Nach Polizeivirus install_0_msi.exe nicht mehr da

Serabuche · 30.08.2012, 23:56

Kann mir jemand helfen?

Meldung nach dem Windows start,
Beispiel Bild:

http://www.trojaner-board.de/attachm...lermeldung.jpg

---------------------------------------------------------------------
Logfiles:
-----------

OTL Extras logfile created on: 31.08.2012 00:25:18 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Sera\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,90% Memory free
8,00 Gb Paging File | 6,28 Gb Available in Paging File | 78,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 49,64 Gb Free Space | 49,64% Space Free | Partition Type: NTFS
Drive D: | 132,88 Gb Total Space | 89,95 Gb Free Space | 67,69% Space Free | Partition Type: NTFS
Drive E: | 232,76 Gb Total Space | 152,46 Gb Free Space | 65,50% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 111,69 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive J: | 13,70 Gb Total Space | 11,12 Gb Free Space | 81,16% Space Free | Partition Type: FAT32

Computer Name: SERA-PC | User Name: Sera | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01777F13-E926-4339-9667-C81F47AC85A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{148FA0FA-F235-40D6-88CE-2D90CCF79D89}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1DB0FADF-2FAF-4CCA-AE6E-FB7E3C34FA42}" = lport=139 | protocol=6 | dir=in | app=system |
"{2313DCC9-5F14-451A-8A77-9C7F436FF452}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28A6C5AE-1A3B-4126-AAA2-BDE2CE404F21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C2E1446-E845-4AAC-A3A7-C9C914BE4EFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E71F88C-4056-4E66-A4B6-D34AEDA57E33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35A75FBF-7E4A-4849-A1D9-37E41E18B91D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3ABC03C1-5DB4-4810-983D-C33E89A61B5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B542C8D-3DC0-43D1-B4E0-D4589895F792}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{509FB9B3-B295-4064-8A60-FD47AF16D715}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E35F46A-2328-4425-A9F1-C7AA08374E25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70FC866B-3C90-4869-B474-0B97D5FC0B90}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{79C06308-4CE9-407A-A7AD-65BB1B7AF7B5}" = lport=445 | protocol=6 | dir=in | app=system |
"{79EDE12F-6121-4898-83E9-1CF536334850}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D4CFEF2-B232-43A2-BB64-6C081746C217}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81CDC13C-9718-43A3-8DC0-C9A304CE092B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{896DE469-1894-4BE2-9AB7-4489E78BCA63}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8C16EB70-B775-4959-B20F-A201C79367E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{8E7A31C6-F7DC-4F54-91E0-E8EC9D01CCBF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A93759F7-3129-4D21-85B7-578E7045628F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF5E93F7-3E6F-4921-B09E-7EAC944FA84B}" = rport=139 | protocol=6 | dir=out | app=system |
"{B8F0A850-6E0F-495F-AE01-5C69E28F5B03}" = lport=138 | protocol=17 | dir=in | app=system |
"{B91369B1-10BB-4957-AE5D-2801A2254FC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA14CF7B-38E3-44F3-8011-24D438D2BB27}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1CB5742-529F-4C27-B12E-AD0A36AE07D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E817E0B4-FD9C-454A-AFFE-72318BD59FE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFAC5209-697B-4093-9C4E-0BECCD300BFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F50B0B51-32F7-44BA-BC1A-A93502B8A632}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F96EF972-50B9-4488-8C06-0D40223238F0}" = rport=137 | protocol=17 | dir=out | app=system |
"{FB72F048-C8BC-4C85-8C8E-843F424E0D03}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE8FA8D9-2E55-40EF-9157-314ED5004506}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045A2A76-4793-4F54-9B66-497F3454D2AE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{05CCC652-780A-41C4-879C-07908762A5A9}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{071BBA47-5642-4B29-B98B-BE99CF563779}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{17601E87-9B15-4CC6-8818-7EBBD0DF6CE6}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{26768E2A-5D11-45D7-8382-CD5EAAA231E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E5571DD-2156-4B12-8089-556A74744ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3132CCB9-6824-4E73-B070-4985E9CDADC1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{3543EA0B-B8B0-4CC2-BECC-A2044B4B643F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BCFB9B8-CE75-458B-87BB-9D20B120D4B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4CEFC374-C6DA-4428-A539-1C9738745622}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{52FB7F96-BC45-4ED6-B89F-6E2D616F5F63}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{5703EAF1-9637-4C9D-9356-AC93DF95D0E1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{605BE609-D050-4C50-8847-E3A09C539074}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{771D8954-0C78-4F65-BF5C-694BEBA52B3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CF7719F-2EA3-4DBB-9172-FCE015BD282C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D51E62F-B983-40F1-A9A4-9F1CA9935B46}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7F825652-DA34-4797-85CF-C6976C116F96}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7FC36DB3-B402-416B-B28A-1230FC82DED2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81CC1AB3-745E-4B25-8A6E-564363A75D1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D4F716A-6F2B-4B9C-AEF2-520F9E69B2FF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A05645A1-ABA3-4A5A-8077-5FD5F8271F68}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A542382A-2C3A-4507-8044-FF48A1EF2026}" = protocol=6 | dir=in | app=e:\mamas ordner\proggs\azureus\azureus.exe |
"{B0A2C2E6-9614-4CD3-AA24-E396F8F44959}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{B88C5F97-992C-42D9-B14D-24EAE704EDEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD9E11C4-9B76-4B24-922D-26F8FAC6FA22}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C2454C06-43DC-4FE1-B0CD-57CD4B37880C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C3552995-2591-4B02-90E5-5CD02E54422C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C5A370EC-BF4D-4774-9494-EEC33D9BC68F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C5A3BB71-9ECD-4026-852E-CB6554CCD37E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C6FAF979-DEE1-4CF3-AF8A-2AB022AF4AD7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7793B7D-B577-4462-8A49-34AFBECA0664}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C8D5041F-E123-4DAD-81F4-F25C82F24842}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{C9CC4CBF-C68B-415C-A754-F2403118C0E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE3CEB59-C063-4705-AA59-B8F598A895C5}" = protocol=6 | dir=out | app=system |
"{DB0CACBC-F8A0-48DA-9EA4-2F3D02FF5E28}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E68930CD-86E6-4972-A090-B8FADC993420}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E73402E0-C642-4DFF-8438-B4B3DD82F83C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{F442C8DB-2583-4DA3-8F88-18A7789747D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FBC9AF47-FE53-4406-A73C-8AF87A5E45FA}" = protocol=17 | dir=in | app=e:\mamas ordner\proggs\azureus\azureus.exe |
"TCP Query User{6A1EA4CE-A865-465D-9B4E-E40C112991A5}C:\users\sera\appdata\roaming\uvyben\axqua.exe" = protocol=6 | dir=in | app=c:\users\sera\appdata\roaming\uvyben\axqua.exe |
"TCP Query User{CF815926-1AF2-4D37-9AA8-11CD932D6747}C:\program files (x86)\mozilla firefox 4.0 beta 6\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 6\plugin-container.exe |
"UDP Query User{987B222B-6EEE-4A97-BDFA-1576A83D8B0E}C:\program files (x86)\mozilla firefox 4.0 beta 6\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 6\plugin-container.exe |
"UDP Query User{BBBA4C27-6368-4BE5-B8D8-672617B46D97}C:\users\sera\appdata\roaming\uvyben\axqua.exe" = protocol=17 | dir=in | app=c:\users\sera\appdata\roaming\uvyben\axqua.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4C47DA93-303F-4165-918B-BCBAD9099DB8}" = Russisch für Deutsche - empfohlen
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F827F147-D65E-43C9-B73F-7401CA93FDB3}" = Russisch (deutschе Tastatur)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Upload-Manager" = 1&1 Upload-Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Free 3D Video Maker_is1" = Free 3D Video Maker version 1.1.5.508
"Free Audio Converter_is1" = Free Audio Converter version 5.0.11.508
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.12.804
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Google Chrome" = Google Chrome
"Internet Download Manager" = Internet Download Manager
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ST6UNST #1" = BEWERBUNGSMASTER
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.1.11

