Virusbefall Bitte warten Sie während die Verbindung hergestellt wird.

hts · 22.05.2012, 12:33

Hallo zusammen,
ich habe hier einen Laptop mit Windwos XP der siech einen Virus eingefangen hat (weisser Bildschirm: Bitte warten sie....). Ich habe schon mal das OTL logfile erstellt. Nun weiss ich nicht wie es weiter geht. Vielen Danke für jede Hilfe.

Code:

ATTFilter

OTL logfile created on: 5/21/2012 8:51:36 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1,023.00 Mb Total Physical Memory | 776.00 Mb Available Physical Memory | 76.00% Memory free
907.00 Mb Paging File | 842.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.21 Gb Total Space | 9.63 Gb Free Space | 25.88% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (Application Updater)
SRV - [2011/12/24 12:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/09 16:55:17 | 000,428,200 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/07/09 16:55:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 14:34:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/05 06:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/07/03 07:30:28 | 001,571,912 | ---- | M] (SIEMENS AG) [Auto] -- C:\SIEMENS\Common\S7IEPG\s7oiehsx.exe -- (s7oiehsx)
SRV - [2008/07/03 07:30:28 | 000,240,712 | ---- | M] (SIEMENS AG) [Auto] -- C:\Programme\Gemeinsame Dateien\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe -- (S7TraceServiceX)
SRV - [2008/05/20 09:10:42 | 001,146,880 | ---- | M] (SIEMENS AG) [Auto] -- C:\SIEMENS\Common\SWS\almsrv\almsrvx.exe -- (almservice)
SRV - [2005/05/20 02:04:32 | 000,214,016 | ---- | M] (DameWare Development LLC) [Disabled] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/23 20:51:18 | 000,225,360 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Programme\Trend Micro\OfficeScan Client\OfcPfwSvc.exe -- (OfcPfwSvc)
SRV - [2005/01/23 20:45:12 | 000,360,448 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2005/01/23 20:45:06 | 000,458,840 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2004/12/02 02:28:32 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand] -- C:\WINDOWS\SYSTEM32\OpcEnum.exe -- (OpcEnum)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 18:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2003/03/24 06:22:24 | 000,299,075 | ---- | M] (Intel Corporation ) [Auto] -- C:\WINDOWS\SYSTEM32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/03/24 06:21:44 | 000,122,880 | ---- | M] (Intel Corporation) [Auto] -- C:\WINDOWS\SYSTEM32\RegSrvc.exe -- (RegSrvc)
SRV - [2002/11/26 06:27:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand] -- C:\Programme\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/11/12 06:30:50 | 000,073,728 | R--- | M] (Broadcom Corp.) [Auto] -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe -- (BAsfIpM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (SynasUSB)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] --  -- (iAimTV2)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] --  -- (bvrp_pci)
DRV - File not found [Kernel | System] --  -- (AtapiDrv)
DRV - [2011/12/10 10:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2011/07/09 16:55:22 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2011/07/09 16:55:22 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2010/10/20 12:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Programme\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2010/10/20 12:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Programme\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 12:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Programme\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010/06/17 08:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 08:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/07/03 07:10:28 | 000,170,496 | ---- | M] (SIEMENS AG) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\s7otsadx.sys -- (s7otsadx)
DRV - [2008/07/03 07:10:08 | 000,508,416 | ---- | M] (SIEMENS AG) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\S7otranx.sys -- (s7otranx)
DRV - [2008/07/03 07:07:36 | 000,173,568 | ---- | M] (SIEMENS AG) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\s7osmcax.sys -- (s7osmcax)
DRV - [2008/07/03 07:06:02 | 000,095,232 | ---- | M] (SIEMENS AG) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\S7oppitx.sys -- (s7oppitx)
DRV - [2008/07/03 07:04:42 | 000,031,232 | ---- | M] (SIEMENS AG) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\s7opcsrtx.sys -- (S7opcsrtx) PROFINET IO RT-Protocol (LLDP)
DRV - [2008/07/03 07:04:26 | 000,209,920 | ---- | M] (SIEMENS AG) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\s7opcmcx.sys -- (s7opcmcx)
DRV - [2008/07/03 07:03:10 | 000,077,312 | ---- | M] (SIEMENS AG) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\S7odpx2x.sys -- (s7odpx2x)
DRV - [2008/04/13 18:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/12/05 05:51:04 | 000,310,144 | ---- | M] (SIEMENS AG) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\SNTIE.SYS -- (SNTIE) SIMATIC Industrial Ethernet (ISO)
DRV - [2007/11/05 05:31:24 | 000,115,654 | ---- | M] (SIEMENS AG) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\vsnl2ada.sys -- (vsnl2ada)
DRV - [2007/07/30 06:06:04 | 000,071,168 | ---- | M] (SIEMENS AG) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\s7snsrtx.sys -- (s7snsrtx)
DRV - [2007/06/25 09:46:12 | 000,266,240 | ---- | M] (SIEMENS AG) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\dpmconv.sys -- (dpmconv)
