Meldung: tcbhn wurde beendet und geschlossen

DEL66 · 21.03.2013, 12:51

Hallo trojan-board-Freunde,

als newbe gleich zum Problem:

- Vista tcbhn wird beendet und geschlossen
- habe andauernd Werbebanner doubleclick
- Win Explorer findet nicht (nur schwer) zur Startseite zurück

Habe Maleware-Byte durchlaufen lassen, alle Partitionen (Bericht ist unten)
Habe noch keine Aktionen gestartet (es gibt Funde)

Hijackthis ebenfalls (log ist unten angegeben) noch keine Aktionen durchgeführt

___________________________________________________________________
Ich bitte um Hilfe bei der Auswertung und Bereinigung
___________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:29:38, on 21.03.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\pdf24\PDFBackend.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Delwork\AppData\Roaming\BrowserCompanion\tbhcn.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Users\Delwork\Pictures\ooooo\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: DVDVideoSoftTB DE - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [FRITZ!protect] FwebProt.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [FRITZ!protect] FwebProt.exe (User 'Default user')
O4 - Startup: tbhcn.lnk = C:\Users\Delwork\AppData\Roaming\BrowserCompanion\tbhcn.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\Delwork\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9286 bytes
___________________________________________________________________________

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3237
Windows 6.0.6002 Service Pack 2

21.03.2013 12:13:17
mbam-log-2013-03-21 (12-12-37).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 294523
Laufzeit: 1 hour(s), 39 minute(s), 59 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
E:\Cryptload\Cryptload1.1.8\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> No action taken.
E:\CryptLoad_1.1.8\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> No action taken.
C:\END (Trojan.FakeAlert) -> No action taken.

aharonov · 21.03.2013, 13:43

Hi,

versuchs mal so:

Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.

Schliesse alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Adwcleaner
Logs von OTL

DEL66 · 23.03.2013, 22:03

Hallo,
habe etwas Zeit gebraucht ... Job geht vor.

Zum Thema: laut meiner Recherche haben die Probleme überhand genommen, seit u.a.
movie2k-streaming mit diesem Rechner benutzt wird.
Was mir bei den Logs aufgefallen ist: ich hatte 2 Partitionen C & D. D habe ich zu C
"verschmolzen" (EasUS-Partitions Manager), da ich nur noch einige MB auf C hatte.

Die Logs:AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.115 - Datei am 23/03/2013 um 20:55:48 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Delwork - DELWORK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Delwork\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Delwork\AppData\Local\sexdwiu.bat
Datei Gelöscht : C:\Users\Delwork\AppData\Local\sexdwiu.dat
Datei Gelöscht : C:\Users\Delwork\AppData\Local\sexdwiu_nav.dat
Datei Gelöscht : C:\Users\Delwork\AppData\Local\sexdwiu_navps.dat
Datei Gelöscht : C:\Users\Delwork\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Runner.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job
Gelöscht mit Neustart : C:\ProgramData\GinyasBrowserCompanion
Gelöscht mit Neustart : C:\Users\Delwork\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Program Files\BrowserCompanion
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Ordner Gelöscht : C:\Users\Delwork\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Delwork\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\Delwork\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\Delwork\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Delwork\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\Delwork\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Delwork\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Delwork\AppData\Roaming\Optimizer Pro

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB_DE Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Official-eMule
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\Software\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C60DBF3A-5E77-4E22-865B-BCC82CC8703B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1467D47-CEFB-4519-B86B-04DDC8C6F3BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sexdwiu
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\Software\Official-eMule
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\Delwork\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [8582 octets] - [23/03/2013 20:55:48]

########## EOF - C:\AdwCleaner[S1].txt - [8642 octets] ##########

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.03.2013 21:32:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Delwork\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,87% Memory free
4,22 Gb Paging File | 2,95 Gb Available in Paging File | 70,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,44 Gb Total Space | 0,57 Gb Free Space | 1,13% Space Free | Partition Type: NTFS
Drive D: | 22,62 Gb Total Space | 15,45 Gb Free Space | 68,28% Space Free | Partition Type: NTFS
 
