DVU-Trojaner hat auch mich erwischt - ist alles weg ?

Deichfisch

Tag zusammen,

ich habe mir heute gegen 10:00 h wohl auch den DVU - Trojaner eingehandelt.
Nichts ging mehr. Nicht mal abgesicherter Modus (Win XP Prof.).

1. Schritt: Avira Rescue Disc - FEHLANZEIGE
2. Schritt: Kaspersky Notfall CD 10 - TEILERFOLG
3. Schritt: Ich konnte erkennen, dass es sich eigentlich nur um eine
grafische Oberflche handelt, die automatisch startet und auch nur vollständig erscheint, wenn Verbindung ins WWW besteht. Auf X - Versuche Klammergriff dann eine erste Reaktion - ich konnte im Taskmanager in die Prozesse wechseln und alles einzeln beenden
4. Schritt: malwarebytes Anti-Malware gedownt
- prima, alles scheint wie vor dem Angriff - *freu*

5. Schritt: Rat hier im Forum befolgt und Defogger installiert:


CODE:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:18 on 11/01/2013 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

6. Schritt: OTL installiert und gescannt

CODE "OTL.txt":
OTL logfile created on: 11.01.2013 15:26:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Björn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,50 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 82,26% Memory free
5,34 Gb Paging File | 4,75 Gb Available in Paging File | 89,07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 100,01 Gb Total Space | 70,87 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
Drive D: | 365,75 Gb Total Space | 144,48 Gb Free Space | 39,50% Space Free | Partition Type: NTFS

Computer Name: ****-PC | User Name: *****| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.11 15:21:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.27 18:51:00 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 19:24:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 19:24:04 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.14 19:24:04 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.14 19:24:02 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 19:24:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.18 10:44:32 | 002,057,048 | ---- | M] (Tobit.Software) -- D:\Tobit Radio.fx\Client\rfx-tray.exe
PRC - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.06.07 12:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.06.15 14:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 15:35:46 | 001,519,616 | ---- | M] () -- C:\Programme\MSI\TV@nywhere AD V1.1\HyperMediaCenter 3.5\DTVR\Scheduled.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.28 08:40:33 | 000,077,824 | ---- | M] () -- C:\Programme\MSI\TV@nywhere AD V1.1\TV Tuner Card Utilities\HMCP3XCtl.exe
PRC - [2001.12.20 09:42:00 | 000,035,328 | ---- | M] (Logitech Inc. ) -- C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2001.12.20 01:59:00 | 000,204,800 | ---- | M] (Logitech Inc. ) -- C:\Programme\Logitech\iTouch\iTouch.exe
PRC - [2001.12.20 01:59:00 | 000,139,264 | ---- | M] () -- C:\Programme\Logitech\iTouch\KbdTray.exe
PRC - [2001.11.07 11:59:06 | 000,086,016 | ---- | M] (MusicMatch) -- C:\Programme\MusicMatch\MusicMatch Jukebox\mm_tray.exe
PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2000.07.06 21:12:18 | 000,032,768 | R--- | M] () -- C:\WINDOWS\twain_32\D66U\D066UUTY.EXE


========== Modules (No Company Name) ==========

MOD - [2012.07.31 02:08:04 | 000,016,872 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2012.05.14 19:24:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.01.26 12:39:32 | 009,560,576 | ---- | M] () -- D:\Tobit Radio.fx\Client\tobitclt.dll
MOD - [2012.01.26 11:13:36 | 000,215,552 | ---- | M] () -- D:\Tobit Radio.fx\Client\rfx-client$.ger
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.11.12 14:54:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008.06.15 14:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2008.04.14 15:35:46 | 001,519,616 | ---- | M] () -- C:\Programme\MSI\TV@nywhere AD V1.1\HyperMediaCenter 3.5\DTVR\Scheduled.exe
MOD - [2008.04.14 06:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.06.28 08:40:33 | 000,077,824 | ---- | M] () -- C:\Programme\MSI\TV@nywhere AD V1.1\TV Tuner Card Utilities\HMCP3XCtl.exe
MOD - [2003.09.10 04:42:28 | 000,045,056 | ---- | M] () -- C:\Programme\MSI\TV@nywhere AD V1.1\HyperMediaCenter 3.5\DTVR\kwspnd.dll
MOD - [2001.12.20 01:59:00 | 000,139,264 | ---- | M] () -- C:\Programme\Logitech\iTouch\KbdTray.exe
MOD - [2000.07.06 21:12:18 | 000,032,768 | R--- | M] () -- C:\WINDOWS\twain_32\D66U\D066UUTY.EXE