DRV - [2005/08/02 17:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2005/06/16 07:26:48 | 000,068,280 | ---- | M] (Siemens AG) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\dpmcslv.sys -- (dpmcslv)
DRV - [2005/05/03 10:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 10:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 10:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/15 09:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/16 01:23:00 | 000,015,360 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\S5AS511.SYS -- (S5AS511)
DRV - [2003/11/11 01:23:00 | 000,188,416 | ---- | M] (SIEMENS AG) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\S5MCD.SYS -- (S5MCD)
DRV - [2003/11/08 17:24:18 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\itchfltr.sys -- (itchfltr)
DRV - [2003/11/07 04:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 04:50:00 | 000,014,092 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LCcfltr.sys -- (LCcfltr)
DRV - [2003/07/16 02:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - [2003/06/30 04:50:00 | 000,072,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/06/30 04:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/03/31 04:07:56 | 002,390,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/02/28 21:42:40 | 000,201,175 | ---- | M] (PEAK-System Technik GmbH, Darmstadt, Germany) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\pcan_usb.sys -- (pcan_usb)
DRV - [2003/02/14 10:03:00 | 000,059,328 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\gticard.sys -- (GTICARD)
DRV - [2003/02/14 10:03:00 | 000,042,060 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\tiumfwl.sys -- (tiumfwl)
DRV - [2003/02/14 10:03:00 | 000,007,552 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/02/12 08:32:40 | 000,090,824 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/01/23 10:06:12 | 000,022,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/01/23 10:02:00 | 001,067,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/12 11:37:40 | 000,010,906 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys -- (s24trans)
DRV - [2003/01/07 12:41:12 | 000,166,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2003/01/07 10:19:26 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/11/20 10:52:14 | 000,033,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\gv3.sys -- (gv3)
DRV - [2002/08/29 00:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2002/08/29 00:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2002/03/13 10:20:02 | 000,006,057 | ---- | M] (Broadcom Corporation) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\BASFND.sys -- (BASFND)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/04/05 08:22:12 | 000,008,192 | ---- | M] (Siemens AG) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\c5511w2k.sys -- (c5511w2k)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.euro.dell.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.euro.dell.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.euro.dell.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.euro.dell.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.euro.dell.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\chadmin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.euro.dell.com/
IE - HKU\chadmin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.euro.dell.com/
IE - HKU\chadmin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\gmarillo.EUROPE_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.euro.dell.com/
IE - HKU\gmarillo.EUROPE_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\gmarillo.EUROPE_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\gmarillo.EUROPE_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\gmarillo.EUROPE_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\gmarillo.EUROPE_ON_C\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKU\gmarillo.EUROPE_ON_C\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
IE - HKU\gmarillo.EUROPE_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\gmarillo.EUROPE_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
IE - HKU\gmarillo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.euro.dell.com/
IE - HKU\gmarillo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.euro.dell.com/
IE - HKU\gmarillo_ON_C\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKU\gmarillo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\htschan_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.euro.dell.com/
IE - HKU\htschan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.euro.dell.com/
IE - HKU\htschan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "2Shared Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2447621&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {000E148C-F7A7-445A-9044-93BF6CE09ECB}:1.0.0
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ef468e5b-5b30-4136-a833-7f2e3a31afdf}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "hxxp://ch.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/30 14:19:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/27 18:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Programme\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/02/26 00:46:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/10/30 14:18:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/10/30 14:20:36 | 000,000,000 | ---D | M]
 
