Generic (1)
14:24:59.0328 2096  [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD        C:\WINDOWS\system32\drivers\camc6aud.sys
14:24:59.0453 2096  CAMCAUD - ok
14:24:59.0500 2096  [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA        C:\WINDOWS\system32\drivers\camc6hal.sys
14:24:59.0687 2096  CAMCHALA - ok
14:24:59.0703 2096  catchme - ok
14:24:59.0765 2096  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
14:25:00.0000 2096  cbidf2k - ok
14:25:00.0046 2096  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:25:00.0234 2096  CCDECODE - ok
14:25:00.0250 2096  cd20xrnt - ok
14:25:00.0296 2096  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
14:25:00.0796 2096  Cdaudio - ok
14:25:00.0859 2096  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:25:01.0046 2096  Cdfs - ok
14:25:01.0078 2096  [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv        C:\WINDOWS\system32\drivers\cdrbsdrv.sys
14:25:01.0125 2096  cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
14:25:01.0125 2096  cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
14:25:01.0171 2096  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:25:01.0343 2096  Cdrom - ok
14:25:01.0359 2096  Changer - ok
14:25:01.0406 2096  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc          C:\WINDOWS\system32\cisvc.exe
14:25:01.0656 2096  CiSvc - ok
14:25:01.0687 2096  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
14:25:01.0890 2096  ClipSrv - ok
14:25:01.0937 2096  [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:25:02.0125 2096  CmBatt - ok
14:25:02.0156 2096  CmdIde - ok
14:25:02.0203 2096  [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:25:02.0437 2096  Compbatt - ok
14:25:02.0453 2096  COMSysApp - ok
14:25:02.0484 2096  Cpqarray - ok
14:25:02.0531 2096  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:25:02.0718 2096  CryptSvc - ok
14:25:02.0734 2096  dac2w2k - ok
14:25:02.0750 2096  dac960nt - ok
14:25:02.0828 2096  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:25:03.0062 2096  DcomLaunch - ok
14:25:03.0109 2096  [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:25:03.0718 2096  Dhcp - ok
14:25:03.0796 2096  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:25:03.0984 2096  Disk - ok
14:25:04.0000 2096  dmadmin - ok
14:25:04.0093 2096  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:25:04.0359 2096  dmboot - ok
14:25:04.0406 2096  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:25:04.0593 2096  dmio - ok
14:25:04.0640 2096  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:25:04.0859 2096  dmload - ok
14:25:04.0906 2096  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:25:05.0156 2096  dmserver - ok
14:25:05.0187 2096  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:25:05.0390 2096  DMusic - ok
14:25:05.0421 2096  [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:25:05.0984 2096  Dnscache - ok
14:25:06.0000 2096  dpti2o - ok
14:25:06.0046 2096  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
14:25:06.0218 2096  drmkaud - ok
14:25:06.0265 2096  [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr        C:\WINDOWS\system32\drivers\EABFiltr.sys
14:25:06.0437 2096  eabfiltr - ok
14:25:06.0468 2096  [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb          C:\WINDOWS\system32\drivers\eabusb.sys
14:25:06.0562 2096  eabusb - ok
14:25:06.0609 2096  [ 59C9E1336A4508F059827D638E924C62 ] ElbyCDFL        C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
14:25:06.0687 2096  ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
14:25:06.0687 2096  ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
14:25:06.0734 2096  [ 389823DB299B350F2EE830D47376EEAC ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
14:25:06.0843 2096  ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
14:25:06.0843 2096  ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
14:25:06.0890 2096  [ C4143FC2F7D39A5A8B1CFE0BC4BD8A9E ] ElbyVCD        C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
14:25:06.0937 2096  ElbyVCD ( UnsignedFile.Multi.Generic ) - warning
14:25:06.0937 2096  ElbyVCD - detected UnsignedFile.Multi.Generic (1)
14:25:07.0000 2096  [ 877A4512CC9074D6954776AF47021766 ] ERSvc          C:\WINDOWS\System32\ersvc.dll
14:25:07.0203 2096  ERSvc - ok
14:25:07.0265 2096  [ A07CA23EA361A01E627D911CF139B950 ] Eventlog        C:\WINDOWS\system32\services.exe
14:25:07.0468 2096  Eventlog - ok
14:25:07.0531 2096  [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem    C:\WINDOWS\system32\es.dll
14:25:07.0625 2096  EventSystem - ok
14:25:07.0734 2096  [ 4A076E190BB9DC3202D95D496878923C ] F-Secure Filter C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys
14:25:07.0796 2096  F-Secure Filter - ok
14:25:07.0859 2096  [ C5D80C3A419BA6BED9AAB9385031A308 ] F-Secure Gatekeeper C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys
14:25:07.0921 2096  F-Secure Gatekeeper - ok
14:25:07.0968 2096  [ 45A0A9A8415DF0C22D0A683D798968CD ] F-Secure Gatekeeper Handler Starter C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
14:25:08.0062 2096  F-Secure Gatekeeper Handler Starter - ok
14:25:08.0140 2096  [ 51B6194B06F8373C7BE83F507F94F405 ] F-Secure HIPS  C:\Programme\F-Secure\HIPS\drivers\fshs.sys
14:25:08.0187 2096  F-Secure HIPS - ok
14:25:08.0281 2096  [ 3F3EC2023F3F5C8ADEE89FC21D67FA8B ] F-Secure Network Request Broker C:\Programme\F-Secure\Common\FNRB32.EXE
14:25:08.0359 2096  F-Secure Network Request Broker - ok
14:25:08.0390 2096  [ 958C6C79676E34582CFD3DA2B32CB343 ] F-Secure Recognizer C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys
14:25:08.0437 2096  F-Secure Recognizer - ok
14:25:08.0468 2096  [ E3B0CD18146F9D51A34969E9BC2458D2 ] FANTOM          C:\WINDOWS\system32\DRIVERS\fantom.sys
14:25:08.0562 2096  FANTOM ( UnsignedFile.Multi.Generic ) - warning
14:25:08.0562 2096  FANTOM - detected UnsignedFile.Multi.Generic (1)
14:25:08.0593 2096  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
14:25:08.0828 2096  Fastfat - ok
14:25:08.0921 2096  [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:25:09.0500 2096  FastUserSwitchingCompatibility - ok
14:25:09.0531 2096  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc            C:\WINDOWS\system32\DRIVERS\fdc.sys
14:25:09.0718 2096  Fdc - ok
14:25:09.0765 2096  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:25:09.0968 2096  Fips - ok
14:25:10.0015 2096  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:25:10.0187 2096  Flpydisk - ok
14:25:10.0265 2096  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:25:10.0796 2096  FltMgr - ok
14:25:10.0859 2096  [ 18DA737DD5122A475DA4948ED4643675 ] fsbts          C:\WINDOWS\system32\Drivers\fsbts.sys
14:25:10.0906 2096  fsbts - ok
14:25:11.0000 2096  [ 00F5156562FEA93C8CAF5EACC0B9524F ] fsdevcon        C:\Programme\F-Secure\Device Control\\fsdevcon32.exe
14:25:11.0218 2096  fsdevcon - ok
14:25:11.0343 2096  [ AA59C15C31B53A4F26B165737B2E4FEB ] FSDFWD          C:\Programme\F-Secure\FWES\Program\fsdfwd.exe
14:25:11.0625 2096  FSDFWD - ok
14:25:11.0687 2096  [ D7261B0876E4238D680E96B69292B9E0 ] FSFW            C:\WINDOWS\system32\drivers\fsdfw.sys
14:25:11.0765 2096  FSFW - ok
14:25:11.0859 2096  [ E0229353879FD33E15462B862A064FD6 ] FSMA            C:\Programme\F-Secure\Common\FSMA32.EXE
14:25:11.0984 2096  FSMA - ok
14:25:12.0078 2096  [ DD4A7ECF77AD120310648602C0B262EC ] FSORSPClient    C:\Programme\F-Secure\ORSP Client\fsorsp.exe
14:25:12.0171 2096  FSORSPClient - ok
14:25:12.0234 2096  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:25:12.0531 2096  Fs_Rec - ok
14:25:12.0578 2096  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:25:12.0796 2096  Ftdisk - ok
14:25:12.0875 2096  [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB        C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
14:25:13.0015 2096  FWLANUSB - ok
14:25:13.0062 2096  [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM    C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:25:13.0125 2096  GEARAspiWDM - ok
14:25:13.0187 2096  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:25:13.0328 2096  Gpc - ok
14:25:13.0421 2096  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:25:13.0609 2096  helpsvc - ok
14:25:13.0656 2096  [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ        C:\WINDOWS\System32\hidserv.dll
14:25:13.0843 2096  HidServ - ok
14:25:13.0890 2096  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:25:14.0109 2096  HidUsb - ok
14:25:14.0125 2096  hpn - ok
14:25:14.0203 2096  [ 7463E7CBDF29B50ACB90574D5769A160 ] hpqwmi          C:\Programme\HPQ\SHARED\HPQWMI.exe
14:25:14.0312 2096  hpqwmi ( UnsignedFile.Multi.Generic ) - warning
14:25:14.0312 2096  hpqwmi - detected UnsignedFile.Multi.Generic (1)
14:25:14.0375 2096  [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI        C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
14:25:14.0484 2096  HSFHWATI - ok
14:25:14.0578 2096  [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:25:15.0046 2096  HSF_DP - ok
14:25:15.0125 2096  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:25:15.0359 2096  HTTP - ok
14:25:15.0406 2096  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:25:15.0734 2096  HTTPFilter - ok
14:25:15.0750 2096  i2omgmt - ok
14:25:15.0765 2096  i2omp - ok
14:25:15.0828 2096  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:25:16.0015 2096  i8042prt - ok
14:25:16.0140 2096  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:25:16.0343 2096  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:25:16.0343 2096  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:25:16.0390 2096  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
14:25:16.0578 2096  Imapi - ok
14:25:16.0640 2096  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:25:16.0859 2096  ImapiService - ok
14:25:16.0875 2096  ini910u - ok
14:25:16.0921 2096  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:25:17.0093 2096  IntelIde - ok
14:25:17.0156 2096  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw          C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:25:17.0328 2096  Ip6Fw - ok
14:25:17.0375 2096  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:25:17.0578 2096  IpFilterDriver - ok
14:25:17.0609 2096  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:25:17.0796 2096  IpInIp - ok
14:25:17.0859 2096  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:25:18.0484 2096  IpNat - ok
14:25:18.0562 2096  [ E1BD28CA09EE8F30E8EDBD6C19F5579D ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
14:25:18.0765 2096  iPod Service - ok
14:25:18.0812 2096  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:25:19.0093 2096  IPSec - ok
14:25:19.0140 2096  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:25:19.0312 2096  IRENUM - ok
14:25:19.0359 2096  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:25:19.0593 2096  isapnp - ok
14:25:19.0609 2096  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:25:19.0796 2096  Kbdclass - ok
14:25:19.0859 2096  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:25:20.0406 2096  kmixer - ok
14:25:20.0468 2096  [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:25:20.0609 2096  KSecDD - ok
14:25:20.0671 2096  [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:25:21.0281 2096  lanmanserver - ok