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2013.01.09 10:17:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.05.14 19:24:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 19:24:04 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.14 19:24:02 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 19:24:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.26 15:08:56 | 003,665,752 | ---- | M] () [Auto | Stopped] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2008.12.05 17:25:10 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008.06.15 14:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.14 19:24:08 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 19:24:08 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:03:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.12.04 17:50:55 | 000,027,924 | ---- | M] (MusicMatch, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008.12.02 12:59:55 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.16 05:33:14 | 000,115,752 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 05:33:14 | 000,025,512 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 05:33:14 | 000,015,016 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 05:33:12 | 000,120,744 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 05:33:12 | 000,114,216 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 05:33:12 | 000,110,632 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 05:33:12 | 000,089,256 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.02.14 10:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.01.09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2008.01.03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.12.04 19:34:18 | 000,946,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.10.08 13:32:56 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lgtosync.sys -- (LGTO_Sync)
DRV - [2007.08.29 03:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2007.08.29 03:04:04 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2005.04.07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2001.12.19 10:42:00 | 000,067,694 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2001.12.19 10:42:00 | 000,022,206 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.sys -- (LHidFlt2)
DRV - [2001.12.19 10:42:00 | 000,005,838 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2001.12.17 10:42:00 | 000,039,932 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2001.12.17 10:42:00 | 000,013,052 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [2001.12.17 10:42:00 | 000,010,496 | ---- | M] (Logitech Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2001.02.05 18:21:14 | 000,272,016 | R--- | M] (U.S. Robotics Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdxwmac.sys -- (wdxwmac)
DRV - [2001.01.18 14:34:38 | 000,027,792 | R--- | M] (U.S. Robotics Corp) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ndiscapi.sys -- (NDISCAPI)
DRV - [2001.01.18 14:34:38 | 000,026,064 | R--- | M] (U.S. Robotics Corp) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\capi.sys -- (CAPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {7AA7FB6A-67FC-4992-BA4F-C13EF6C14D34}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7AA7FB6A-67FC-4992-BA4F-C13EF6C14D34}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010.05.04 18:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.21 16:12:52 | 000,000,000 | ---D | M] (Toolbar fuer eBay) -- C:\Programme\Mozilla Firefox\extensions\{000E148C-F7A7-445A-9044-93BF6CE09ECB}
[1999.12.31 16:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2007.07.27 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Corel Reminder] File not found
O4 - HKLM..\Run: [D066UUtility] C:\WINDOWS\twain_32\D66U\D066UUTY.EXE ()
O4 - HKLM..\Run: [EM_EXEC] C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [MMTray] C:\Programme\MusicMatch\MusicMatch Jukebox\mm_tray.exe (MusicMatch)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc. )
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [Center Agent] C:\Programme\MSI\TV@nywhere AD V1.1\HyperMediaCenter 3.5\DTVR\Scheduled.exe ()
O4 - HKCU..\Run: [hddhealth] C:\Programme\HDD Health\hddhealth.exe -wl File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [rfxsrvtray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CAPI Tray.lnk = C:\Programme\U.S. Robotics ISDN Utilities\ccmon.exe (Sto//mann E+V GmbH )
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Control.lnk = C:\Programme\MSI\TV@nywhere AD V1.1\TV Tuner Card Utilities\HMCP3XCtl.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Björn\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220467195744 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BB7A547-4FB4-4FD5-BBCF-BA7017907C52}: DhcpNameServer = 192.168.0.30
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Programme\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.28 20:46:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{532074be-b584-11dc-99d6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{532074be-b584-11dc-99d6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{532074be-b584-11dc-99d6-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.11 15:21:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe
[2013.01.11 14:51:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Malwarebytes
[2013.01.11 14:51:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.11 14:51:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.11 14:51:26 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.11 14:51:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.10 10:46:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\aicon
[2013.01.10 10:46:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\@icon sushi
[2013.01.09 11:17:51 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\DVDVideoSoft
[2013.01.09 11:17:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DVDVideoSoft
[2013.01.09 11:17:38 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[2013.01.09 11:17:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoft
[2010.05.04 20:18:09 | 002,921,383 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Programme\uninstall.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.11 15:21:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe
[2013.01.11 15:17:28 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.11 15:16:56 | 000,203,520 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.11 15:16:53 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.11 15:16:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.11 15:13:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\defogger_reenable
[2013.01.11 15:11:25 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Defogger.exe
[2013.01.11 14:59:05 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.11 14:52:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013.01.11 14:51:28 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.10 15:37:39 | 000,111,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.10 10:49:02 | 000,000,479 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\E b a y.lnk
[2013.01.10 10:46:42 | 000,000,534 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\@icon sushi.lnk
[2013.01.10 10:36:19 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2013.01.09 17:29:24 | 000,479,082 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 17:29:24 | 000,437,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 17:29:24 | 000,092,232 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 17:29:24 | 000,069,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 13:44:14 | 000,032,411 | ---- | M] () -- C:\WINDOWS\SGTBox.INI
[2013.01.09 11:17:46 | 000,000,912 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.09 11:17:46 | 000,000,765 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Free Audio CD to MP3 Converter.lnk
[2013.01.09 10:08:38 | 000,016,960 | ---- | M] () -- D:\Eigene Dateien\camping_carnet09.pdf
[2013.01.07 18:27:26 | 000,000,050 | ---- | M] () -- C:\WINDOWS\InfModM.ini
[2013.01.06 12:40:22 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.31 17:31:32 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.12.30 12:53:34 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Monatseinkommen 2013.lnk
[2012.12.21 13:57:48 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.21 00:34:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.11 15:13:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\defogger_reenable
[2013.01.11 15:11:18 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Defogger.exe
[2013.01.11 14:51:28 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.10 10:46:42 | 000,000,534 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\@icon sushi.lnk
[2013.01.10 10:34:15 | 000,000,479 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\E b a y.lnk
[2013.01.09 11:17:46 | 000,000,912 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.09 11:17:46 | 000,000,765 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Free Audio CD to MP3 Converter.lnk
[2013.01.09 10:08:38 | 000,016,960 | ---- | C] () -- D:\Eigene Dateien\camping_carnet09.pdf
[2012.12.30 12:51:25 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Monatseinkommen 2013.lnk
[2012.02.15 16:36:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.04.09 17:14:35 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll
[2010.05.04 20:18:09 | 000,000,564 | ---- | C] () -- C:\Programme\Uninstall ElsterFormular.lnk
[2008.12.28 11:23:00 | 000,000,274 | ---- | C] () -- C:\Programme\PhonTool.ini
[2008.12.28 11:23:00 | 000,000,109 | ---- | C] () -- C:\Programme\params.ini
[2008.12.28 11:23:00 | 000,000,061 | ---- | C] () -- C:\Programme\wfcom.ini
[2008.12.28 11:23:00 | 000,000,029 | ---- | C] () -- C:\Programme\whconfig.ini
[2008.12.28 11:22:59 | 002,692,223 | ---- | C] () -- C:\Programme\userguide.pdf
[2008.12.28 11:22:59 | 000,012,800 | ---- | C] () -- C:\Programme\liesmich.wri
[2008.12.28 11:22:41 | 000,035,914 | ---- | C] () -- C:\Programme\modems.pac
[2008.12.28 11:22:38 | 000,002,560 | ---- | C] () -- C:\Programme\wmodems.dat
[2008.12.28 11:22:38 | 000,000,127 | ---- | C] () -- C:\Programme\custom.ini
[2008.12.05 17:54:44 | 000,111,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.03 09:08:04 | 000,000,306 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\TV2.INI
[2008.12.03 09:08:03 | 000,071,033 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\KTVR1.chl
[2008.12.03 09:08:03 | 000,000,149 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\KTVR1.cfg
[2008.12.03 09:03:59 | 000,000,881 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\PInfo.config
[2008.12.03 09:03:59 | 000,000,038 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\KAgent.cfg
[2008.12.03 09:03:59 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\SPInfo.cfg
[2008.12.02 12:55:40 | 000,000,313 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\wincmd.ini