[2009/04/03 09:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\mozilla\Extensions
[2012/02/26 00:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\mozilla\Firefox\Profiles\ew1uqcir.default\extensions
[2012/01/07 15:38:24 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\mozilla\Firefox\Profiles\ew1uqcir.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011/01/08 05:17:21 | 000,000,000 | ---D | M] (2Shared Community Toolbar) -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\mozilla\Firefox\Profiles\ew1uqcir.default\extensions\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}
[2011/01/08 05:17:24 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\mozilla\Firefox\Profiles\ew1uqcir.default\extensions\engine@conduit.com
[2012/02/26 00:34:13 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\mozilla\Firefox\Profiles\ew1uqcir.default\extensions\toolbar@ask.com
[2010/12/30 12:24:48 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Mozilla\Firefox\Profiles\ew1uqcir.default\searchplugins\conduit.xml
[2011/06/25 11:59:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009/06/23 17:22:46 | 000,000,000 | ---D | M] (Toolbar fuer eBay) -- C:\Programme\Mozilla Firefox\extensions\{000E148C-F7A7-445A-9044-93BF6CE09ECB}
[2011/06/18 17:21:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/30 14:19:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
File not found (No name found) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/11/19 02:34:51 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
[2011/06/18 17:21:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/19 19:49:50 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAMME\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011/06/18 17:21:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/22 20:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/07/22 20:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010/07/22 20:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/07/22 20:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/07/22 20:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004/02/28 02:48:47 | 000,000,820 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll ()
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} -  File not found
O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} -  File not found
O3 - HKU\gmarillo.EUROPE_ON_C\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKU\gmarillo.EUROPE_ON_C\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKU\gmarillo.EUROPE_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\gmarillo_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\gmarillo_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} -  File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\fpdisp4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [XWoMXqxn2va68jV] C:\Dokumente und Einstellungen\chadmin\Anwendungsdaten\FSnapshot_x86.exe ()
O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKU\chadmin_ON_C..\Run: [XWoMXqxn2va68jV] C:\Dokumente und Einstellungen\chadmin\Anwendungsdaten\FSnapshot_x86.exe ()
O4 - HKU\gmarillo.EUROPE_ON_C..\Run: [Avi Player]  File not found
O4 - HKU\gmarillo.EUROPE_ON_C..\Run: [utihobab]  File not found
O4 - HKU\gmarillo.EUROPE_ON_C..\Run: [uTorrent] C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\gmarillo.EUROPE_ON_C..\Run: [XWoMXqxn2va68jV] C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\FSnapshot_x86.exe ()
O4 - HKU\gmarillo_ON_C..\Run: [swg]  File not found
O4 - HKU\gmarillo_ON_C..\Run: [XWoMXqxn2va68jV] C:\Dokumente und Einstellungen\gmarillo\Anwendungsdaten\FSnapshot_x86.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\chadmin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\chadmin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\chadmin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\chadmin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\gmarillo.EUROPE_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\gmarillo.EUROPE_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\gmarillo.EUROPE_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\gmarillo.EUROPE_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\gmarillo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\gmarillo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\gmarillo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\gmarillo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\htschan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Value error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} hxxp://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe (Reg Error: Value error.)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.124.32.10 10.125.32.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.atsauto.net