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19.10.2011 00:55:29 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9079

Error - 19.10.2011 00:55:29 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9079

Error - 19.10.2011 00:55:30 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.10.2011 00:55:30 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10077

Error - 19.10.2011 00:55:30 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10077

Error - 19.10.2011 04:50:24 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.10.2011 04:50:24 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1060

Error - 19.10.2011 04:50:24 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1060

Error - 19.10.2011 04:50:25 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.10.2011 04:50:25 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2059

[ Media Center Events ]
Error - 07.12.2011 09:47:52 | Computer Name = Sera-PC | Source = Microsoft-Windows-Media Center Extender | ID = 536
Description =

Error - 07.12.2011 09:50:52 | Computer Name = Sera-PC | Source = Microsoft-Windows-Media Center Extender | ID = 536
Description =

Error - 07.12.2011 09:57:10 | Computer Name = Sera-PC | Source = Microsoft-Windows-Media Center Extender | ID = 536
Description =

Error - 07.12.2011 10:01:19 | Computer Name = Sera-PC | Source = Microsoft-Windows-Media Center Extender | ID = 536
Description =

[ System Events ]
Error - 30.08.2012 05:40:09 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 07:14:28 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 07:14:30 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 08:59:16 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 08:59:18 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 09:37:43 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 09:37:45 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 11:15:33 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 11:15:35 | Computer Name = Sera-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 30.08.2012 15:33:28 | Computer Name = Sera-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.