========== ZeroAccess Check ==========

[2007.12.28 21:39:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.09.17 09:34:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2012.01.11 17:17:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2010.10.25 13:51:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2009.01.09 17:17:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.11.15 12:03:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PIXELA
[2009.08.30 15:23:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2013.01.10 10:46:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\aicon
[2008.10.18 14:08:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Canneverbe_Limited
[2013.01.09 13:45:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Canon
[2009.11.15 13:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Cuttermaran
[2009.01.09 00:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DataLayer
[2010.01.11 20:50:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Desktopicon
[2013.01.09 11:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoft
[2012.01.11 16:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\elsterformular
[2008.12.03 09:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\EPGData
[2009.08.30 15:24:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\GHISLER
[2010.04.16 16:05:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Helios
[2008.12.03 12:54:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\KWorld Multimedia
[2008.12.07 22:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Mp3tag
[2008.12.03 08:39:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\MSI
[2010.04.01 09:16:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Nokia
[2008.12.04 16:51:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Opera
[2009.01.09 17:23:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\PC Suite
[2008.12.10 10:32:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\PersBackup
[2010.10.07 20:17:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\R.4C
[2009.09.17 09:42:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Sony
[2011.04.09 17:15:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Tobit
[2010.01.05 21:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Toolbars
[2011.11.11 17:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\TS3Client
[2008.08.14 20:44:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Windows Desktop Search
[2008.10.18 14:36:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Windows Search