14:25:21.0328 2096  [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:25:21.0437 2096  lanmanworkstation - ok
14:25:21.0453 2096  lbrtfdc - ok
14:25:21.0531 2096  [ C12476DE1AFFB1BBA1A48A459CEB3D39 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
14:25:21.0593 2096  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:25:21.0593 2096  LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:25:21.0640 2096  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
14:25:21.0828 2096  LmHosts - ok
14:25:21.0875 2096  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk        C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:25:21.0937 2096  mdmxsdk - ok
14:25:21.0968 2096  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger      C:\WINDOWS\System32\msgsvc.dll
14:25:22.0171 2096  Messenger - ok
14:25:22.0234 2096  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
14:25:22.0437 2096  mnmdd - ok
14:25:22.0468 2096  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
14:25:22.0734 2096  mnmsrvc - ok
14:25:22.0812 2096  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
14:25:23.0015 2096  Modem - ok
14:25:23.0062 2096  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:25:23.0265 2096  Mouclass - ok
14:25:23.0312 2096  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:25:23.0546 2096  mouhid - ok
14:25:23.0593 2096  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:25:23.0796 2096  MountMgr - ok
14:25:23.0875 2096  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:25:23.0937 2096  MozillaMaintenance - ok
14:25:23.0968 2096  mraid35x - ok
14:25:24.0015 2096  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:25:24.0625 2096  MRxDAV - ok
14:25:24.0687 2096  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:25:25.0156 2096  MRxSmb - ok
14:25:25.0156 2096  MSCSPTISRV - ok
14:25:25.0203 2096  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC          C:\WINDOWS\system32\msdtc.exe
14:25:25.0421 2096  MSDTC - ok
14:25:25.0453 2096  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:25:25.0656 2096  Msfs - ok
14:25:25.0671 2096  MSIServer - ok
14:25:25.0718 2096  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:25:25.0890 2096  MSKSSRV - ok
14:25:25.0921 2096  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:25:26.0125 2096  MSPCLOCK - ok
14:25:26.0156 2096  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
14:25:26.0343 2096  MSPQM - ok
14:25:26.0375 2096  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:25:26.0562 2096  mssmbios - ok
14:25:26.0609 2096  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE          C:\WINDOWS\system32\drivers\MSTEE.sys
14:25:26.0781 2096  MSTEE - ok
14:25:26.0890 2096  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
14:25:27.0328 2096  Mup - ok
14:25:27.0390 2096  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:25:27.0984 2096  NABTSFEC - ok
14:25:28.0031 2096  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:25:28.0421 2096  NDIS - ok
14:25:28.0484 2096  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:25:28.0796 2096  NdisIP - ok
14:25:28.0859 2096  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:25:29.0109 2096  NdisTapi - ok
14:25:29.0140 2096  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:25:29.0359 2096  Ndisuio - ok
14:25:29.0406 2096  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:25:29.0593 2096  NdisWan - ok
14:25:29.0625 2096  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
14:25:29.0828 2096  NDProxy - ok
14:25:29.0875 2096  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
14:25:30.0062 2096  NetBIOS - ok
14:25:30.0109 2096  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
14:25:30.0359 2096  NetBT - ok
14:25:30.0421 2096  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:25:30.0656 2096  NetDDE - ok
14:25:30.0671 2096  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:25:30.0859 2096  NetDDEdsdm - ok
14:25:30.0890 2096  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:25:31.0093 2096  Netlogon - ok
14:25:31.0140 2096  [ 1E5218FBE323C375B488318950E10FB4 ] Netman          C:\WINDOWS\System32\netman.dll
14:25:31.0750 2096  Netman - ok
14:25:31.0812 2096  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394        C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:25:32.0000 2096  NIC1394 - ok
14:25:32.0046 2096  [ 774274C487493452DF3B0126DBE7FF3B ] Nla            C:\WINDOWS\System32\mswsock.dll
14:25:32.0218 2096  Nla - ok
14:25:32.0265 2096  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:25:32.0453 2096  Npfs - ok
14:25:32.0515 2096  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:25:33.0234 2096  Ntfs - ok
14:25:33.0281 2096  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
14:25:33.0437 2096  NtLmSsp - ok
14:25:33.0500 2096  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
14:25:33.0890 2096  NtmsSvc - ok
14:25:33.0937 2096  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:25:34.0203 2096  Null - ok
14:25:34.0250 2096  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:25:34.0515 2096  NwlnkFlt - ok
14:25:34.0546 2096  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:25:34.0781 2096  NwlnkFwd - ok
14:25:34.0875 2096  [ 197DDF60B254A84D8656850397B5F923 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:25:35.0484 2096  ohci1394 - ok
14:25:35.0500 2096  PACSPTISVR - ok
14:25:35.0562 2096  [ B2F17A2EDB5450E61973A037F63A595B ] Parport        C:\WINDOWS\system32\DRIVERS\parport.sys
14:25:35.0750 2096  Parport - ok
14:25:35.0781 2096  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
14:25:35.0968 2096  PartMgr - ok
14:25:36.0015 2096  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:25:36.0218 2096  ParVdm - ok
14:25:36.0265 2096  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
14:25:36.0453 2096  PCI - ok
14:25:36.0468 2096  PCIDump - ok
14:25:36.0500 2096  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:25:36.0687 2096  PCIIde - ok
14:25:36.0718 2096  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:25:36.0937 2096  Pcmcia - ok
14:25:36.0953 2096  PDCOMP - ok
14:25:36.0968 2096  PDFRAME - ok
14:25:36.0984 2096  PDRELI - ok
14:25:37.0000 2096  PDRFRAME - ok
14:25:37.0015 2096  perc2 - ok
14:25:37.0031 2096  perc2hib - ok
14:25:37.0109 2096  [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:25:37.0218 2096  PlugPlay - ok
14:25:37.0250 2096  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
14:25:37.0421 2096  PolicyAgent - ok
14:25:37.0468 2096  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:25:37.0656 2096  PptpMiniport - ok
14:25:37.0703 2096  [ F04317FB351B75233979DC65D4CEAD54 ] Processor      C:\WINDOWS\system32\DRIVERS\processr.sys
14:25:38.0281 2096  Processor - ok
14:25:38.0328 2096  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:25:38.0500 2096  ProtectedStorage - ok
14:25:38.0562 2096  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:25:38.0734 2096  PSched - ok
14:25:38.0812 2096  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:25:39.0031 2096  Ptilink - ok
14:25:39.0093 2096  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:25:39.0140 2096  PxHelp20 - ok
14:25:39.0156 2096  ql1080 - ok
14:25:39.0171 2096  Ql10wnt - ok
14:25:39.0187 2096  ql12160 - ok
14:25:39.0218 2096  ql1240 - ok
14:25:39.0234 2096  ql1280 - ok
14:25:39.0281 2096  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:25:39.0500 2096  RasAcd - ok
14:25:39.0515 2096  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto        C:\WINDOWS\System32\rasauto.dll
14:25:39.0750 2096  RasAuto - ok
14:25:39.0796 2096  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda        C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:25:39.0968 2096  Rasirda - ok
14:25:40.0000 2096  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:25:40.0171 2096  Rasl2tp - ok
14:25:40.0218 2096  [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:25:40.0828 2096  RasMan - ok
14:25:40.0875 2096  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:25:41.0078 2096  RasPppoe - ok
14:25:41.0140 2096  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:25:41.0343 2096  Raspti - ok
14:25:41.0390 2096  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:25:42.0031 2096  Rdbss - ok
14:25:42.0046 2096  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:25:42.0250 2096  RDPCDD - ok
14:25:42.0312 2096  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
14:25:42.0921 2096  RDPWD - ok
14:25:42.0968 2096  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
14:25:43.0328 2096  RDSessMgr - ok
14:25:43.0390 2096  [ AA56702E230860565CB8D43680F57F33 ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
14:25:43.0578 2096  redbook - ok
14:25:43.0609 2096  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:25:43.0828 2096  RemoteAccess - ok
14:25:43.0906 2096  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:25:44.0062 2096  RpcLocator - ok
14:25:44.0109 2096  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs          C:\WINDOWS\System32\rpcss.dll
14:25:44.0406 2096  RpcSs - ok
14:25:44.0484 2096  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:25:44.0750 2096  RSVP - ok
14:25:44.0828 2096  [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp      C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
14:25:44.0953 2096  RTL8023xp - ok
14:25:44.0984 2096  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs          C:\WINDOWS\system32\lsass.exe
14:25:45.0156 2096  SamSs - ok
14:25:45.0203 2096  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:25:45.0453 2096  SCardSvr - ok
14:25:45.0500 2096  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:25:45.0718 2096  Schedule - ok
14:25:45.0765 2096  [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus          C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:25:45.0953 2096  sdbus - ok
14:25:46.0000 2096  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:25:46.0625 2096  Secdrv - ok
14:25:46.0671 2096  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:25:46.0859 2096  seclogon - ok
14:25:46.0953 2096  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll
14:25:47.0609 2096  SENS - ok
14:25:47.0671 2096  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum        C:\WINDOWS\system32\DRIVERS\serenum.sys
14:25:47.0968 2096  serenum - ok
14:25:48.0015 2096  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:25:48.0218 2096  Serial - ok
14:25:48.0265 2096  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy        C:\WINDOWS\system32\drivers\Sfloppy.sys
14:25:48.0437 2096  Sfloppy - ok
14:25:48.0500 2096  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:25:48.0796 2096  SharedAccess - ok
14:25:48.0921 2096  [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:25:49.0593 2096  ShellHWDetection - ok
14:25:49.0609 2096  Simbad - ok
14:25:49.0656 2096  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:25:49.0828 2096  SLIP - ok
14:25:49.0890 2096  [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA        C:\WINDOWS\system32\DRIVERS\smcirda.sys
14:25:50.0078 2096  SMCIRDA - ok
14:25:50.0156 2096  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:25:50.0375 2096  SONYPVU1 - ok
14:25:50.0390 2096  Sparrow - ok
14:25:50.0437 2096  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:25:51.0031 2096  splitter - ok