< End of report >
-----------------------------------------------------------------------

OTL logfile created on: 31.08.2012 00:25:18 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Sera\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,90% Memory free
8,00 Gb Paging File | 6,28 Gb Available in Paging File | 78,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 49,64 Gb Free Space | 49,64% Space Free | Partition Type: NTFS
Drive D: | 132,88 Gb Total Space | 89,95 Gb Free Space | 67,69% Space Free | Partition Type: NTFS
Drive E: | 232,76 Gb Total Space | 152,46 Gb Free Space | 65,50% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 111,69 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive J: | 13,70 Gb Total Space | 11,12 Gb Free Space | 81,16% Space Free | Partition Type: FAT32

Computer Name: SERA-PC | User Name: Sera | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sera\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()

========== Services (SafeList) ==========

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ui11rdr) -- C:\Windows\SysNative\drivers\ui11rdr.SYS (1&1 Internet AG)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=a4ea60ff000000000000001fd055267c
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 E8 A3 BD 2C 78 CB 01 [binary data]
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\URLSearchHook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - No CLSID value found
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes,DefaultScope = {0590B797-28CC-4B24-BC3E-6BC6BF9627C3}
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes\{0590B797-28CC-4B24-BC3E-6BC6BF9627C3}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100789&babsrc=SP_ss&mntrId=a4ea60ff000000000000001fd055267c
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 11:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Sera\AppData\Roaming\IDM\idmmzcc3 [2011.05.23 22:29:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Sera\AppData\Roaming\IDM\idmmzcc3 [2011.05.23 22:29:10 | 000,000,000 | ---D | M]

[2010.10.24 20:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Extensions
[2010.08.26 22:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.05.05 20:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.10.22 12:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\fv7cfqo8.default\extensions
[2011.09.28 21:45:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\fv7cfqo8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.26 23:32:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\fv7cfqo8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.30 23:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions
[2012.07.25 23:17:50 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.08.21 10:38:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.26 23:32:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.22 11:32:11 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Sera\AppData\Roaming\Mozilla\Firefox\Profiles\fv7cfqo8.default\searchplugins\icqplugin.xml
[2012.01.09 23:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.09 23:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 6\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM
[2012.07.20 11:20:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.09 23:04:24 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: YouTube = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Billabong Surf Theme = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnjghdbnnficankmjeocglncagiippoc\1.0_0\
CHR - Extension: Google Mail = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [audiohddrive] C:\Users\Sera\AppData\Roaming\audiohddrive\audiohddrive.exe File not found
O4:64bit: - HKLM..\Run: [audiohddrivewin] C:\Users\Sera\AppData\Roaming\audiohddrivewin\audiohddrivewin.exe File not found
O4:64bit: - HKLM..\Run: [AudioTreiber_x64] C:\Users\Sera\AppData\Roaming\AudioTreiber_x64\AudioTreiber_x64.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-357678653-1223163808-252771922-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-357678653-1223163808-252771922-1001..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94382F93-BB1E-4413-B941-CFB4EA52BDE8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Sera\AppData\Roaming\audiohddrive\audiohddrive.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Sera\AppData\Roaming\audiohddrivewin\audiohddrivewin.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Sera\AppData\Roaming\drivehdwin\drivehdwin.exeC:\Users\Sera\AppData\Roaming\AudioTreiber_x64\AudioTreiber_x64.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{02b5c2ce-e006-11df-ac38-001167b61e81}\Shell - "" = AutoRun
O33 - MountPoints2\{02b5c2ce-e006-11df-ac38-001167b61e81}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk /p \?HINE BootExecute sett)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.30 23:40:20 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Sera\Desktop\OTL.exe
[2012.08.30 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\Sera\AppData\Roaming\Avira
[2012.08.30 21:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.30 21:59:47 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.30 21:59:47 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.08.30 21:59:47 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.30 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.30 21:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.08.30 21:52:12 | 000,000,000 | ---D | C] -- C:\Users\Sera\AppData\Roaming\NetSpeedMonitor
[2012.01.04 09:59:25 | 000,060,416 | ---- | C] (gdsfgsdf) -- C:\Users\Sera\AppData\Roaming\408938.exe
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.31 00:24:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.31 00:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.30 23:40:22 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sera\Desktop\OTL.exe
[2012.08.30 23:32:15 | 002,213,358 | ---- | M] () -- C:\Users\Sera\Desktop\Unbenannt.png
[2012.08.30 23:30:35 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.30 23:26:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 23:26:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 23:18:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.30 23:18:14 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.30 21:42:58 | 083,023,306 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.29 11:26:34 | 000,001,889 | ---- | M] () -- C:\Users\Sera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.27 13:27:03 | 000,000,162 | -H-- | M] () -- C:\Users\Sera\Documents\~$rita l.rtf
[2012.08.15 10:08:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 10:08:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.30 23:32:14 | 002,213,358 | ---- | C] () -- C:\Users\Sera\Desktop\Unbenannt.png
[2012.08.29 11:26:34 | 000,001,889 | ---- | C] () -- C:\Users\Sera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.29 11:26:32 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.27 13:27:03 | 000,000,162 | -H-- | C] () -- C:\Users\Sera\Documents\~$rita l.rtf
[2012.02.18 21:03:32 | 000,000,562 | ---- | C] () -- C:\Windows\wiso.ini
[2011.11.21 19:39:04 | 000,000,217 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.11.21 19:39:04 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.07.06 18:12:20 | 000,005,981 | ---- | C] () -- C:\Users\Sera\ESt2009_Buchmüller_Sergej_und_Margarethe.elfo
[2011.07.03 02:56:25 | 000,007,603 | ---- | C] () -- C:\Users\Sera\AppData\Local\Resmon.ResmonCfg
[2011.05.20 20:57:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.03.25 11:10:03 | 000,033,134 | ---- | C] () -- C:\Users\Sera\AppData\Roaming\UserTile.png
[2010.10.25 08:58:22 | 000,037,467 | ---- | C] () -- C:\Users\Sera\russisch tastatur.exe
[2010.10.24 20:30:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.24 13:18:58 | 012,666,128 | ---- | C] () -- C:\Users\Sera\objectdock_1_9_536.exe