========== Purity Check ==========

< End of report >

CODE "EXTRAS.txt"
OTL Extras logfile created on: 11.01.2013 15:26:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Björn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,50 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 82,26% Memory free
5,34 Gb Paging File | 4,75 Gb Available in Paging File | 89,07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 100,01 Gb Total Space | 70,87 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
Drive D: | 365,75 Gb Total Space | 144,48 Gb Free Space | 39,50% Space Free | Partition Type: NTFS

Computer Name: *****-PC| User Name: *****| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Programme\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- C:\Programme\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe" = C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe:*isabled:NAVBrowser -- (Naviant, Inc.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation)
"H:\WS_FTP\WS_FTP95.exe" = H:\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95
"C:\Programme\WS_FTP\WS_FTP95.exe" = C:\Programme\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)
"E:\setup.exe" = E:\setup.exe:*:Enabled:setup
"C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application
"D:\Programme\Klebezettel NG\klebez.exe" = D:\Programme\Klebezettel NG\klebez.exe:*:Enabled:Elektronische Haftnotizen für Windows
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\GROOVE.EXE" = C:\Programme\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"D:\Tobit Radio.fx\Server\rfx-server.exe" = D:\Tobit Radio.fx\Server\rfx-server.exe:*:Enabled:Radio.fx Server -- ()
"D:\Tobit Radio.fx\Client\rfx-client.exe" = D:\Tobit Radio.fx\Client\rfx-client.exe:*:Enabled:Radio.fx Client -- (Tobit.Software)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@icon sushi_is1" = @icon sushi 1.21
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{49F864F5-1A85-4E69-8764-C7E4EABD8BA0}" = MSI TV Tuner Card Utilities
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.42 .1
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DAA2E2-A7DB-4CA3-8F99-62EB23BA3377}" = TV@nywhere Pro Teletext
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A2A227E0-8DEC-11D2-A564-B2890D000000}" = Jaws PDF Creator
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AE112F6D-D1B3-11D4-8577-00105ADDC431}" = mb Software ArCon 6
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech-Handbuch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = PhoneTools
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.5
"Canon ScanGear Toolbox FAU" = Canon ScanGear Toolbox FAU 2.5
"CCleaner" = CCleaner (remove only)
"CorelDRAW 10_TV" = CorelDRAW 10_TV
"DIKE" = DIKE
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7)
"ElsterFormular 11.4.1.4323" = ElsterFormular
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Google Updater" = Google Updater
"hp deskjet 960c series" = hp deskjet 960c series (nur entfernen)
"HyperMediaCenter 3.5_is1" = HyperMediaCenter 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"IrfanView" = IrfanView (remove only)
"ISDN TOOLS" = Uninstall U.S. Robotics ISDN Utilities
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mp3tag" = Mp3tag
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.STANDARD" = Microsoft Office Standard 2010
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"Opera 12.12.1707" = Opera 12.12
"TBSB03968.TBSB03968Toolbar" = Toolbar fuer eBay
"Tobit Radio.fx Server" = Radio.fx
"TVP3XDrv" = MSI TV@nywhere A/D V1.1 BDA Driver
"VLC media player" = VLC media player 0.9.8a
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XP RegTune 2.12" = XP RegTune 2.12
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.01.2013 03:29:04 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\TOBIT RADIO.FX\SERVER\RADIO.FX.DB-JOURNAL> in der Hash-Zuordnung
kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details:
Ein
an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error - 10.01.2013 07:37:56 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\TOBIT RADIO.FX\SERVER\RADIO.FX.DB-JOURNAL> in der Hash-Zuordnung
kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details:
Ein
an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error - 10.01.2013 07:49:48 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\TOBIT RADIO.FX\SERVER\RADIO.FX.DB-JOURNAL> in der Hash-Zuordnung
kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details:
Ein
an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error - 11.01.2013 04:37:49 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\TOBIT RADIO.FX\SERVER\RADIO.FX.DB-JOURNAL> in der Hash-Zuordnung
kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details:
Ein
an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error - 11.01.2013 05:13:24 | Computer Name = ****-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5

Error - 11.01.2013 09:23:40 | Computer Name = ****-PC | Source = Windows Search Service | ID = 7040
Description = Der Suchdienst hat beschädigte Datendateien im Index erkannt. Der
Dienst versucht, dieses Problem durch Neuerstellung des Index automatisch zu beheben.