14:25:51.0078 2096  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
14:25:52.0093 2096  Spooler - ok
14:25:52.0109 2096  SPTISRV - ok
14:25:52.0187 2096  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:25:52.0562 2096  sr - ok
14:25:52.0625 2096  [ E150E7618328562598F4CE0B5851B5CD ] srservice      C:\WINDOWS\system32\srsvc.dll
14:25:53.0343 2096  srservice - ok
14:25:53.0406 2096  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
14:25:53.0656 2096  Srv - ok
14:25:53.0703 2096  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
14:25:53.0890 2096  SSDPSRV - ok
14:25:53.0953 2096  [ 5FFB52404158ABC5D9FF4081BCD67033 ] SSHDRV62        C:\WINDOWS\system32\drivers\SSHDRV62.sys
14:25:54.0062 2096  SSHDRV62 ( UnsignedFile.Multi.Generic ) - warning
14:25:54.0062 2096  SSHDRV62 - detected UnsignedFile.Multi.Generic (1)
14:25:54.0078 2096  [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:25:54.0156 2096  ssmdrv ( UnsignedFile.Multi.Generic ) - warning
14:25:54.0156 2096  ssmdrv - detected UnsignedFile.Multi.Generic (1)
14:25:54.0218 2096  [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:25:54.0984 2096  stisvc - ok
14:25:55.0015 2096  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:25:55.0187 2096  streamip - ok
14:25:55.0265 2096  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:25:55.0453 2096  swenum - ok
14:25:55.0500 2096  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:25:55.0718 2096  swmidi - ok
14:25:55.0734 2096  SwPrv - ok
14:25:55.0765 2096  symc810 - ok
14:25:55.0781 2096  symc8xx - ok
14:25:55.0796 2096  sym_hi - ok
14:25:55.0812 2096  sym_u3 - ok
14:25:55.0859 2096  [ F484C77F748729129D5CC9C965D9F701 ] SynTP          C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:25:56.0015 2096  SynTP - ok
14:25:56.0062 2096  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:25:56.0265 2096  sysaudio - ok
14:25:56.0328 2096  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
14:25:56.0593 2096  SysmonLog - ok
14:25:56.0656 2096  [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
14:25:57.0390 2096  TapiSrv - ok
14:25:57.0437 2096  [ 0A396237C3C4164DE12D7C26450BD69C ] tbhsd          C:\WINDOWS\system32\drivers\tbhsd.sys
14:25:57.0484 2096  tbhsd - ok
14:25:57.0546 2096  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:25:57.0796 2096  Tcpip - ok
14:25:57.0859 2096  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:25:58.0046 2096  TDPIPE - ok
14:25:58.0078 2096  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
14:25:58.0265 2096  TDTCP - ok
14:25:58.0296 2096  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:25:58.0515 2096  TermDD - ok
14:25:58.0562 2096  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService    C:\WINDOWS\System32\termsrv.dll
14:25:58.0968 2096  TermService - ok
14:25:59.0000 2096  [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:25:59.0671 2096  Themes - ok
14:25:59.0734 2096  [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21          C:\WINDOWS\system32\drivers\tifm21.sys
14:25:59.0859 2096  tifm21 - ok
14:25:59.0890 2096  TosIde - ok
14:25:59.0921 2096  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:26:00.0109 2096  TrkWks - ok
14:26:00.0203 2096  [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag  C:\WINDOWS\System32\TuneUpDefragService.exe
14:26:00.0406 2096  TuneUp.Defrag - ok
14:26:00.0468 2096  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:26:00.0656 2096  Udfs - ok
14:26:00.0671 2096  ultra - ok
14:26:00.0718 2096  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf          C:\WINDOWS\system32\wdfmgr.exe
14:26:00.0843 2096  UMWdf - ok
14:26:00.0921 2096  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:26:01.0265 2096  Update - ok
14:26:01.0281 2096  [ BA85BCF1A2BCF927C3600574173403E0 ] uploadmgr      C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:26:01.0484 2096  uploadmgr - ok
14:26:01.0531 2096  [ 855790C1BACED245A6B210AF430ED17B ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:26:02.0203 2096  upnphost - ok
14:26:02.0265 2096  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS            C:\WINDOWS\System32\ups.exe
14:26:02.0437 2096  UPS - ok
14:26:02.0500 2096  [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL        C:\WINDOWS\system32\Drivers\usbaapl.sys
14:26:02.0609 2096  USBAAPL - ok
14:26:02.0671 2096  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
14:26:02.0843 2096  usbaudio - ok
14:26:02.0890 2096  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp        C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:26:03.0078 2096  usbccgp - ok
14:26:03.0109 2096  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:26:03.0281 2096  usbehci - ok
14:26:03.0312 2096  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:26:03.0500 2096  usbhub - ok
14:26:03.0531 2096  [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci        C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:26:03.0703 2096  usbohci - ok
14:26:03.0750 2096  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:26:03.0953 2096  usbprint - ok
14:26:03.0984 2096  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan        C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:26:04.0156 2096  usbscan - ok
14:26:04.0203 2096  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:26:04.0406 2096  USBSTOR - ok
14:26:04.0453 2096  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:26:04.0593 2096  usbuhci - ok
14:26:04.0656 2096  [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
14:26:04.0828 2096  usbvideo - ok
14:26:04.0968 2096  [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp        C:\WINDOWS\System32\uxtuneup.dll
14:26:05.0000 2096  UxTuneUp - ok
14:26:05.0062 2096  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
14:26:05.0234 2096  VgaSave - ok
14:26:05.0281 2096  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
14:26:05.0453 2096  ViaIde - ok
14:26:05.0484 2096  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
14:26:05.0718 2096  VolSnap - ok
14:26:05.0828 2096  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS            C:\WINDOWS\System32\vssvc.exe
14:26:06.0281 2096  VSS - ok
14:26:06.0359 2096  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time        C:\WINDOWS\system32\w32time.dll
14:26:06.0546 2096  W32Time - ok
14:26:06.0609 2096  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:26:06.0828 2096  Wanarp - ok
14:26:06.0843 2096  WDICA - ok
14:26:06.0890 2096  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:26:07.0562 2096  wdmaud - ok
14:26:07.0609 2096  [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient      C:\WINDOWS\System32\webclnt.dll
14:26:08.0187 2096  WebClient - ok
14:26:08.0250 2096  [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:26:08.0468 2096  winachsf - ok
14:26:08.0562 2096  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
14:26:08.0750 2096  winmgmt - ok
14:26:08.0828 2096  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
14:26:08.0937 2096  WmdmPmSN - ok
14:26:09.0000 2096  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi        C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:26:09.0171 2096  WmiAcpi - ok
14:26:09.0250 2096  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:26:09.0531 2096  WmiApSrv - ok
14:26:09.0625 2096  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:26:09.0828 2096  wscsvc - ok
14:26:09.0875 2096  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:26:10.0062 2096  WSTCODEC - ok
14:26:10.0093 2096  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:26:10.0296 2096  wuauserv - ok
14:26:10.0359 2096  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:26:10.0656 2096  WZCSVC - ok
14:26:10.0703 2096  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
14:26:10.0875 2096  xmlprov - ok
14:26:10.0921 2096  ================ Scan global ===============================
14:26:10.0968 2096  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
14:26:11.0031 2096  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:26:11.0062 2096  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:26:11.0093 2096  [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe
14:26:11.0109 2096  [Global] - ok
14:26:11.0109 2096  ================ Scan MBR ==================================
14:26:11.0140 2096  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:26:11.0343 2096  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:26:11.0343 2096  \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:26:11.0343 2096  ================ Scan VBR ==================================
14:26:11.0359 2096  [ BB5271B3CA9D84C96B48592682BEBF32 ] \Device\Harddisk0\DR0\Partition1
14:26:11.0359 2096  \Device\Harddisk0\DR0\Partition1 - ok
14:26:11.0359 2096  ============================================================
14:26:11.0359 2096  Scan finished
14:26:11.0359 2096  ============================================================
14:26:11.0515 2088  Detected object count: 14
14:26:11.0515 2088  Actual detected object count: 14
14:27:03.0281 2088  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0281 2088  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0296 2088  aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0296 2088  aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0296 2088  BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0296 2088  BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0312 2088  cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0312 2088  cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0312 2088  ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0312 2088  ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0328 2088  ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0328 2088  ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0328 2088  ElbyVCD ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0328 2088  ElbyVCD ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0328 2088  FANTOM ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0328 2088  FANTOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0343 2088  hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0343 2088  hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0343 2088  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0343 2088  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0359 2088  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0359 2088  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0359 2088  SSHDRV62 ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0359 2088  SSHDRV62 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0375 2088  ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:03.0375 2088  ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:03.0437 2088  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:27:03.0453 2088  \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
14:27:03.0453 2088  \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
14:27:03.0453 2088  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
14:27:03.0453 2088  \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
14:27:03.0531 2088  \Device\Harddisk0\DR0\TDLFS - deleted
14:27:03.0531 2088  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
14:27:23.0187 3864  Deinitialize success