Computer Name: DELWORK-PC | User Name: Delwork | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-268639378-705954818-2566428265-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026477FD-9344-4C89-84AC-C159E2C746C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{11F03507-219E-45DA-A954-E45DFDEB4C32}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{19932BE9-4B05-45D7-A3AB-8DF24214A6A3}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{21254FF2-EF1E-4C37-99E4-5055F8A6E4DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{22E9D63B-0062-410B-8864-540FBD46E851}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2404FC67-90F8-4819-997B-4086DCB634FB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{276B6B82-01D8-41BF-9C46-BA192F326930}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2879184D-A773-4881-8C55-1E83C622FD2C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{2945AC66-1809-4E98-998D-09CA86A6729B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2E390DD4-1D69-41AF-A5B7-173CC85C553C}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{3B17F46A-3218-4A58-B422-69B3862D7A51}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{437E97C4-76E8-43CF-ADE1-B9C9B1B42795}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4B0E5D57-355C-4002-9A41-F8087F18DB68}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{597CB49B-3AEB-41E9-AFBC-1CE5B1C52986}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5AD04576-4AEC-408C-85C5-50837C07B53E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{5C9CB5DB-B948-48C8-93C3-00A712F4CFD4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{600FE90A-0805-4D3D-A60A-D2E2BB97C391}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{60FADAD0-39ED-4C8A-B43E-9B6E53CC9BE8}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{63C3284F-6142-4B79-9F79-689BB05DBB00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71B11307-881C-4685-8628-8AE9833AA5B4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{740BDAB6-765E-4DED-B08E-83D918EA546B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7B64C758-EBF3-4B50-8B2A-D78736CC2581}" = lport=443 | protocol=6 | dir=in | name=http-port | 
"{7F0CBF08-2B83-4038-B776-14E6C04D2BA9}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{939CD7CE-CB55-4EF4-AF76-DBE333F45FD2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A43DBE10-8105-4D4F-9539-38610004F11E}" = lport=37335 | protocol=17 | dir=in | name=udp | 
"{B4603665-3460-462C-9950-AF0402EC87C0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BB1DA139-75FD-4835-94F8-298A7ADB50E2}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{BBCC1BF4-A4EF-48BC-B75C-14C8AA7DA701}" = lport=59185 | protocol=6 | dir=in | name=tcp | 
"{CFE1B2C2-E194-4945-A74F-2FA4E8E68391}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{D529253A-4F5D-4D79-8069-52A45DA22B77}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{D9BDF8BA-18A7-47DB-A3E5-E52014895B4E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E1D335E5-F827-4FAE-BFFC-CAD9DE9A0CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{E6FB9A84-2422-429C-8E1C-8FC516DA9469}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EBA02E0D-3B9F-481D-9CA5-D601E1AFDCFC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FF1B7836-3266-4902-AF01-A3C719EF8767}" = lport=139 | protocol=6 | dir=in | app=system | 
"TCP Query User{62AD041F-EDBD-485A-B7F4-13620B8B19D9}E:\program files\emule\emule.exe" = lport=4662 | protocol=6 | dir=in | app=e:\program files\emule\emule.exe | 
"UDP Query User{CEFAAE0B-60FA-41A7-8FB4-46482A5EBDED}E:\program files\emule\emule.exe" = lport=4672 | protocol=17 | dir=in | app=e:\program files\emule\emule.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058EF04D-383E-4815-A3CE-085A525CAB4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{096C59CF-3ACB-4AB6-A6E3-6DF2C5AC0641}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{11BA1B7E-7392-4384-BBDB-460A236949D6}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{193AC303-8716-45EA-8A30-892C32FF1054}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BB1EEF2-8E74-46E6-9D33-5541C14B6E7A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{1F1D51BA-B821-4244-AFDA-6C91CC2C8647}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{1FA946BE-0D64-4168-98F6-23C2216CB8B5}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{21171E2A-BF96-44A4-B2C8-89A5B46764DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{21D0092A-1DC3-447B-95DD-F8EB714A7224}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{387619AE-0526-40D2-9BEF-DF89B7F84903}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{39CE5047-A593-457D-87DA-4746979D131D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3F1A74DF-CF51-48F2-8151-2617582C6914}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{40F3E32D-6431-447D-806E-35B9A4DB9AEB}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{4158215C-D84A-494E-9CCA-224448AAABFD}" = protocol=6 | dir=in | app=c:\program files\elsterformular\2008-2009\elfostarter2008.exe | 
"{457495CB-90CD-4B04-A736-D9C01BA1A11A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{4688955A-D169-447F-9FA8-D17967E4E975}" = dir=in | app=f:\setup\hpznui01.exe | 
"{4D0914D6-CCF3-4A16-98DF-1CA81F081DAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{4D608DD1-814C-4A1E-8E74-95801968247C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{4D8AFB82-0E8A-4ED8-9AAA-814A3C95E5DC}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{50A5F723-BD94-4071-B392-C8CF8CF0F9E9}" = protocol=6 | dir=out | app=system | 
"{5E8ECF47-34C6-4DD5-ABA8-F5C9FD31A7F2}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{62D35404-0125-476B-A970-58D94F6D3AC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{6FE810B2-716D-45C5-93F1-026266F63323}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{7601928C-9AAC-4D97-B86E-8DC714ED7851}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{7FD349D6-22A2-4C19-82BF-D7133615252D}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{80E3A903-CDD0-43FE-BED4-D67301BC6967}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{8619D524-1D0A-4C2E-B9EB-940F5EFBCC8A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{86A78A9C-B8AE-4FB8-ACEE-C22639B28719}" = protocol=17 | dir=in | app=c:\program files\elsterformular\2008-2009\elfostarter2008.exe | 
