95p.com Browser Hijacker Virus

Kathi78 · 13.01.2012, 10:54

Hallo Ihr Lieben!
Ich habe ein Problem mit diesem fiesen Virus "p95.com"
Habe schon MAM und AVIRA sowie Spybot Search and Destroy scannen lassen. Hilft alles nix...

Wer ist so lieb und geht mit mir das Problem an?
Aber bitte mit viel Nachsicht, ich hab nicht soviel Ahnung von IT.

Tausend Dank schon mal für Hilfe :-)
Liebe Grüsse,
die Katharina

Das hier ist schon mal was der OTL.Txt-Editor ausgegeben hat:

OTL logfile created on: 13.01.2012 10:35:36 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Suppiger2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

1.96 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 63.06% Memory free
3.81 Gb Paging File | 3.21 Gb Available in Paging File | 84.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298.09 Gb Total Space | 266.76 Gb Free Space | 89.49% Space Free | Partition Type: NTFS

Computer Name: PC07 | User Name: Suppiger2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Suppiger2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ZyXEL Technology Corporation\ZyAIR G-220 Utility\ZDWlan.exe ()
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, Inc. and H.C. Top Systems B.V.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Windows\system32\nvshell.dll ()
MOD - C:\Windows\system32\redmonnt.dll ()
MOD - C:\Programme\ZyXEL Technology Corporation\ZyAIR G-220 Utility\ZDWlan.exe ()
MOD - C:\Windows\system32\ZDWlan.dll ()
MOD - C:\Windows\system32\PassAPP.dll ()
MOD - C:\Windows\system32\HPBHEALR.DLL ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (armoucfltr) -- C:\Windows\system32\wmp54gv4svc.dll (Iomega)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\Windows\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sys ()
DRV - (LUsbFilt) -- C:\Windows\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\Windows\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\Windows\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (STHDA) -- C:\Windows\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (TPM) -- C:\Windows\system32\drivers\tpm.sys (Winbond Electronics Corp.)
DRV - (HECI) Intel(R) -- C:\Windows\system32\drivers\HECI.sys (Intel Corporation)
DRV - (ZD1211U(ZyXEL)) ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL) -- C:\Windows\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ZDPNDIS5) -- C:\Windows\system32\ZDPNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.ch"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.12 17:38:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

[2012.01.12 17:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Suppiger2\Anwendungsdaten\Mozilla\Extensions
[2012.01.12 17:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.13 12:00:32 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [RDReminder] C:\Programme\RegClean Pro\RegCleanPro.exe -rem File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Verknüpfung mit ZDWlan.exe.lnk = C:\Programme\ZyXEL Technology Corporation\ZyAIR G-220 Utility\ZDWlan.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, Inc. and H.C. Top Systems B.V.)
O4 - Startup: C:\Dokumente und Einstellungen\Suppiger2\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209463392859 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E1FB9B6-6521-4DA4-858D-EF6560D02D6A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FEC5217-709E-431F-BCBC-E5736C0B6BFC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7BB5DD6-1A56-4AE9-AFE1-6C0C0490BADD}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\Windows\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\0956473a\X) - File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.29 10:40:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C