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\chadmin\Anwendungsdaten\FSnapshot_x86.exe) - C:\Dokumente und Einstellungen\chadmin\Anwendungsdaten\FSnapshot_x86.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\chadmin\Anwendungsdaten\FSnapshot_x86.exe) - C:\Dokumente und Einstellungen\chadmin\Anwendungsdaten\FSnapshot_x86.exe ()
O20 - HKU\chadmin_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\chadmin\Anwendungsdaten\FSnapshot_x86.exe) - C:\Dokumente und Einstellungen\chadmin\Anwendungsdaten\FSnapshot_x86.exe ()
O20 - HKU\chadmin_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\chadmin\Anwendungsdaten\FSnapshot_x86.exe) - C:\Dokumente und Einstellungen\chadmin\Anwendungsdaten\FSnapshot_x86.exe ()
O20 - HKU\gmarillo.EUROPE_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\FSnapshot_x86.exe) - C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\FSnapshot_x86.exe ()
O20 - HKU\gmarillo.EUROPE_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\FSnapshot_x86.exe) - C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\FSnapshot_x86.exe ()
O20 - HKU\gmarillo_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\gmarillo\Anwendungsdaten\FSnapshot_x86.exe) - C:\Dokumente und Einstellungen\gmarillo\Anwendungsdaten\FSnapshot_x86.exe ()
O20 - HKU\gmarillo_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\gmarillo\Anwendungsdaten\FSnapshot_x86.exe) - C:\Dokumente und Einstellungen\gmarillo\Anwendungsdaten\FSnapshot_x86.exe ()
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\SYSTEM32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3adbc150-05dd-11de-b4c7-000423579d5f}\Shell - "" = AutoRun
O33 - MountPoints2\{3adbc150-05dd-11de-b4c7-000423579d5f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3adbc150-05dd-11de-b4c7-000423579d5f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e7b3cc40-7a92-11dd-b419-000bdb9726a0}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/21 19:25:18 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/05/21 19:25:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/21 07:41:39 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\chadmin\IETldCache
[2012/05/17 06:39:38 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\gmarillo\IETldCache
[2012/05/17 05:55:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Ipyg
[2012/05/17 05:55:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Imed
[2012/05/17 05:55:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Local Settings
[2005/09/20 16:10:06 | 034,211,008 | ---- | C] (Apple Computer, Inc.                                      ) -- C:\Programme\iTunesSetup.exe
[2004/03/10 03:07:47 | 000,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\BDErastMMX3.dll
[2003/08/27 05:41:33 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\dao350.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/21 13:36:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D59E69DA-0177-471C-9ACB-8AE45D89F44E}.job
[2012/05/21 13:35:43 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/05/21 13:34:42 | 000,023,287 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/05/21 13:34:39 | 000,023,287 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/05/21 13:33:21 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/21 13:33:21 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-879983540-839522115-5131.job
[2012/05/21 13:32:55 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\tasks\mdth.job
[2012/05/21 13:32:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/05/21 13:32:39 | 1073,000,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/21 08:14:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/21 02:00:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-879983540-839522115-5131.job
[2012/05/17 05:53:46 | 000,230,912 | -HS- | M] () -- C:\Dokumente und Einstellungen\gmarillo\Anwendungsdaten\FSnapshot_x86.exe
[2012/05/17 05:53:46 | 000,230,912 | -HS- | M] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\FSnapshot_x86.exe
[2012/05/17 05:53:46 | 000,230,912 | -HS- | M] () -- C:\Dokumente und Einstellungen\chadmin\Anwendungsdaten\FSnapshot_x86.exe
[2012/05/17 05:37:04 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/04/23 13:32:09 | 000,000,024 | ---- | M] () -- C:\WINDOWS\pccntmon.INI
 