Und das zweite nach dem Neustart:

Code:

14:29:35.0093 3528  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:29:35.0203 3528  ============================================================
14:29:35.0203 3528  Current date / time: 2012/11/08 14:29:35.0203
14:29:35.0203 3528  SystemInfo:
14:29:35.0203 3528 
14:29:35.0203 3528  OS Version: 5.1.2600 ServicePack: 2.0
14:29:35.0203 3528  Product type: Workstation
14:29:35.0203 3528  ComputerName: PC132431016427
14:29:35.0203 3528  UserName: ***
14:29:35.0203 3528  Windows directory: C:\WINDOWS
14:29:35.0203 3528  System windows directory: C:\WINDOWS
14:29:35.0203 3528  Processor architecture: Intel x86
14:29:35.0203 3528  Number of processors: 1
14:29:35.0203 3528  Page size: 0x1000
14:29:35.0203 3528  Boot type: Normal boot
14:29:35.0203 3528  ============================================================
14:29:37.0531 3528  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:29:37.0531 3528  ============================================================
14:29:37.0531 3528  \Device\Harddisk0\DR0:
14:29:37.0531 3528  MBR partitions:
14:29:37.0531 3528  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
14:29:37.0531 3528  ============================================================
14:29:37.0546 3528  C: <-> \Device\Harddisk0\DR0\Partition1
14:29:37.0562 3528  ============================================================
14:29:37.0562 3528  Initialize success
14:29:37.0562 3528  ============================================================
14:30:20.0203 1820  ============================================================
14:30:20.0203 1820  Scan started
14:30:20.0203 1820  Mode: Manual; SigCheck; TDLFS;
14:30:20.0203 1820  ============================================================
14:30:20.0343 1820  ================ Scan system memory ========================
14:30:36.0984 1820  System memory - ok
14:30:36.0984 1820  ================ Scan services =============================
14:30:37.0109 1820  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
14:30:38.0875 1820  AAV UpdateService - ok
14:30:39.0046 1820  Abiosdsk - ok
14:30:39.0062 1820  abp480n5 - ok
14:30:39.0109 1820  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:30:39.0718 1820  ACPI - ok
14:30:39.0781 1820  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:30:41.0046 1820  ACPIEC - ok
14:30:41.0187 1820  [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:30:42.0359 1820  AdobeFlashPlayerUpdateSvc - ok
14:30:42.0375 1820  adpu160m - ok
14:30:42.0468 1820  [ 1EE7B434BA961EF845DE136224C30FEC ] aec            C:\WINDOWS\system32\drivers\aec.sys
14:30:43.0312 1820  aec - ok
14:30:43.0375 1820  [ 55E6E1C51B6D30E54335750955453702 ] AFD            C:\WINDOWS\System32\drivers\afd.sys
14:30:44.0406 1820  AFD - ok
14:30:44.0421 1820  Aha154x - ok
14:30:44.0437 1820  aic78u2 - ok
14:30:44.0468 1820  aic78xx - ok
14:30:44.0500 1820  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
14:30:45.0625 1820  Alerter - ok
14:30:45.0671 1820  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG            C:\WINDOWS\System32\alg.exe
14:30:46.0671 1820  ALG - ok
14:30:46.0703 1820  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
14:30:47.0046 1820  AliIde - ok
14:30:47.0109 1820  [ 769844EB65DF6A62AA51B886290FE51D ] AmdK8          C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:30:47.0703 1820  AmdK8 - ok
14:30:47.0718 1820  amsint - ok
14:30:47.0875 1820  [ 69DA2BB73AC426CDEEBDACC68438BA3D ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:30:48.0046 1820  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
14:30:48.0046 1820  Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
14:30:48.0062 1820  AppMgmt - ok
14:30:48.0125 1820  [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394        C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:30:48.0875 1820  Arp1394 - ok
14:30:48.0890 1820  asc - ok
14:30:48.0906 1820  asc3350p - ok
14:30:48.0921 1820  asc3550 - ok
14:30:49.0031 1820  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
14:30:49.0562 1820  aspnet_state ( UnsignedFile.Multi.Generic ) - warning
14:30:49.0562 1820  aspnet_state - detected UnsignedFile.Multi.Generic (1)
14:30:49.0593 1820  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:30:50.0140 1820  AsyncMac - ok
14:30:50.0187 1820  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
14:30:50.0421 1820  atapi - ok
14:30:50.0437 1820  Atdisk - ok
14:30:50.0515 1820  [ E548EB303255721145418F85B77B9D8A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:30:51.0109 1820  Ati HotKey Poller - ok
14:30:51.0250 1820  [ 6EF070828E7B8C6F45D8F0E9CE28CA8B ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:30:52.0046 1820  ati2mtag - ok
14:30:52.0187 1820  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:30:52.0750 1820  Atmarpc - ok
14:30:52.0812 1820  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:30:53.0062 1820  AudioSrv - ok
14:30:53.0125 1820  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
14:30:53.0421 1820  audstub - ok
14:30:53.0500 1820  [ FA4A4A50B4B2647AFEDC676CC68C69CC ] BCM43XX        C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:30:53.0859 1820  BCM43XX - ok
14:30:53.0906 1820  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:30:54.0437 1820  Beep - ok
14:30:54.0500 1820  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll
14:30:57.0671 1820  BITS - ok
14:30:57.0734 1820  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser        C:\WINDOWS\System32\browser.dll
14:30:58.0093 1820  Browser - ok
14:30:58.0156 1820  [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
14:30:58.0671 1820  BTWUSB ( UnsignedFile.Multi.Generic ) - warning
14:30:58.0671 1820  BTWUSB - detected UnsignedFile.Multi.Generic (1)
14:30:58.0718 1820  [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD        C:\WINDOWS\system32\drivers\camc6aud.sys
14:30:58.0906 1820  CAMCAUD - ok
14:30:59.0000 1820  [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA        C:\WINDOWS\system32\drivers\camc6hal.sys
14:30:59.0453 1820  CAMCHALA - ok
14:30:59.0484 1820  catchme - ok
14:30:59.0515 1820  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
14:31:00.0062 1820  cbidf2k - ok
14:31:00.0109 1820  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:31:00.0328 1820  CCDECODE - ok
14:31:00.0328 1820  cd20xrnt - ok
14:31:00.0375 1820  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
14:31:00.0968 1820  Cdaudio - ok
14:31:01.0093 1820  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:31:01.0640 1820  Cdfs - ok
14:31:01.0687 1820  [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv        C:\WINDOWS\system32\drivers\cdrbsdrv.sys
14:31:01.0859 1820  cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
14:31:01.0859 1820  cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
14:31:01.0906 1820  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:31:02.0234 1820  Cdrom - ok
14:31:02.0250 1820  Changer - ok
14:31:02.0281 1820  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc          C:\WINDOWS\system32\cisvc.exe
14:31:02.0531 1820  CiSvc - ok
14:31:02.0562 1820  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
14:31:03.0109 1820  ClipSrv - ok
14:31:03.0203 1820  [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:31:03.0453 1820  CmBatt - ok
14:31:03.0468 1820  CmdIde - ok
14:31:03.0531 1820  [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:31:03.0859 1820  Compbatt - ok
14:31:03.0875 1820  COMSysApp - ok
14:31:03.0890 1820  Cpqarray - ok
14:31:03.0937 1820  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:31:04.0500 1820  CryptSvc - ok
14:31:04.0515 1820  dac2w2k - ok
14:31:04.0515 1820  dac960nt - ok
14:31:04.0593 1820  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:31:04.0921 1820  DcomLaunch - ok
14:31:04.0984 1820  [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:31:05.0656 1820  Dhcp - ok
14:31:05.0718 1820  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:31:05.0875 1820  Disk - ok
14:31:05.0890 1820  dmadmin - ok
14:31:05.0968 1820  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:31:06.0281 1820  dmboot - ok
14:31:06.0312 1820  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:31:06.0546 1820  dmio - ok
14:31:06.0593 1820  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:31:07.0703 1820  dmload - ok
14:31:07.0796 1820  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:31:08.0156 1820  dmserver - ok
14:31:08.0203 1820  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:31:08.0390 1820  DMusic - ok
14:31:08.0421 1820  [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:31:09.0062 1820  Dnscache - ok
14:31:09.0078 1820  dpti2o - ok
14:31:09.0125 1820  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
14:31:09.0312 1820  drmkaud - ok
14:31:09.0343 1820  [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr        C:\WINDOWS\system32\drivers\EABFiltr.sys
14:31:09.0578 1820  eabfiltr - ok
14:31:09.0609 1820  [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb          C:\WINDOWS\system32\drivers\eabusb.sys
14:31:09.0703 1820  eabusb - ok
14:31:09.0765 1820  [ 59C9E1336A4508F059827D638E924C62 ] ElbyCDFL        C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
14:31:09.0921 1820  ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
14:31:09.0921 1820  ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
14:31:09.0968 1820  [ 389823DB299B350F2EE830D47376EEAC ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
14:31:10.0046 1820  ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
14:31:10.0046 1820  ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
14:31:10.0093 1820  [ C4143FC2F7D39A5A8B1CFE0BC4BD8A9E ] ElbyVCD        C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
14:31:10.0156 1820  ElbyVCD ( UnsignedFile.Multi.Generic ) - warning
14:31:10.0156 1820  ElbyVCD - detected UnsignedFile.Multi.Generic (1)
14:31:10.0203 1820  [ 877A4512CC9074D6954776AF47021766 ] ERSvc          C:\WINDOWS\System32\ersvc.dll
14:31:10.0375 1820  ERSvc - ok
14:31:10.0421 1820  [ A07CA23EA361A01E627D911CF139B950 ] Eventlog        C:\WINDOWS\system32\services.exe
14:31:10.0687 1820  Eventlog - ok
14:31:10.0750 1820  [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem    C:\WINDOWS\system32\es.dll
14:31:10.0937 1820  EventSystem - ok
14:31:11.0078 1820  [ 4A076E190BB9DC3202D95D496878923C ] F-Secure Filter C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys
14:31:11.0203 1820  F-Secure Filter - ok
14:31:11.0265 1820  [ C5D80C3A419BA6BED9AAB9385031A308 ] F-Secure Gatekeeper C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys
14:31:11.0375 1820  F-Secure Gatekeeper - ok
14:31:11.0406 1820  [ 45A0A9A8415DF0C22D0A683D798968CD ] F-Secure Gatekeeper Handler Starter C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
14:31:11.0500 1820  F-Secure Gatekeeper Handler Starter - ok
14:31:11.0578 1820  [ 51B6194B06F8373C7BE83F507F94F405 ] F-Secure HIPS  C:\Programme\F-Secure\HIPS\drivers\fshs.sys
14:31:11.0625 1820  F-Secure HIPS - ok
14:31:11.0703 1820  [ 3F3EC2023F3F5C8ADEE89FC21D67FA8B ] F-Secure Network Request Broker C:\Programme\F-Secure\Common\FNRB32.EXE
14:31:11.0781 1820  F-Secure Network Request Broker - ok
14:31:11.0843 1820  [ 958C6C79676E34582CFD3DA2B32CB343 ] F-Secure Recognizer C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys
14:31:11.0921 1820  F-Secure Recognizer - ok
14:31:11.0968 1820  [ E3B0CD18146F9D51A34969E9BC2458D2 ] FANTOM          C:\WINDOWS\system32\DRIVERS\fantom.sys
14:31:12.0125 1820  FANTOM ( UnsignedFile.Multi.Generic ) - warning
14:31:12.0125 1820  FANTOM - detected UnsignedFile.Multi.Generic (1)
14:31:12.0171 1820  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
14:31:12.0406 1820  Fastfat - ok
14:31:12.0453 1820  [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:31:13.0015 1820  FastUserSwitchingCompatibility - ok
14:31:13.0062 1820  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc            C:\WINDOWS\system32\DRIVERS\fdc.sys
14:31:13.0234 1820  Fdc - ok
14:31:13.0265 1820  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:31:13.0468 1820  Fips - ok
14:31:13.0515 1820  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:31:13.0812 1820  Flpydisk - ok
14:31:14.0015 1820  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:31:14.0656 1820  FltMgr - ok
14:31:14.0703 1820  [ 18DA737DD5122A475DA4948ED4643675 ] fsbts          C:\WINDOWS\system32\Drivers\fsbts.sys
14:31:14.0750 1820  fsbts - ok
14:31:14.0875 1820  [ 00F5156562FEA93C8CAF5EACC0B9524F ] fsdevcon        C:\Programme\F-Secure\Device Control\\fsdevcon32.exe
14:31:15.0062 1820  fsdevcon - ok
14:31:15.0156 1820  [ AA59C15C31B53A4F26B165737B2E4FEB ] FSDFWD          C:\Programme\F-Secure\FWES\Program\fsdfwd.exe
14:31:15.0406 1820  FSDFWD - ok
14:31:15.0437 1820  [ D7261B0876E4238D680E96B69292B9E0 ] FSFW            C:\WINDOWS\system32\drivers\fsdfw.sys
14:31:15.0515 1820  FSFW - ok
14:31:15.0562 1820  [ E0229353879FD33E15462B862A064FD6 ] FSMA            C:\Programme\F-Secure\Common\FSMA32.EXE