O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2012.01.13 10:30:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Suppiger2\Desktop\OTL.exe
[2012.01.12 19:06:47 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Suppiger2\Recent
[2012.01.12 18:32:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.12 18:31:24 | 000,000,000 | ---D | C] -- C:\Program Files
[2012.01.12 18:25:00 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012.01.12 18:25:00 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2012.01.12 18:24:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.01.12 18:24:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2012.01.12 18:24:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Suppiger2\Anwendungsdaten\TestApp
[2012.01.12 18:21:50 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.01.12 18:21:23 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2012.01.12 17:47:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2012.01.12 17:27:05 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Suppiger2\Startmenü\Programme\Verwaltung
[2012.01.11 15:55:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2012.01.11 15:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2012.01.11 15:44:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.01.11 15:29:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Suppiger2\Anwendungsdaten\MSNInstaller
[2012.01.11 15:28:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Suppiger2\Anwendungsdaten\Avira
[2012.01.11 15:23:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.01.11 15:22:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.01.11 15:22:55 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.01.11 15:22:55 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.01.11 15:22:55 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.01.11 15:22:54 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2012.01.11 15:22:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.01.11 14:38:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Suppiger2\Startmenü\Programme\HP
[2012.01.09 11:47:48 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2012.01.09 10:53:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Suppiger2\Anwendungsdaten\Malwarebytes
[2012.01.09 10:53:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.09 10:53:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.09 10:53:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.09 10:53:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.06 15:09:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Suppiger2\Anwendungsdaten\Systweak
[2012.01.06 15:09:04 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[2012.01.06 13:01:50 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.01.06 12:37:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.01.06 12:37:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.01.06 12:37:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.01.06 11:59:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011.12.22 16:15:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun
[2011.12.22 15:57:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2011.12.22 15:49:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011.12.22 15:44:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\0956473a
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2012.01.13 10:43:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.13 10:36:53 | 000,080,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Suppiger2\Desktop\MBRCheck.exe
[2012.01.13 10:30:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Suppiger2\Desktop\OTL.exe
[2012.01.13 10:20:59 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.01.13 10:20:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.13 10:20:44 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.13 10:20:27 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012.01.13 10:20:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.13 10:20:21 | 2108,129,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.12 18:25:14 | 000,639,058 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012.01.12 17:45:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.01.12 17:38:28 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.01.12 15:20:48 | 000,415,800 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.12 15:20:48 | 000,401,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.12 15:20:48 | 000,075,194 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.12 15:20:48 | 000,062,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.12 15:12:22 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.12 15:01:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2012.01.11 16:15:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.01.11 16:15:30 | 000,004,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.11 15:19:31 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Suppiger2\Desktop\Arbeitsplatz.lnk
[2012.01.11 15:18:20 | 000,000,445 | ---- | M] () -- C:\Dokumente und Einstellungen\Suppiger2\Desktop\Klienten.lnk
[2012.01.11 15:17:36 | 000,000,304 | ---- | M] () -- C:\Dokumente und Einstellungen\Suppiger2\Desktop\Index BGE unpubliziert.url
[2012.01.11 15:16:15 | 000,000,274 | ---- | M] () -- C:\Dokumente und Einstellungen\Suppiger2\Desktop\Index BGE.url
[2012.01.11 15:09:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_UPDATES.job
[2012.01.09 10:51:22 | 000,014,356 | -HS- | M] () -- C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\ymk5prk6p16b0onq167q38u64wwif3hnel0336oy6wp
[2012.01.09 10:51:22 | 000,014,356 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ymk5prk6p16b0onq167q38u64wwif3hnel0336oy6wp
[2012.01.06 10:57:36 | 000,001,200 | -HS- | M] () -- C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\mic6mwh7j32a2cgg350w58b61hyac4yhkv0145hi6ji
[2012.01.06 10:57:36 | 000,001,200 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mic6mwh7j32a2cgg350w58b61hyac4yhkv0145hi6ji
[2012.01.04 10:30:37 | 000,001,218 | -HS- | M] () -- C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\udb8mbx8u17o0gsv734k67c00oifd1gquc2057xc7as
[2012.01.04 10:30:37 | 000,001,218 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\udb8mbx8u17o0gsv734k67c00oifd1gquc2057xc7as
[2011.12.31 11:01:46 | 000,001,042 | -HS- | M] () -- C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\222m150l4nb4w026yvs6gj8ut6877m0623bfer46t37
[2011.12.31 11:01:46 | 000,001,042 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\222m150l4nb4w026yvs6gj8ut6877m0623bfer46t37
[2011.12.22 16:15:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.13 10:36:53 | 000,080,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Suppiger2\Desktop\MBRCheck.exe
[2012.01.12 23:38:26 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012.01.12 18:43:05 | 000,000,698 | ---- | C] () -- C:\Dokumente und Einstellungen\Suppiger2\Startmenü\Programme\CCleaner.lnk
[2012.01.12 18:25:04 | 000,639,058 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012.01.12 17:38:28 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2012.01.12 17:38:28 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.01.12 15:12:22 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.11 15:19:31 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Suppiger2\Desktop\Arbeitsplatz.lnk
[2012.01.11 15:18:20 | 000,000,445 | ---- | C] () -- C:\Dokumente und Einstellungen\Suppiger2\Desktop\Klienten.lnk
[2012.01.09 08:53:30 | 000,014,356 | -HS- | C] () -- C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\ymk5prk6p16b0onq167q38u64wwif3hnel0336oy6wp
[2012.01.09 08:53:30 | 000,014,356 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ymk5prk6p16b0onq167q38u64wwif3hnel0336oy6wp
[2012.01.06 15:09:17 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\RegClean Pro_UPDATES.job
[2012.01.06 15:09:17 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2012.01.06 10:57:36 | 000,001,200 | -HS- | C] () -- C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\mic6mwh7j32a2cgg350w58b61hyac4yhkv0145hi6ji
[2012.01.06 10:57:36 | 000,001,200 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mic6mwh7j32a2cgg350w58b61hyac4yhkv0145hi6ji
[2012.01.04 10:30:37 | 000,001,218 | -HS- | C] () -- C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\udb8mbx8u17o0gsv734k67c00oifd1gquc2057xc7as
[2012.01.04 10:30:37 | 000,001,218 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\udb8mbx8u17o0gsv734k67c00oifd1gquc2057xc7as
[2011.12.31 11:01:46 | 000,001,042 | -HS- | C] () -- C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\222m150l4nb4w026yvs6gj8ut6877m0623bfer46t37
[2011.12.31 11:01:46 | 000,001,042 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\222m150l4nb4w026yvs6gj8ut6877m0623bfer46t37
[2011.12.22 16:15:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.07.07 10:32:59 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Suppiger2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.28 09:57:25 | 000,016,132 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\s4s3uq2wq1302a4035f3d1q82hm24dxldgkd72
[2010.05.25 09:09:07 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009.11.24 10:02:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.09.26 14:16:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.06.30 08:33:27 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
[2008.09.22 08:10:00 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008.09.22 08:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2008.09.22 08:06:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2008.09.22 08:06:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ZDWlan.dll
[2008.09.22 08:06:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\PassAPP.dll
[2008.09.22 08:06:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008.09.19 07:52:48 | 000,000,609 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.09.18 07:51:19 | 000,002,951 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2008.09.18 07:51:19 | 000,001,806 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2008.09.18 07:51:19 | 000,000,820 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2008.09.12 23:02:28 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008.09.12 23:02:27 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.09.12 23:02:27 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.09.12 23:02:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.09.12 23:02:25 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.09.12 23:02:25 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.09.12 23:02:24 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008.09.12 23:02:21 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008.09.12 23:02:18 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008.09.12 23:01:55 | 000,000,998 | ---- | C] () -- C:\WINDOWS\System32\OemInfo.ini
[2008.09.12 23:01:52 | 000,001,769 | ---- | C] () -- C:\WINDOWS\LETTER.DAT
[2008.09.12 13:13:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.04.29 19:26:30 | 000,415,800 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.29 19:26:30 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.29 19:26:30 | 000,075,194 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.29 19:26:30 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.29 19:26:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.29 19:26:27 | 000,401,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.29 19:26:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.29 19:26:27 | 000,062,480 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.29 19:26:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.29 19:26:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.29 19:26:27 | 000,004,520 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.29 19:26:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.29 19:26:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.29 19:26:26 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.04.29 19:26:22 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.29 19:26:21 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2008.04.29 19:26:21 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.29 11:33:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.04.29 10:47:59 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008.04.29 10:42:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.04.29 10:38:20 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.09 16:00:30 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
[2008.02.07 09:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2001.07.31 10:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