========== Files Created - No Company Name ==========
 
[2012/05/21 13:32:39 | 1073,000,448 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/21 07:41:27 | 000,230,912 | -HS- | C] () -- C:\Dokumente und Einstellungen\chadmin\Anwendungsdaten\FSnapshot_x86.exe
[2012/05/17 06:39:33 | 000,230,912 | -HS- | C] () -- C:\Dokumente und Einstellungen\gmarillo\Anwendungsdaten\FSnapshot_x86.exe
[2012/05/17 05:53:55 | 000,230,912 | -HS- | C] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\FSnapshot_x86.exe
[2012/02/26 04:50:16 | 000,804,627 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1547161642-879983540-839522115-5131-0.dat
[2012/02/26 04:50:14 | 000,154,570 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012/02/26 02:05:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/25 16:26:00 | 000,015,038 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\618j465g8xc7h781sxm0hm8ap0250y1302mtrm16h85
[2011/12/25 16:26:00 | 000,015,038 | -H-- | C] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Lokale Einstellungen\Anwendungsdaten\618j465g8xc7h781sxm0hm8ap0250y1302mtrm16h85
[2011/11/29 21:56:20 | 000,165,901 | ---- | C] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Lokale Einstellungen\Anwendungsdaten\utihobab_nav.dat
[2011/11/29 21:56:20 | 000,003,453 | ---- | C] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Lokale Einstellungen\Anwendungsdaten\utihobab.dat
[2011/11/29 21:56:20 | 000,002,210 | ---- | C] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Lokale Einstellungen\Anwendungsdaten\utihobab_navps.dat
[2011/04/28 16:30:32 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011/03/01 17:13:41 | 000,000,239 | ---- | C] () -- C:\WINDOWS\WINJPLIB.INI
[2011/01/05 18:43:53 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2010/11/28 12:56:21 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/11/28 12:56:21 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/11/28 12:56:21 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/11/28 12:56:21 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/11/28 12:56:21 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/11/28 12:56:21 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/11/28 12:56:21 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/11/28 12:56:21 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/11/28 12:56:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/11/28 12:56:21 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/11/28 12:56:21 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/11/28 12:56:21 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/11/28 12:56:21 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/11/28 12:56:21 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/11/28 12:56:21 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/11/28 12:56:21 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/11/28 12:56:21 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/11/28 12:56:21 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/11/28 12:56:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/27 18:07:14 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010/10/27 18:07:11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2010/10/16 08:50:35 | 000,000,168 | ---- | C] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\23982.bat
[2010/07/03 05:38:05 | 000,003,185 | ---- | C] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Lokale Einstellungen\Anwendungsdaten\jfiehd.dat
[2010/06/23 18:08:47 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\VERIFIER5.dll
[2009/12/04 16:33:01 | 000,027,832 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/17 18:01:00 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/03/28 06:14:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/03/28 06:14:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/03/28 06:14:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/03/28 06:14:26 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/03/28 06:14:26 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/02/16 15:37:12 | 000,000,128 | ---- | C] () -- C:\WINDOWS\Rb20upd.dat
[2009/02/16 15:36:11 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/12/25 14:40:55 | 000,000,339 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/14 13:24:28 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\default.pls
[2008/07/16 09:20:00 | 000,002,272 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2008/07/03 07:25:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\S7EPMPIB.DLL
[2008/06/10 20:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/04 12:23:11 | 000,005,818 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/01/11 11:16:21 | 162,746,796 | ---- | C] () -- C:\Programme\tempo.zip
[2007/10/30 09:38:36 | 000,407,056 | ---- | C] () -- C:\WINDOWS\System32\awScanService.exe
[2007/10/30 09:38:34 | 000,009,512 | ---- | C] () -- C:\WINDOWS\System32\scanner.ini
[2007/10/07 07:55:28 | 000,000,103 | ---- | C] () -- C:\WINDOWS\SwLoader.INI
[2007/09/10 03:46:25 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\chadmin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/08/21 15:09:20 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/24 11:06:52 | 000,052,795 | ---- | C] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\simatic 300-station.cfg
[2007/06/15 04:20:32 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\avp.dat
[2007/03/25 10:31:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/03/23 09:01:40 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007/03/12 12:59:00 | 000,299,008 | ---- | C] () -- C:\Programme\navigram_register.exe
[2007/02/09 14:53:51 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2006/10/02 15:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/04/06 05:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/06 05:25:55 | 000,002,362 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/04/03 12:26:46 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/03/08 05:26:42 | 000,070,656 | ---- | C] () -- C:\WINDOWS\cabarc.exe
[2005/11/22 08:16:39 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\bocof.dll