========== LOP Check ==========

[2012.06.09 10:44:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\redsn0w
[2012.01.09 14:27:16 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\1&1
[2010.11.08 14:10:54 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\ACD Systems
[2012.01.23 23:37:02 | 000,000,000 | RHSD | M] -- C:\Users\Sera\AppData\Roaming\audiohddrive
[2011.11.04 17:15:08 | 000,000,000 | RHSD | M] -- C:\Users\Sera\AppData\Roaming\audiohddrivewin
[2012.01.23 23:37:02 | 000,000,000 | RHSD | M] -- C:\Users\Sera\AppData\Roaming\AudioTreiber_x64
[2012.08.30 23:12:35 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Azureus
[2012.01.09 23:04:23 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Babylon
[2012.02.18 21:04:45 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Buhl Data Service
[2011.10.09 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DAEMON Tools Lite
[2012.08.30 22:25:35 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DMCache
[2011.07.05 20:36:47 | 000,000,000 | -H-D | M] -- C:\Users\Sera\AppData\Roaming\drivehdwin
[2012.06.02 14:06:14 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DVDVideoSoft
[2011.08.15 16:18:15 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.27 17:29:02 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Fisher-Price
[2011.05.27 15:05:14 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Fuov
[2012.01.09 12:59:43 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\ICQ
[2012.08.30 22:23:51 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\IDM
[2011.05.20 21:19:22 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Leadertech
[2012.08.31 00:29:26 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\NetSpeedMonitor
[2011.12.19 00:20:53 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Paloma Networks, Inc
[2012.06.11 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\redsn0w
[2010.11.07 04:17:40 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\streamripper
[2011.10.28 01:40:35 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\TeamViewer
[2012.06.18 21:45:17 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\TomTom
[2010.11.07 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Ubisoft
[2011.06.24 01:30:30 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\updaterz
[2011.06.24 01:30:25 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Uvyben
[2011.07.10 21:05:54 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\whitepixel
[2012.01.23 23:37:02 | 000,000,000 | -HSD | M] -- C:\Users\Sera\AppData\Roaming\winsvchost
[2012.02.29 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Xilisoft
[2012.05.31 23:13:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
------------------------------------------------------------------------

Danke in voraus!
MfG. Sera

Nach Polizeivirus install_0_msi.exe nicht mehr da

Log-Analyse und Auswertung: Nach Polizeivirus install_0_msi.exe nicht mehr da

Nach Polizeivirus install_0_msi.exe nicht mehr da

Ähnliche Themen: Nach Polizeivirus install_0_msi.exe nicht mehr da