FC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:430C6D84

< End of report >

und das hat der Extra.Txt-Editor ausgegeben:

OTL Extras logfile created on: 13.01.2012 10:35:36 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Suppiger2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

1.96 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 63.06% Memory free
3.81 Gb Paging File | 3.21 Gb Available in Paging File | 84.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298.09 Gb Total Space | 266.76 Gb Free Space | 89.49% Space Free | Partition Type: NTFS

Computer Name: PC07 | User Name: Suppiger2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Installation\Setupx.exe" = D:\Installation\Setupx.exe:*:Enabled:Nero ControlCenter
"C:\Dokumente und Einstellungen\Computer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FSIFBKZ5\DeskShareDE[1].exe" = C:\Dokumente und Einstellungen\Computer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FSIFBKZ5\DeskShareDE[1].exe:*:Enabled

eskShare Guest Module

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90840407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000
"{9C18E568-8E10-491E-896E-EEFB3FF1A39A}" = TwixTel
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DFF2C5A9-833C-4459-8494-D93D00F21031}" = Nero 8 Essentials
"{E2602211-E1E1-4470-8F99-2ACCBC46BAD2}" = WinJur 2003 Small Business Edition
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F872A4F8-4EC5-4668-A908-7C7275B0BE49}" = hppusgP2030
"{FC024A3F-9C3C-4C16-BD3D-F7AE2C435429}" = ZyAIR G-220 Utility
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"HP LaserJet P2030 Series" = HP LaserJet P2030 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 12.01.2012 08:53:07 | Computer Name = PC07 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127

Error - 12.01.2012 09:05:19 | Computer Name = PC07 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127

Error - 12.01.2012 09:12:01 | Computer Name = PC07 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127

Error - 12.01.2012 09:18:44 | Computer Name = PC07 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127

Error - 12.01.2012 09:41:21 | Computer Name = PC07 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127

Error - 12.01.2012 09:48:15 | Computer Name = PC07 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127

Error - 12.01.2012 09:55:12 | Computer Name = PC07 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127

Error - 12.01.2012 10:07:16 | Computer Name = PC07 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127

Error - 12.01.2012 10:14:07 | Computer Name = PC07 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
adpu160m aic78u2 aic78xx IntelIde symc8xx sym_u3 ViaIde

Error - 13.01.2012 05:43:53 | Computer Name = PC07 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127

< End of report >

95p.com Browser Hijacker Virus

Log-Analyse und Auswertung: 95p.com Browser Hijacker Virus

95p.com Browser Hijacker Virus

Ähnliche Themen: 95p.com Browser Hijacker Virus