14:31:15.0640 1820  FSMA - ok
14:31:15.0718 1820  [ DD4A7ECF77AD120310648602C0B262EC ] FSORSPClient    C:\Programme\F-Secure\ORSP Client\fsorsp.exe
14:31:15.0781 1820  FSORSPClient - ok
14:31:15.0843 1820  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:31:16.0062 1820  Fs_Rec - ok
14:31:16.0109 1820  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:31:16.0390 1820  Ftdisk - ok
14:31:16.0437 1820  [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB        C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
14:31:16.0625 1820  FWLANUSB - ok
14:31:16.0656 1820  [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM    C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:31:16.0734 1820  GEARAspiWDM - ok
14:31:16.0812 1820  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:31:16.0984 1820  Gpc - ok
14:31:17.0093 1820  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:31:17.0296 1820  helpsvc - ok
14:31:17.0343 1820  [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ        C:\WINDOWS\System32\hidserv.dll
14:31:17.0562 1820  HidServ - ok
14:31:17.0609 1820  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:31:17.0843 1820  HidUsb - ok
14:31:17.0859 1820  hpn - ok
14:31:17.0953 1820  [ 7463E7CBDF29B50ACB90574D5769A160 ] hpqwmi          C:\Programme\HPQ\SHARED\HPQWMI.exe
14:31:18.0031 1820  hpqwmi ( UnsignedFile.Multi.Generic ) - warning
14:31:18.0031 1820  hpqwmi - detected UnsignedFile.Multi.Generic (1)
14:31:18.0093 1820  [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI        C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
14:31:18.0312 1820  HSFHWATI - ok
14:31:18.0390 1820  [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:31:18.0843 1820  HSF_DP - ok
14:31:19.0000 1820  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:31:19.0390 1820  HTTP - ok
14:31:19.0437 1820  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:31:19.0718 1820  HTTPFilter - ok
14:31:19.0734 1820  i2omgmt - ok
14:31:19.0750 1820  i2omp - ok
14:31:19.0812 1820  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:31:20.0000 1820  i8042prt - ok
14:31:20.0109 1820  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:31:20.0421 1820  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:31:20.0421 1820  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:31:20.0453 1820  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
14:31:20.0656 1820  Imapi - ok
14:31:20.0718 1820  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:31:20.0921 1820  ImapiService - ok
14:31:20.0953 1820  ini910u - ok
14:31:21.0015 1820  [ D63C33F65F6EBC732116403D88883B2D ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:31:21.0203 1820  IntelIde - ok
14:31:21.0265 1820  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw          C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:31:21.0468 1820  Ip6Fw - ok
14:31:21.0515 1820  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:31:21.0703 1820  IpFilterDriver - ok
14:31:21.0750 1820  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:31:21.0921 1820  IpInIp - ok
14:31:21.0968 1820  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:31:22.0500 1820  IpNat - ok
14:31:22.0593 1820  [ E1BD28CA09EE8F30E8EDBD6C19F5579D ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
14:31:22.0781 1820  iPod Service - ok
14:31:22.0828 1820  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:31:23.0109 1820  IPSec - ok
14:31:23.0156 1820  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:31:23.0343 1820  IRENUM - ok
14:31:23.0406 1820  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:31:23.0640 1820  isapnp - ok
14:31:23.0671 1820  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:31:23.0859 1820  Kbdclass - ok
14:31:23.0906 1820  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:31:24.0531 1820  kmixer - ok
14:31:24.0578 1820  [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:31:24.0718 1820  KSecDD - ok
14:31:24.0812 1820  [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:31:25.0468 1820  lanmanserver - ok
14:31:25.0515 1820  [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:31:25.0671 1820  lanmanworkstation - ok
14:31:25.0671 1820  lbrtfdc - ok
14:31:25.0750 1820  [ C12476DE1AFFB1BBA1A48A459CEB3D39 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
14:31:25.0828 1820  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:31:25.0828 1820  LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:31:25.0859 1820  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
14:31:26.0046 1820  LmHosts - ok
14:31:26.0078 1820  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk        C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:31:26.0140 1820  mdmxsdk - ok
14:31:26.0203 1820  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger      C:\WINDOWS\System32\msgsvc.dll
14:31:26.0406 1820  Messenger - ok
14:31:26.0453 1820  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
14:31:26.0656 1820  mnmdd - ok
14:31:26.0703 1820  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
14:31:27.0015 1820  mnmsrvc - ok
14:31:27.0093 1820  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
14:31:27.0296 1820  Modem - ok
14:31:27.0343 1820  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:31:27.0562 1820  Mouclass - ok
14:31:27.0609 1820  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:31:27.0859 1820  mouhid - ok
14:31:27.0906 1820  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:31:28.0250 1820  MountMgr - ok
14:31:28.0328 1820  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:31:28.0390 1820  MozillaMaintenance - ok
14:31:28.0406 1820  mraid35x - ok
14:31:28.0453 1820  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:31:29.0109 1820  MRxDAV - ok
14:31:29.0187 1820  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:31:29.0515 1820  MRxSmb - ok
14:31:29.0531 1820  MSCSPTISRV - ok
14:31:29.0578 1820  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC          C:\WINDOWS\system32\msdtc.exe
14:31:29.0796 1820  MSDTC - ok
14:31:29.0828 1820  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:31:30.0093 1820  Msfs - ok
14:31:30.0109 1820  MSIServer - ok
14:31:30.0140 1820  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:31:30.0312 1820  MSKSSRV - ok
14:31:30.0343 1820  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:31:30.0531 1820  MSPCLOCK - ok
14:31:30.0562 1820  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
14:31:30.0750 1820  MSPQM - ok
14:31:30.0796 1820  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:31:30.0984 1820  mssmbios - ok
14:31:31.0031 1820  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE          C:\WINDOWS\system32\drivers\MSTEE.sys
14:31:31.0203 1820  MSTEE - ok
14:31:31.0218 1820  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
14:31:31.0671 1820  Mup - ok
14:31:31.0734 1820  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:31:31.0968 1820  NABTSFEC - ok
14:31:32.0000 1820  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:31:32.0296 1820  NDIS - ok
14:31:32.0343 1820  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:31:32.0515 1820  NdisIP - ok
14:31:32.0546 1820  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:31:32.0734 1820  NdisTapi - ok
14:31:32.0765 1820  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:31:32.0968 1820  Ndisuio - ok
14:31:33.0031 1820  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:31:33.0281 1820  NdisWan - ok
14:31:33.0312 1820  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
14:31:33.0531 1820  NDProxy - ok
14:31:33.0593 1820  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
14:31:33.0781 1820  NetBIOS - ok
14:31:33.0812 1820  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
14:31:34.0062 1820  NetBT - ok
14:31:34.0125 1820  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:31:34.0359 1820  NetDDE - ok
14:31:34.0375 1820  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:31:34.0578 1820  NetDDEdsdm - ok
14:31:34.0593 1820  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:31:34.0843 1820  Netlogon - ok
14:31:34.0875 1820  [ 1E5218FBE323C375B488318950E10FB4 ] Netman          C:\WINDOWS\System32\netman.dll
14:31:35.0562 1820  Netman - ok
14:31:35.0609 1820  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394        C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:31:35.0796 1820  NIC1394 - ok
14:31:35.0843 1820  [ 774274C487493452DF3B0126DBE7FF3B ] Nla            C:\WINDOWS\System32\mswsock.dll
14:31:36.0000 1820  Nla - ok
14:31:36.0031 1820  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:31:36.0218 1820  Npfs - ok
14:31:36.0281 1820  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:31:36.0984 1820  Ntfs - ok
14:31:37.0015 1820  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
14:31:37.0156 1820  NtLmSsp - ok
14:31:37.0218 1820  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
14:31:37.0484 1820  NtmsSvc - ok
14:31:37.0531 1820  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:31:37.0796 1820  Null - ok
14:31:37.0843 1820  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:31:38.0093 1820  NwlnkFlt - ok
14:31:38.0140 1820  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:31:38.0390 1820  NwlnkFwd - ok
14:31:38.0468 1820  [ 197DDF60B254A84D8656850397B5F923 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:31:39.0078 1820  ohci1394 - ok
14:31:39.0078 1820  PACSPTISVR - ok
14:31:39.0140 1820  [ B2F17A2EDB5450E61973A037F63A595B ] Parport        C:\WINDOWS\system32\DRIVERS\parport.sys
14:31:39.0328 1820  Parport - ok
14:31:39.0375 1820  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
14:31:39.0562 1820  PartMgr - ok
14:31:39.0609 1820  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:31:39.0796 1820  ParVdm - ok
14:31:39.0828 1820  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
14:31:40.0031 1820  PCI - ok
14:31:40.0031 1820  PCIDump - ok
14:31:40.0078 1820  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:31:40.0250 1820  PCIIde - ok
14:31:40.0296 1820  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:31:40.0515 1820  Pcmcia - ok
14:31:40.0531 1820  PDCOMP - ok
14:31:40.0546 1820  PDFRAME - ok
14:31:40.0562 1820  PDRELI - ok
14:31:40.0578 1820  PDRFRAME - ok
14:31:40.0593 1820  perc2 - ok
14:31:40.0609 1820  perc2hib - ok
14:31:40.0687 1820  [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:31:40.0812 1820  PlugPlay - ok
14:31:40.0843 1820  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
14:31:41.0000 1820  PolicyAgent - ok
14:31:41.0031 1820  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:31:41.0218 1820  PptpMiniport - ok
14:31:41.0250 1820  [ F04317FB351B75233979DC65D4CEAD54 ] Processor      C:\WINDOWS\system32\DRIVERS\processr.sys
14:31:41.0828 1820  Processor - ok
14:31:41.0843 1820  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:31:42.0000 1820  ProtectedStorage - ok
14:31:42.0031 1820  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:31:42.0265 1820  PSched - ok
14:31:42.0312 1820  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:31:42.0500 1820  Ptilink - ok
14:31:42.0562 1820  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:31:42.0609 1820  PxHelp20 - ok
14:31:42.0609 1820  ql1080 - ok
14:31:42.0625 1820  Ql10wnt - ok
14:31:42.0640 1820  ql12160 - ok
14:31:42.0656 1820  ql1240 - ok
14:31:42.0671 1820  ql1280 - ok
14:31:42.0734 1820  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:31:42.0937 1820  RasAcd - ok
14:31:42.0953 1820  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto        C:\WINDOWS\System32\rasauto.dll
14:31:43.0140 1820  RasAuto - ok
14:31:43.0171 1820  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda        C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:31:43.0359 1820  Rasirda - ok
14:31:43.0390 1820  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:31:43.0562 1820  Rasl2tp - ok
14:31:43.0609 1820  [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:31:44.0250 1820  RasMan - ok
14:31:44.0281 1820  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:31:44.0484 1820  RasPppoe - ok
14:31:44.0531 1820  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:31:44.0734 1820  Raspti - ok
14:31:44.0796 1820  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:31:45.0531 1820  Rdbss - ok
14:31:45.0578 1820  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:31:45.0765 1820  RDPCDD - ok
14:31:45.0859 1820  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
14:31:46.0562 1820  RDPWD - ok
14:31:46.0609 1820  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
14:31:46.0968 1820  RDSessMgr - ok
14:31:47.0015 1820  [ AA56702E230860565CB8D43680F57F33 ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
14:31:47.0203 1820  redbook - ok
14:31:47.0250 1820  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:31:47.0453 1820  RemoteAccess - ok
14:31:47.0484 1820  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:31:47.0640 1820  RpcLocator - ok