"{8B392676-557C-4AB1-AC63-26ACEA7031EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8B72F124-9815-49DF-9DD7-3E1CF16AD121}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{8E1CB0B1-A72B-4B9B-80C4-B0BD2F68713F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{9028FBBC-3D44-4248-B9A9-90303E4334A7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{913F60E5-3D8C-4446-9A2D-E28D4A5CBC40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{94C1ECDF-832D-4ECA-B496-776B031F5BEC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{95BDFAFD-73C1-495F-AE68-078D7D0CEF61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{9B9EAFC2-E9EB-4D49-8A7D-EC2BE5018240}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{A0167C8D-0F5A-415B-B735-30B837F25BDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A0C0D82F-926F-4832-BA2C-85D1B19D5766}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0D8B9EB-E40A-4095-8DC0-B95E25D9920D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{A5570419-E1DF-429D-AC9C-8C115ADD18A5}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{A5A08149-57A9-4024-941A-F646D77D19A5}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{C096E889-0072-403C-B3B2-044E11B3FA58}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C5FC1F58-2DA2-4806-A5AE-A74745EF61E3}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{C9FB0624-525A-4B98-B491-0D9E097ED19F}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{D208AD64-01D1-46C2-A0E4-BC6922081448}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D637C40E-A666-4597-9394-37A67655E58D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{D810A035-F54A-4708-8B64-0213577F9D06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DCB11CDF-10E2-4315-ABBF-9A255A344F7C}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{DE2B56E2-5C9C-4C52-9D4B-2ACB992AF02A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4B197AE-359A-40A0-AEE6-C90DCAB56801}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{E7DCF390-17BE-4669-B25B-ADA7EBF419CE}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{F3C9250D-0DB7-4DA8-96BF-F86A14A86BB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7B10461-5146-41C0-903F-43049FB59C75}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7E1F270-0984-4531-A1E4-224D3347B557}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{F96EFEFB-B195-401E-9B65-AB442D8D6053}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"TCP Query User{08B067F6-2A72-424D-A244-1373C38F0840}E:\cryptload\cryptload1.1.8\routerclient.exe" = protocol=6 | dir=in | app=e:\cryptload\cryptload1.1.8\routerclient.exe | 
"TCP Query User{53D99B72-9949-4C98-8B0A-303695B08AFA}C:\program files\radioripper\radioripper.exe" = protocol=6 | dir=in | app=c:\program files\radioripper\radioripper.exe | 
"TCP Query User{8984D283-6767-4649-83C4-CFC91DF376B7}E:\cryptload\cryptload1.1.8\routerclient.exe" = protocol=6 | dir=in | app=e:\cryptload\cryptload1.1.8\routerclient.exe | 
"TCP Query User{914EFA76-1314-4CB0-8822-2695A8CC38E7}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{A8379F35-1EF0-431F-94AC-C26640B48D94}E:\emule software\emule\emule.exe" = protocol=6 | dir=in | app=e:\emule software\emule\emule.exe | 
"TCP Query User{DEF5F729-E5A2-4A67-90C8-FF760BD7CF19}E:\program files\emule\emule.exe" = protocol=6 | dir=in | app=e:\program files\emule\emule.exe | 
"TCP Query User{EC54D089-A714-4DCD-A63C-C0F9FFD89F01}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{21230279-23AB-41FC-8BDB-DD33D9C58213}E:\cryptload\cryptload1.1.8\routerclient.exe" = protocol=17 | dir=in | app=e:\cryptload\cryptload1.1.8\routerclient.exe | 
"UDP Query User{47A1AB8B-6E69-4E23-B908-BB1F4040950A}C:\program files\radioripper\radioripper.exe" = protocol=17 | dir=in | app=c:\program files\radioripper\radioripper.exe | 
"UDP Query User{4EB92364-1076-475B-AA7D-E77E3F83C1C9}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{90BC6965-53DF-466A-B10E-82E660B5B1E1}E:\emule software\emule\emule.exe" = protocol=17 | dir=in | app=e:\emule software\emule\emule.exe | 
"UDP Query User{BA330DBE-D993-4016-BE25-B3CE63A2A3C9}E:\cryptload\cryptload1.1.8\routerclient.exe" = protocol=17 | dir=in | app=e:\cryptload\cryptload1.1.8\routerclient.exe | 
"UDP Query User{CEA2B600-29A9-4944-8E1F-1AE15973302D}E:\program files\emule\emule.exe" = protocol=17 | dir=in | app=e:\program files\emule\emule.exe | 
"UDP Query User{D39948DD-95B3-4C09-907E-AEF8BCFC38F2}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22AE56FC-D99B-4A65-A4EE-4FD9DF1415E9}" = MP3Find pro v4.93
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1" = SmartPCFixer 4.2
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EAF092E3-6B95-41E8-B468-94B85DAD8603}" = eDocPrinter PDF Pro Ver 6.38 
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner (remove only)
"CodInstl" = Intel A/V Codecs V2.0
"doPDF 5  printer_is1" = doPDF 5.2  printer
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.2.1 Home Edition
"egaiyyi" = Favorit
"ElsterFormular 11.2.0.4074" = ElsterFormular
"eMule" = eMule
"EWE TEL-DSL" = EWE TEL-DSL-Installationsdateien entfernen
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.18.1005
"Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"Kalender-Excel-8.7.1_is1" = Kalender-Excel-8.7.1
"KaraFun_is1" = KaraFun 1.18
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark Fax Solutions" = Lexmark Fax-Lösungen
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX music maker 2003" = MAGIX music maker 2003
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"novaPDF Pro v5_is1" = novaPDF Pro v5 (novaPDF Professional Desktop 5.5  printer)
"Optimizer Pro_is1" = Optimizer Pro v3.0
"PDF Converter_is1" = PDF Converter 3.0
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"QcDrv" = Logitech® Camera-Treiber
"SQIEK" = SQIEK - Version 1.01
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 0.9.9
"WinCleanerMemOptimizer_is1" = WinCleaner Memory Optimizer Version 5.2
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinImage" = WinImage
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-268639378-705954818-2566428265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RadioRipper" = RadioRipper 1.1d BETA5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2012 13:55:59 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 430  Anfangszeit: 01cda321e7cb02d6  Zeitpunkt
 der Beendigung: 19
 