Details:

0xc0041801 (0xc0041801)

Error - 11.01.2013 09:23:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 7040
Description = Der Suchdienst hat beschädigte Datendateien im Index erkannt. Der
Dienst versucht, dieses Problem durch Neuerstellung des Index automatisch zu beheben.

Kontext:
Windows Anwendung, SystemIndex Katalog Details: 0xc0041801 (0xc0041801)

Error - 11.01.2013 09:23:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3029
Description = Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext:
Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindex kann nicht gelesen
werden. (0xc0041800)

Error - 11.01.2013 09:23:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3028
Description = Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows
Anwendung, SystemIndex Katalog Details: Der Inhaltsindex kann nicht gelesen werden.
(0xc0041800)

Error - 11.01.2013 09:23:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3058
Description = Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung

Details:
Der
Inhaltsindex kann nicht gelesen werden. (0xc0041800)

[ System Events ]
Error - 11.01.2013 09:24:19 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows
Search.

Error - 11.01.2013 09:24:19 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 11.01.2013 09:24:19 | Computer Name = ****-PC | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "WSearch"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 11.01.2013 09:28:25 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "ServiceLayer" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.

Error - 11.01.2013 09:28:28 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.

Error - 11.01.2013 09:28:31 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 11.01.2013 09:28:55 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 11.01.2013 10:06:03 | Computer Name = ****-PC | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.

Error - 11.01.2013 10:06:33 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
agp440 IntelIde

Error - 11.01.2013 10:17:28 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Radio.fx Server" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt:
Starten Sie den Dienst neu..

< End of report >

7. Schritt: gmer scannen lassen

CODE:
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-11 19:14:27
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\SI3112r1Port2Path0Target0Lun0 SiI_____ rev.1100 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\BJRN~1\LOKALE~1\Temp\awdcapow.sys


---- System - GMER 2.0 ----

SSDT B16F7BBC ZwClose
SSDT B16F7B76 ZwCreateKey
SSDT B16F7BC6 ZwCreateSection
SSDT B16F7B9E ZwCreateSymbolicLinkObject
SSDT B16F7B6C ZwCreateThread
SSDT B16F7B7B ZwDeleteKey
SSDT B16F7B85 ZwDeleteValueKey
SSDT B16F7BB7 ZwDuplicateObject
SSDT B16F7BA3 ZwLoadDriver
SSDT B16F7B8A ZwLoadKey
SSDT B16F7B58 ZwOpenProcess
SSDT B16F7B99 ZwOpenSection
SSDT B16F7B5D ZwOpenThread
SSDT B16F7BDF ZwQueryValueKey
SSDT B16F7B94 ZwReplaceKey
SSDT B16F7BD0 ZwRequestWaitReplyPort
SSDT B16F7B8F ZwRestoreKey
SSDT B16F7BCB ZwSetContextThread
SSDT B16F7BD5 ZwSetSecurityObject
SSDT B16F7BA8 ZwSetSystemInformation
SSDT B16F7B80 ZwSetValueKey
SSDT B16F7BDA ZwSystemDebugControl
SSDT B16F7B67 ZwTerminateProcess
SSDT B16F7B62 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.0 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8994360, 0x34CDBF, 0xE8000020]

---- User code sections - GMER 2.0 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[388] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text D:\Tobit Radio.fx\Server\rfx-server.exe[1988] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes JMP 00642C40 D:\Tobit Radio.fx\Server\rfx-server.exe
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 10083A50 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 10083A90 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 10090D70 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!EndDialog 7E374A4E 5 Bytes JMP 10054EB0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!DefWindowProcA 7E37C17E 7 Bytes JMP 10054ED0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 10090CC0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 10090E40 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 10090D00 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 10090DB0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 10090D30 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 10090DF0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!DrawFrameControl 7E38E940 7 Bytes JMP 10081650 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 10090C80 D:\Tobit Radio.fx\Client\TOBITCLT.dll

---- Files - GMER 2.0 ----

File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS.log 131072 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS0057D.log 131072 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS0057E.log 0 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS0057F.log 131072 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS00580.log 131072 bytes
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS00581.log 131072 bytes

---- EOF - GMER 2.0 ----


Nun meine Frage an die Community: hab ich´s alles weg bekommen ?

Gruß´von der Küste

Deichfisch