[2005/11/22 08:16:38 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\bw32000c.dll
[2005/11/22 08:16:38 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\bw320007.dll
[2005/11/22 08:16:37 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\CG32.DLL
[2005/09/16 09:01:33 | 000,000,046 | ---- | C] () -- C:\WINDOWS\FESTO.INI
[2005/08/11 08:43:43 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\sitdatisps.dll
[2005/08/11 08:43:42 | 000,000,268 | ---- | C] () -- C:\WINDOWS\System32\S7sntfsx.ini
[2005/08/11 05:35:43 | 000,002,641 | ---- | C] () -- C:\WINDOWS\System32\DWRCS.INI
[2005/08/08 03:01:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\S7USFAPX.INI
[2005/08/02 17:24:02 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/28 04:31:52 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\gmarillo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/22 02:28:39 | 000,000,122 | ---- | C] () -- C:\WINDOWS\s7flagex.INI
[2005/03/04 05:53:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\pccntmon.INI
[2005/01/31 06:19:56 | 000,217,088 | ---- | C] () -- C:\WINDOWS\puttytel.exe
[2005/01/20 07:23:55 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005/01/14 06:09:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cwProg.INI
[2004/11/09 05:30:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/10/22 02:42:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/04 09:20:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\s7fptp_x.INI
[2004/09/21 10:24:22 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/09/01 11:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/06/11 09:03:52 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ProTool.INI
[2004/05/21 05:03:23 | 000,050,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/04/02 10:57:59 | 000,049,664 | --S- | C] () -- C:\WINDOWS\NDNuninstall6_22.exe
[2004/04/02 03:26:22 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\PDFSpooler.exe
[2004/03/08 13:36:11 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\pb.dll
[2004/03/08 13:36:11 | 000,000,417 | ---- | C] () -- C:\WINDOWS\telcd.ini
[2004/03/01 12:31:24 | 000,000,901 | ---- | C] () -- C:\WINDOWS\cfgps.ini
[2004/03/01 12:30:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\cfgms.ini
[2004/02/24 06:39:39 | 000,000,759 | ---- | C] () -- C:\WINDOWS\cfgrt.ini
[2004/01/15 12:49:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\s7fstepx.INI
[2003/12/11 08:51:35 | 000,000,785 | ---- | C] () -- C:\WINDOWS\cfgrs.ini
[2003/12/04 04:42:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\u7ifocax.INI
[2003/12/04 04:40:41 | 000,000,027 | ---- | C] () -- C:\WINDOWS\u7iacfax.INI
[2003/11/19 04:02:16 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2003/10/20 13:39:44 | 000,187,392 | ---- | C] () -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/12 03:52:23 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/27 10:31:45 | 000,002,571 | ---- | C] () -- C:\WINDOWS\WinSEPR.ini
[2003/08/27 09:34:03 | 000,001,853 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2003/08/27 09:30:21 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\S5AS511.SYS
[2003/08/27 07:43:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\s7alibxx.INI
[2003/08/27 06:23:09 | 000,004,370 | ---- | C] () -- C:\WINDOWS\SONYMAP.INI
[2003/08/27 06:01:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FwSim.INI
[2003/08/27 05:57:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cp551inf.dll
[2003/08/27 05:56:24 | 000,104,633 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwDH485.sys
[2003/08/27 05:56:24 | 000,002,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwKbd.sys
[2003/08/27 05:56:22 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\s7200L2.dll
[2003/08/27 05:55:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\ptuninst.exe
[2003/08/22 05:23:40 | 000,000,748 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/22 05:11:58 | 000,006,724 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2003/07/17 12:37:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/17 12:27:38 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/17 12:17:13 | 000,023,287 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2003/07/17 12:15:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/07/17 12:14:36 | 000,562,446 | ---- | C] () -- C:\WINDOWS\System32\PERFH007.DAT
[2003/07/17 12:14:36 | 000,538,172 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/07/17 12:14:36 | 000,111,906 | ---- | C] () -- C:\WINDOWS\System32\PERFC007.DAT
[2003/07/17 12:14:36 | 000,096,080 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/07/17 12:05:00 | 000,000,615 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/11 06:28:18 | 000,157,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/11 06:21:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/11 06:17:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/11 04:46:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/11 04:46:36 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 00:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\PERFI007.DAT
[2002/08/29 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 00:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\PERFD007.DAT
[2002/08/29 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/10/28 11:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2001/09/13 00:06:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2000/11/10 09:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[1999/11/11 23:11:00 | 000,589,312 | ---- | C] () -- C:\WINDOWS\idapi32.dll
[1999/11/11 23:11:00 | 000,255,488 | ---- | C] () -- C:\WINDOWS\System32\idpdx32.dll
[1999/11/11 23:11:00 | 000,150,016 | ---- | C] () -- C:\WINDOWS\idr20007.dll
[1999/11/11 23:11:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\idbat32.dll
[1999/11/11 23:11:00 | 000,101,376 | ---- | C] () -- C:\WINDOWS\bantam.dll
[1996/12/19 09:37:38 | 000,103,360 | ---- | C] () -- C:\WINDOWS\System32\S7OSC16X.DLL
[1996/12/19 09:36:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\S7OSC32X.DLL
[1979/12/31 19:00:00 | 000,008,391 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
 