14:31:47.0687 1820  [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs          C:\WINDOWS\System32\rpcss.dll
14:31:48.0062 1820  RpcSs - ok
14:31:48.0125 1820  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:31:48.0421 1820  RSVP - ok
14:31:48.0468 1820  [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp      C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
14:31:48.0609 1820  RTL8023xp - ok
14:31:48.0640 1820  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs          C:\WINDOWS\system32\lsass.exe
14:31:48.0812 1820  SamSs - ok
14:31:48.0937 1820  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:31:49.0140 1820  SCardSvr - ok
14:31:49.0218 1820  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:31:49.0406 1820  Schedule - ok
14:31:49.0453 1820  [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus          C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:31:49.0656 1820  sdbus - ok
14:31:49.0703 1820  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:31:50.0328 1820  Secdrv - ok
14:31:50.0375 1820  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:31:50.0546 1820  seclogon - ok
14:31:50.0593 1820  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll
14:31:51.0250 1820  SENS - ok
14:31:51.0296 1820  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum        C:\WINDOWS\system32\DRIVERS\serenum.sys
14:31:51.0593 1820  serenum - ok
14:31:51.0625 1820  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:31:51.0812 1820  Serial - ok
14:31:51.0859 1820  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy        C:\WINDOWS\system32\drivers\Sfloppy.sys
14:31:52.0031 1820  Sfloppy - ok
14:31:52.0093 1820  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:31:52.0406 1820  SharedAccess - ok
14:31:52.0437 1820  [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:31:53.0062 1820  ShellHWDetection - ok
14:31:53.0078 1820  Simbad - ok
14:31:53.0125 1820  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:31:53.0312 1820  SLIP - ok
14:31:53.0375 1820  [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA        C:\WINDOWS\system32\DRIVERS\smcirda.sys
14:31:53.0500 1820  SMCIRDA - ok
14:31:53.0562 1820  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:31:53.0765 1820  SONYPVU1 - ok
14:31:53.0765 1820  Sparrow - ok
14:31:53.0796 1820  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:31:54.0453 1820  splitter - ok
14:31:54.0484 1820  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
14:31:55.0531 1820  Spooler - ok
14:31:55.0546 1820  SPTISRV - ok
14:31:55.0609 1820  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:31:55.0921 1820  sr - ok
14:31:55.0968 1820  [ E150E7618328562598F4CE0B5851B5CD ] srservice      C:\WINDOWS\system32\srsvc.dll
14:31:56.0718 1820  srservice - ok
14:31:56.0843 1820  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
14:31:57.0281 1820  Srv - ok
14:31:57.0328 1820  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
14:31:57.0640 1820  SSDPSRV - ok
14:31:57.0718 1820  [ 5FFB52404158ABC5D9FF4081BCD67033 ] SSHDRV62        C:\WINDOWS\system32\drivers\SSHDRV62.sys
14:31:57.0781 1820  SSHDRV62 ( UnsignedFile.Multi.Generic ) - warning
14:31:57.0781 1820  SSHDRV62 - detected UnsignedFile.Multi.Generic (1)
14:31:57.0828 1820  [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:31:57.0890 1820  ssmdrv ( UnsignedFile.Multi.Generic ) - warning
14:31:57.0890 1820  ssmdrv - detected UnsignedFile.Multi.Generic (1)
14:31:57.0953 1820  [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:31:58.0671 1820  stisvc - ok
14:31:58.0703 1820  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:31:58.0875 1820  streamip - ok
14:31:58.0921 1820  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:31:59.0125 1820  swenum - ok
14:31:59.0156 1820  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:31:59.0390 1820  swmidi - ok
14:31:59.0406 1820  SwPrv - ok
14:31:59.0421 1820  symc810 - ok
14:31:59.0437 1820  symc8xx - ok
14:31:59.0453 1820  sym_hi - ok
14:31:59.0468 1820  sym_u3 - ok
14:31:59.0515 1820  [ F484C77F748729129D5CC9C965D9F701 ] SynTP          C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:31:59.0640 1820  SynTP - ok
14:31:59.0687 1820  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:31:59.0875 1820  sysaudio - ok
14:31:59.0921 1820  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
14:32:00.0156 1820  SysmonLog - ok
14:32:00.0218 1820  [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
14:32:00.0906 1820  TapiSrv - ok
14:32:00.0968 1820  [ 0A396237C3C4164DE12D7C26450BD69C ] tbhsd          C:\WINDOWS\system32\drivers\tbhsd.sys
14:32:01.0000 1820  tbhsd - ok
14:32:01.0062 1820  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:32:01.0265 1820  Tcpip - ok
14:32:01.0328 1820  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:32:01.0500 1820  TDPIPE - ok
14:32:01.0531 1820  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
14:32:01.0718 1820  TDTCP - ok
14:32:01.0765 1820  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:32:01.0968 1820  TermDD - ok
14:32:02.0046 1820  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService    C:\WINDOWS\System32\termsrv.dll
14:32:02.0359 1820  TermService - ok
14:32:02.0390 1820  [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:32:03.0062 1820  Themes - ok
14:32:03.0140 1820  [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21          C:\WINDOWS\system32\drivers\tifm21.sys
14:32:03.0281 1820  tifm21 - ok
14:32:03.0296 1820  TosIde - ok
14:32:03.0343 1820  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:32:03.0562 1820  TrkWks - ok
14:32:03.0625 1820  [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag  C:\WINDOWS\System32\TuneUpDefragService.exe
14:32:03.0828 1820  TuneUp.Defrag - ok
14:32:03.0890 1820  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:32:04.0078 1820  Udfs - ok
14:32:04.0093 1820  ultra - ok
14:32:04.0140 1820  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf          C:\WINDOWS\system32\wdfmgr.exe
14:32:04.0234 1820  UMWdf - ok
14:32:04.0281 1820  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:32:04.0578 1820  Update - ok
14:32:04.0609 1820  [ BA85BCF1A2BCF927C3600574173403E0 ] uploadmgr      C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:32:04.0781 1820  uploadmgr - ok
14:32:04.0859 1820  [ 855790C1BACED245A6B210AF430ED17B ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:32:05.0562 1820  upnphost - ok
14:32:05.0609 1820  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS            C:\WINDOWS\System32\ups.exe
14:32:05.0812 1820  UPS - ok
14:32:05.0859 1820  [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL        C:\WINDOWS\system32\Drivers\usbaapl.sys
14:32:05.0968 1820  USBAAPL - ok
14:32:06.0031 1820  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
14:32:06.0234 1820  usbaudio - ok
14:32:06.0265 1820  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp        C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:32:06.0453 1820  usbccgp - ok
14:32:06.0484 1820  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:32:06.0656 1820  usbehci - ok
14:32:06.0687 1820  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:32:06.0890 1820  usbhub - ok
14:32:06.0921 1820  [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci        C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:32:07.0078 1820  usbohci - ok
14:32:07.0109 1820  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:32:07.0281 1820  usbprint - ok
14:32:07.0312 1820  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan        C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:32:07.0500 1820  usbscan - ok
14:32:07.0531 1820  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:32:07.0734 1820  USBSTOR - ok
14:32:07.0781 1820  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:32:07.0953 1820  usbuhci - ok
14:32:08.0000 1820  [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
14:32:08.0250 1820  usbvideo - ok
14:32:08.0296 1820  [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp        C:\WINDOWS\System32\uxtuneup.dll
14:32:08.0343 1820  UxTuneUp - ok
14:32:08.0390 1820  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
14:32:08.0578 1820  VgaSave - ok
14:32:08.0609 1820  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
14:32:08.0781 1820  ViaIde - ok
14:32:08.0843 1820  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
14:32:09.0062 1820  VolSnap - ok
14:32:09.0140 1820  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS            C:\WINDOWS\System32\vssvc.exe
14:32:09.0546 1820  VSS - ok
14:32:09.0625 1820  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time        C:\WINDOWS\system32\w32time.dll
14:32:09.0812 1820  W32Time - ok
14:32:09.0859 1820  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:32:10.0046 1820  Wanarp - ok
14:32:10.0062 1820  WDICA - ok
14:32:10.0093 1820  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:32:10.0781 1820  wdmaud - ok
14:32:10.0843 1820  [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient      C:\WINDOWS\System32\webclnt.dll
14:32:11.0515 1820  WebClient - ok
14:32:11.0578 1820  [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:32:11.0765 1820  winachsf - ok
14:32:11.0875 1820  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
14:32:12.0109 1820  winmgmt - ok
14:32:12.0187 1820  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
14:32:12.0281 1820  WmdmPmSN - ok
14:32:12.0343 1820  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi        C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:32:12.0515 1820  WmiAcpi - ok
14:32:12.0562 1820  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:32:12.0812 1820  WmiApSrv - ok
14:32:12.0906 1820  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:32:13.0109 1820  wscsvc - ok
14:32:13.0140 1820  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:32:13.0328 1820  WSTCODEC - ok
14:32:13.0375 1820  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:32:13.0562 1820  wuauserv - ok
14:32:13.0609 1820  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:32:13.0937 1820  WZCSVC - ok
14:32:13.0968 1820  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
14:32:14.0156 1820  xmlprov - ok
14:32:14.0187 1820  ================ Scan global ===============================
14:32:14.0218 1820  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
14:32:14.0281 1820  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:32:14.0312 1820  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
14:32:14.0328 1820  [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe
14:32:14.0343 1820  [Global] - ok
14:32:14.0343 1820  ================ Scan MBR ==================================
14:32:14.0359 1820  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:32:14.0593 1820  \Device\Harddisk0\DR0 - ok
14:32:14.0593 1820  ================ Scan VBR ==================================
14:32:14.0593 1820  [ BB5271B3CA9D84C96B48592682BEBF32 ] \Device\Harddisk0\DR0\Partition1
14:32:14.0609 1820  \Device\Harddisk0\DR0\Partition1 - ok
14:32:14.0609 1820  ============================================================
14:32:14.0609 1820  Scan finished
14:32:14.0609 1820  ============================================================
14:32:14.0750 1772  Detected object count: 13
14:32:14.0750 1772  Actual detected object count: 13
14:32:33.0531 1772  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0531 1772  Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0546 1772  aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772  aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0546 1772  BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772  BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0546 1772  cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772  cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0546 1772  ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772  ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0546 1772  ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0546 1772  ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0562 1772  ElbyVCD ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772  ElbyVCD ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0562 1772  FANTOM ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772  FANTOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0562 1772  hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772  hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0562 1772  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0562 1772  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0562 1772  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0562 1772  SSHDRV62 ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0578 1772  SSHDRV62 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:33.0578 1772  ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:33.0578 1772  ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:33:44.0000 3516  Deinitialize success