========== LOP Check ==========
 
[2009/12/20 16:15:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Application Updater
[2009/07/03 20:25:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Ableton
[2011/01/11 20:48:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Acronis
[2012/03/18 00:01:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\AskToolbar
[2009/04/25 18:02:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Convivea
[2011/01/30 10:31:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Desktopicon
[2006/07/24 00:49:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\DirectoriesAG
[2005/01/04 14:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\EarthBrowser
[2012/05/17 05:56:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Imed
[2003/10/21 16:23:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\InterVideo
[2012/05/17 05:55:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Ipyg
[2009/10/11 07:53:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Navigram
[2011/01/20 17:49:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\PCFix
[2006/09/05 06:03:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\PDFCreator
[2008/09/20 11:35:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\PKWARE
[2012/05/17 05:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\PriceGong
[2007/01/03 04:02:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\ProjectTracker
[2010/11/19 19:49:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Search Settings
[2006/07/15 01:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\sgrunt
[2008/07/26 02:31:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\SIEMENS AG
[2009/11/01 10:41:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Steinberg
[2009/06/23 17:19:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Toolbars
[2004/10/20 09:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\TuneUp Software
[2012/05/17 06:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\uTorrent
[2011/01/13 19:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\Waldorf
[2010/04/22 17:16:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo.EUROPE\Anwendungsdaten\YouTube Downloader
[2005/07/27 01:38:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\gmarillo\Anwendungsdaten\InterVideo
[2009/07/03 20:25:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton
[2011/01/11 20:48:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2005/01/04 14:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EarthBrowser
[2011/01/01 17:51:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eLicenser
[2012/02/26 01:35:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake
[2008/12/25 15:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2008/09/20 11:35:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKWARE
[2007/10/15 11:07:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Siemens
[2008/07/26 02:25:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Siemens AG
[2011/01/05 18:43:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Syncrosoft
[2004/10/20 09:49:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011/02/19 10:07:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/05 18:03:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/05 04:51:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/04/13 11:15:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2002/08/29 00:00:00 | 000,000,004 | -HS- | M] () -- C:\WINDOWS\Tasks\FOLDER.TSX
[2012/05/21 13:32:55 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\Tasks\mdth.job
[2011/04/28 14:50:10 | 000,000,182 | ---- | M] () -- C:\WINDOWS\Tasks\PCFix.job
[2012/05/21 13:36:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D59E69DA-0177-471C-9ACB-8AE45D89F44E}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\telcd.ini:AFP_AfpInfo
< End of report >

Virusbefall Bitte warten Sie während die Verbindung hergestellt wird.

Log-Analyse und Auswertung: Virusbefall Bitte warten Sie während die Verbindung hergestellt wird.

Virusbefall Bitte warten Sie während die Verbindung hergestellt wird.

Ähnliche Themen: Virusbefall Bitte warten Sie während die Verbindung hergestellt wird.