cosinus 08.11.2012 14:56

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Archivar 08.11.2012 15:23

Bekomme f-secure nicht ausgeschaltet. Habe über Ausführen -> msconfig f-secure "abgestellt" und einen Neustart gemacht, habe jedoch trotzdem eine "Achtung!!" Meldung von CF bekommen, dass f-secure weiterhin aktiv ist.

Weißt du wie man f-secure ausbekommt?

cosinus 08.11.2012 16:38

Nien so aus dem Stehgreif nicht. F-Secure ist auch recht exotisch. Warum schaust du nicht einfach mal ins Handbuch nach?!

Archivar 08.11.2012 16:57

Es hat sich scheinbar geändert. Ich konnte eigentlich immer f-secure auschalten, indem ich bei dem f-secure Symbol in der Taskleiste auf "Deaktivieren" geklickt habe. Diesen Befehl gibts inzwischen aber irgendwie nicht mehr...möglicherweise seit einigen Updates oder so...finde auch bei google, etc. keine hilfreichen Hinweise...

cosinus 08.11.2012 17:11

Dann deinstallier F-Secure. Kenn kaum einen der das nutzt, bei Problemen kannst du also so gut wie keinen fragen, weil das kaum einer nutzt oder willst du jedes Mal den Support von F-Secure anrufen? :rofl:

Archivar 08.11.2012 17:39

Habs jetzt doch noch ausbekommen...wieso ist das eigentlich so exotisch? Zu welchem Virenschutz würdest du mir denn raten?

Das CF Log:

Combofix Logfile:
Code:

ComboFix 12-11-08.01 - *** 08.11.2012  17:13:44.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.1031.18.894.474 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***.PC132431016427\Desktop\ComboFix.exe
AV: F-Secure Client Security 9.32 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 9.32 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Hehou
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Hehou\iqdu.qis
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Oztavo
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Oztavo\poar.myx
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Qovo
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Qovo\buyml.uto
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Sky-Banners
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Sky-Banners\skb\log.xml
c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Street-Ads
c:\dokumente und einstellungen\***.PC132431016427\WINDOWS
c:\programme\$NtUninstallWTF1012$
C:\SystemData
c:\systemdata\79228921F3FF2A4
c:\windows\$NtUninstallMTF1011$
c:\windows\IsUn0407.exe
c:\windows\offitems.log
c:\windows\system32\logs
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-10-08 bis 2012-11-08  ))))))))))))))))))))))))))))))
.
.
2012-11-08 13:27 . 2012-11-08 13:27        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-11-07 15:01 . 2012-11-07 15:01        --------        d-----w-        c:\dokumente und einstellungen\***.PC132431016427.alt
2012-11-07 14:53 . 2012-11-07 14:54        --------        d-----w-        c:\dokumente und einstellungen\***ie
2012-11-03 12:20 . 2012-11-03 12:20        --------        d-----w-        C:\Mozilla
2012-11-03 12:15 . 2012-11-07 14:52        --------        d-----w-        c:\dokumente und einstellungen\***.PC132431016427.002.OLD
2012-11-03 12:13 . 2012-11-03 12:14        --------        d-----w-        c:\dokumente und einstellungen\***.PC132431016427.001.OLD
2012-11-03 12:04 . 2012-11-03 12:05        --------        d-----w-        c:\dokumente und einstellungen\***.PC132431016427.000.OLD
2012-11-03 12:04 . 2012-11-03 12:04        --------        d-----w-        c:\dokumente und einstellungen\***.PC132431016427.OLD
2012-11-03 11:57 . 2012-11-03 12:20        --------        d-----w-        c:\dokumente und einstellungen\TEMP
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 17:32 . 2010-11-25 12:40        44240        ----a-w-        c:\windows\system32\drivers\fsbts.sys
2012-11-01 19:10 . 2012-11-01 19:09        261600        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]
"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"HP Software Update"="c:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"eabconfg.cpl"="c:\programme\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]
"Cpqset"="c:\programme\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"F-Secure TNB"="c:\programme\F-Secure\FSGUI\TNBUtil.exe" [2012-06-26 1654512]
"F-Secure Manager"="c:\programme\F-Secure\Common\FSM32.EXE" [2012-06-26 306928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\dokumente und einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\
Microsoft-Indexerstellung.lnk - c:\programme\Microsoft Office\Office\FINDFAST.EXE [1996-12-14 111376]
Office-Start.lnk - c:\programme\Microsoft Office\Office\OSA.EXE [1996-12-14 51984]
.
c:\dokumente und einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\
Microsoft-Indexerstellung.lnk - c:\programme\Microsoft Office\Office\FINDFAST.EXE [1996-12-14 111376]
Office-Start.lnk - c:\programme\Microsoft Office\Office\OSA.EXE [1996-12-14 51984]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Gamma Loader.exe.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-20 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime
"CanonMyPrinter"=c:\programme\Canon\MyPrinter\BJMyPrt.exe /logon
"CloneCDTray"="c:\programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
"CloneCDElbyCDFL"="c:\programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"hpWirelessAssistant"=c:\programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 11:43 22016]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [25.11.2010 13:40 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [25.11.2010 13:40 82992]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programme\F-Secure\HIPS\drivers\fshs.sys [25.11.2010 13:39 71664]
R1 SSHDRV62;SSHDRV62;c:\windows\system32\drivers\SSHDRV62.sys [02.08.2006 10:54 108032]
R2 AAV UpdateService;AAV UpdateService;c:\programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 15:35 128296]
R2 fsdevcon;F-Secure Device Control Daemon;c:\programme\F-Secure\Device Control\fsdevcon32.exe [27.09.2012 18:21 403184]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programme\F-Secure\Anti-Virus\minifilter\fsgk.sys [25.11.2010 13:39 144440]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22.08.2005 10:06 231424]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [29.07.2008 14:09 39424]
S3 FSORSPClient;F-Secure ORSP Client;c:\programme\F-Secure\ORSP Client\fsorsp.exe [25.11.2010 13:39 61168]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [18.11.2009 12:16 264704]
S4 F-Secure Filter;F-Secure File System Filter;c:\programme\F-Secure\Anti-Virus\win2k\fsfilter.sys [27.09.2012 18:21 41072]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programme\F-Secure\Anti-Virus\win2k\fsrec.sys [27.09.2012 18:21 26352]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 09:55        7680        ----a-w-        c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-08 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-11 09:54]
.
2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 06:55]
.
2012-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 145.254.22.10:8000
uInternet Settings,ProxyOverride = <local>
LSP: c:\programme\F-Secure\FSPS\program\fslsp.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214247387
FF - ProfilePath - c:\dokumente und einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-Canon PhotoStitch 3.1 - c:\windows\IsUn0407.exe
AddRemove-Easy-PhotoPrint - c:\windows\ISUN0407.EXE
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-PhotoRecord - c:\windows\IsUn0407.exe
AddRemove-ZoomBrowserEXDeInstall - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-08 17:22
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\programme\HPQ\Default Settings\cpqset.exe????????????8?3?8?6??????? ???B?????????????hLC????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\programme\f-secure\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(756)
c:\programme\F-Secure\FSPS\program\fslsp.dll
c:\programme\f-secure\hips\fshook32.dll
.
Zeit der Fertigstellung: 2012-11-08  17:25:10
ComboFix-quarantined-files.txt  2012-11-08 16:24
ComboFix2.txt  2010-06-01 20:03
.
Vor Suchlauf: 793.137.152 Bytes frei
Nach Suchlauf: 894.676.992 Bytes frei
.
- - End Of File - - 3ED05CE8CAB76EC342AFEED67A329564

--- --- ---

cosinus 08.11.2012 19:09

Zitat:

Zu welchem Virenschutz würdest du mir denn raten?
Avast ist ganz brauchbar...und wenn überhaupt nur ein reiner Virenscanner, kein übertriebenes kontraproduktives Paket aus allem - belastet das System einfach nur zusätzlich ohne dass es besser wäre als das Gespann reiner Virenscanner und Windows-Firewall

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Archivar 08.11.2012 21:24

Hier das Log:

Code:

# AdwCleaner v2.007 - Datei am 08/11/2012 um 21:18:19 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)
# Benutzer : *** - PC132431016427
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\ICQToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Client
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Script
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Server
Schlüssel Gefunden : HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [1586 octets] - [08/11/2012 21:18:19]

########## EOF - C:\AdwCleaner[R1].txt - [1646 octets] ##########


cosinus 08.11.2012 22:11

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Archivar 08.11.2012 22:51

Ok erledigt.

Total cool übrigens, dass du auch um diese Uhrzeit noch hilfst :)

Das adw log:
Code:

# AdwCleaner v2.007 - Datei am 08/11/2012 um 22:15:00 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)
# Benutzer : *** - PC132431016427
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Client
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Script
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CShared.TB4Server

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [1715 octets] - [08/11/2012 21:18:19]
AdwCleaner[S1].txt - [1486 octets] - [08/11/2012 22:15:00]

########## EOF - C:\AdwCleaner[S1].txt - [1546 octets] ##########

Das otl log:OTL Logfile:
Code:

OTL logfile created on: 08.11.2012 22:21:46 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\***.PC132431016427\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,17 Mb Total Physical Memory | 449,32 Mb Available Physical Memory | 50,25% Memory free
2,12 Gb Paging File | 1,75 Gb Available in Paging File | 82,53% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 0,86 Gb Free Space | 0,93% Space Free | Partition Type: NTFS
 
Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSLAUNCHER0.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Device Control\fsdevcon32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Microsoft Office\Office\OSA.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - \\?\c:\programme\f-secure\hips\fsumi.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fm4av.dll ()
MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
MOD - C:\Programme\Microsoft Office\Office\MSO97.DLL ()
MOD - C:\Programme\Microsoft Office\Office\OSA.EXE ()
 
 
========== Services (SafeList) ==========
 
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe File not found
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe File not found
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (F-Secure Network Request Broker) -- C:\Programme\F-Secure\common\FNRB32.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (fsdevcon) -- C:\Programme\F-Secure\Device Control\\fsdevcon32.exe ()
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\***~1.PC~\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (SSHDRV62) -- C:\WINDOWS\system32\drivers\SSHDRV62.sys ()
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (Elaborate Bytes AG)
DRV - (ElbyVCD) -- C:\WINDOWS\system32\drivers\ElbyVCD.sys (Elaborate Bytes AG)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 145.254.22.10:8000
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2012.10.10 14:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.01 20:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.01 20:09:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.02.16 08:12:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.06.05 11:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Extensions
[2010.06.05 11:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.24 09:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\extensions
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.01 20:09:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.10 14:41:34 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- C:\PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
[2012.11.01 20:10:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.23 21:55:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 17:49:47 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.23 21:55:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 21:55:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 21:55:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 21:55:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.08 17:22:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214247387 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.08 17:25:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.11.08 15:50:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.11.08 14:59:22 | 004,998,107 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\ComboFix.exe
[2012.11.08 14:27:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.11.07 23:08:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\aswMBR.exe
[2012.11.07 22:56:04 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\tdsskiller.exe
[2012.11.07 22:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.11.07 14:30:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe
[2012.11.03 13:20:25 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012.11.01 20:09:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\CASC1PZI.
[2012.11.08 22:17:20 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.11.08 22:17:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.08 22:17:01 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.08 21:16:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.08 21:15:39 | 000,541,569 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\adwcleaner.exe
[2012.11.08 17:22:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.11.08 15:52:05 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012.11.08 14:59:35 | 004,998,107 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\ComboFix.exe
[2012.11.08 10:48:58 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\MBR.dat
[2012.11.07 23:08:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\aswMBR.exe
[2012.11.07 22:56:19 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\tdsskiller.exe
[2012.11.07 14:30:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe
[2012.11.04 10:13:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.31 20:22:54 | 000,029,513 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.10.31 19:40:50 | 000,158,720 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.31 15:10:29 | 004,081,428 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.31 15:10:29 | 002,982,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.31 15:10:29 | 001,904,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.31 15:10:28 | 002,171,622 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.15 06:23:39 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.10.12 19:11:42 | 000,070,663 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\stoffplan_ag_4_3_bf.pdf
[2012.10.12 14:34:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\CASC1PZI.
[2012.11.08 21:15:36 | 000,541,569 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\adwcleaner.exe
[2012.11.08 10:48:58 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\MBR.dat
[2012.10.12 19:11:42 | 000,070,663 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\stoffplan_ag_4_3_bf.pdf
[2012.07.05 00:10:31 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.03.24 23:32:35 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.11.25 13:40:55 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008.04.13 15:28:35 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\usb
[2006.10.21 15:09:11 | 000,001,112 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\ViewerApp.dat
[2006.03.05 22:32:50 | 000,158,720 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.03.03 20:20:09 | 000,001,954 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\.plugin141.trace
[2006.02.17 17:01:21 | 000,000,204 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\wklnhst.dat
[2006.02.17 16:51:55 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004.08.07 06:21:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.21 08:01:11 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:00:58 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004.08.04 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---


Das extras log:OTL Logfile:
Code:

OTL Extras logfile created on: 08.11.2012 22:21:46 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\***.PC132431016427\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,17 Mb Total Physical Memory | 449,32 Mb Available Physical Memory | 50,25% Memory free
2,12 Gb Paging File | 1,75 Gb Available in Paging File | 82,53% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 0,86 Gb Free Space | 0,93% Space Free | Partition Type: NTFS
 
Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{24638AD1-5F7E-9900-147E-B3EEA1B84EAE}" = Napster 5.0 Beta
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe  1.4.44.1
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 C1
"{43A6AA2A-74B5-4E1C-91DB-ECB2F99D9ED7}" = HP User Guides 0008
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5F2F0392-05F6-4D71-B0F9-0BE3733992FB}" = F-Secure Client Security
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 D2
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F7875264-810A-4ABB-B185-2C5A332E483B}" = F-Secure PSC Prerequisites
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneCD" = CloneCD
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"com.Rhapsody.Napster5" = Napster 5.0 Beta
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"F-Secure Anti-Virus" = F-Secure Client Security - AntiVirus & AntiSpy-Schutz
"F-Secure Device Control" = F-Secure Gerätesteuerung
"F-Secure E-mail Scanning" = F-Secure Client Security - E-Mail-Scanning
"F-Secure ExploitShield" = F-Secure Client Security - Browser-Schutz
"F-Secure HIPS" = F-Secure Client Security - DeepGuard
"F-Secure Internet Shield" = F-Secure Client Security - Internet-Schutzschild
"F-Secure Protocol Scanner" = F-Secure Client Security - Web-Datenverkehr-Scanning
"Guitar Pro 5_is1" = Guitar Pro 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"LastFM_is1" = Last.fm 1.5.4.27091
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnderCoverXP_is1" = UnderCoverXP 1.19
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR Archivierer
"XP Codec Pack" = XP Codec Pack
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 11  2012-11-07  15:24:48+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-20.
   
 
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 12  2012-11-07  15:24:49+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_USRCLASS_S-1-5-20.
   
 
Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 13  2012-11-07  15:24:49+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-19.
   
 
Error - 07.11.2012 10:24:53 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 14  2012-11-07  15:24:53+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-21-3895385494-3161838611-3957656901-1006.
   
 
Error - 07.11.2012 10:24:54 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 15  2012-11-07  15:24:53+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_USRCLASS_S-1-5-21-3895385494-3161838611-3957656901-1006.
   
 
Error - 07.11.2012 10:25:00 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 16  2012-11-07  15:25:00+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SECURITY.
   
 
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 17  2012-11-07  15:25:06+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SOFTWARE.
   
 
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 18  2012-11-07  15:25:06+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SYSTEM.
   
 
Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 19  2012-11-07  15:25:06+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM
 VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SAM.
   
 
Error - 08.11.2012 09:27:16 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103
Description = 1  2012-11-08  14:27:16+01:00  pc132431016427  PC132431016427\***
  F-Secure Anti-Virus  Malicious code found in file C:\TDSSKiller_Quarantine\08.11.2012_14.24.10\tdlfs0000\tsk0004.dta.
    Infection: Trojan.Generic.4113645    Action: The file was deleted.   
 
[ System Events ]
Error - 08.11.2012 06:00:48 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 08.11.2012 09:15:17 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 08.11.2012 09:23:11 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 08.11.2012 09:28:57 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 08.11.2012 09:35:31 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 08.11.2012 10:06:07 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 08.11.2012 11:50:27 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 08.11.2012 12:29:01 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 08.11.2012 16:05:48 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
Error - 08.11.2012 17:17:10 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1079
 
 
< End of report >

--- --- ---

cosinus 09.11.2012 16:37

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes evtl. Funde bitte entfernen - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Archivar 10.11.2012 10:27

Was passiert denn eigentlich mit den Eset Funden? Die wurden ja jetzt nicht gelöscht oder in Quanratäne verschoben, oder?

Malware log:
Code:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.09.08

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
*** :: PC132431016427 [Administrator]

10.11.2012 01:18:13
mbam-log-2012-11-10 (01-18-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 302224
Laufzeit: 7 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B} (Adware.Adrotator) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Eset log:
Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=171009f9e8dda24aa36dd6dd8874a1e6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-10 02:26:45
# local_time=2012-11-10 03:26:45 (+0100, Westeuropäische Normalzeit)
# country="***"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 77172790 77172790 0 0
# compatibility_mode=2304 16777191 100 0 0 0 0 0
# compatibility_mode=6912 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3830 3830 0 0
# scanned=99887
# found=3
# cleaned=0
# scan_time=6629
C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\user.js        JS/SecurityDisabler.A.Gen application (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\***.PC132431016427\Eigene Dateien\Installationsprogramme\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\System Volume Information\_restore{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\A0016258.exe        Win32/InstallMonetizer.AC application (unable to clean)        00000000000000000000000000000000        I


cosinus 11.11.2012 20:04

Ein paar Überbleibsel sind da nur.

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:Files
C:\user.js
C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\user.js
C:\Dokumente und Einstellungen\***.PC132431016427\Eigene Dateien\Installationsprogramme\PDFCreator-1_2_3_setup.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Archivar 11.11.2012 20:58

Hab beim ersten Mal vergessen, die Sternchen wieder umzubenennen...^^ Daher gibts jetzt zwei logs.

Der erste Versuch:
Code:

All processes killed
========== FILES ==========
File\Folder C:\user.js not found.
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\user.js not found.
File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Eigene Dateien\Installationsprogramme\PDFCreator-1_2_3_setup.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: ***.PC132431016427
->Temp folder emptied: 76419 bytes
->Temporary Internet Files folder emptied: 73172 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 153454827 bytes
->Flash cache emptied: 2114 bytes
 
User: ***.PC132431016427.000.OLD
 
User: ***.PC132431016427.001.OLD
 
User: ***.PC132431016427.002.OLD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***.PC132431016427.alt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***.PC132431016427.OLD
 
User: ***ie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1999566 bytes
RecycleBin emptied: 2322184 bytes
 
Total Files Cleaned = 151,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11112012_203837

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Und der zweite Versuch:
Code:

All processes killed
========== FILES ==========
File\Folder C:\user.js not found.
C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\user.js moved successfully.
C:\Dokumente und Einstellungen\***.PC132431016427\Eigene Dateien\Installationsprogramme\PDFCreator-1_2_3_setup.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ***.PC132431016427
->Temp folder emptied: 1060 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7223256 bytes
->Flash cache emptied: 456 bytes
 
User: ***.PC132431016427.000.OLD
 
User: ***.PC132431016427.001.OLD
 
User: ***.PC132431016427.002.OLD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***.PC132431016427.alt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***.PC132431016427.OLD
 
User: ***ie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11112012_204709

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


cosinus 11.11.2012 22:06

Sieht ok soweit aus
Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Archivar 11.11.2012 22:15

Ansonsten gibt es keine Probleme.

Dann kann ich also die Tools wieder runterwerfen? (Brauch ja Speicherplatz... ;) )

Vielen vielen Dank für deine Hilfe! Vor allem die Lösung um wieder ans richtige Desktop zu kommen, hat mich schwer beeindruckt! ;)

cosinus 11.11.2012 22:19

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:28 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131