Error - 12.10.2012 07:54:36 | Computer Name = Delwork-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LVPrcSrv.exe, Version 11.1.0.2021, Zeitstempel
 0x46a05f1a, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0xd1c, Anwendungsstartzeit
 01cda870587bed72.
 
Error - 19.10.2012 11:34:23 | Computer Name = Delwork-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.10.2012 13:06:30 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 6e0  Anfangszeit: 01cdadc848afcd37  Zeitpunkt
 der Beendigung: 112
 
Error - 22.10.2012 17:36:16 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 112c  Anfangszeit: 01cdb09d2202e71a  Zeitpunkt
 der Beendigung: 29
 
Error - 22.10.2012 17:42:24 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 474  Anfangszeit: 01cdb09dcff4525a  Zeitpunkt
 der Beendigung: 7
 
Error - 22.10.2012 17:43:06 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: ab8  Anfangszeit: 01cdb09e1faa5baa  Zeitpunkt
 der Beendigung: 8
 
Error - 30.10.2012 04:27:45 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 2610  Anfangszeit: 01cdb6745bc9b620  Zeitpunkt
 der Beendigung: 35
 
Error - 30.10.2012 04:28:34 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 279c  Anfangszeit: 01cdb67870127140  Zeitpunkt
 der Beendigung: 85
 
Error - 02.11.2012 14:23:11 | Computer Name = Delwork-PC | Source = VSS | ID = 8194
Description = 
 
[ System Events ]
Error - 23.03.2013 05:01:10 | Computer Name = Delwork-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.03.2013 05:01:10 | Computer Name = Delwork-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.03.2013 05:01:10 | Computer Name = Delwork-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.03.2013 15:59:59 | Computer Name = Delwork-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker LexmarkFax nicht unter dem Namen
 LexmarkFax freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern
 im Netzwerk verwendet werden.
 
Error - 23.03.2013 15:59:59 | Computer Name = Delwork-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Lexmark 1200 Series nicht unter
 dem Namen Lexmark 1200 Series freigeben. Fehler: 2114. Der Drucker kann nicht von
 anderen Benutzern im Netzwerk verwendet werden.
 
Error - 23.03.2013 16:00:00 | Computer Name = Delwork-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker eDocPrinter PDF Pro nicht unter
 dem Namen eDocPrinter PDF Pro freigeben. Fehler: 2114. Der Drucker kann nicht von
 anderen Benutzern im Netzwerk verwendet werden.
 
Error - 23.03.2013 16:00:00 | Computer Name = Delwork-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Drag2PDF nicht unter dem Namen
 Drag2PDF freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern 
im Netzwerk verwendet werden.
 
Error - 23.03.2013 16:01:20 | Computer Name = Delwork-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.03.2013 16:01:20 | Computer Name = Delwork-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.03.2013 16:01:20 | Computer Name = Delwork-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.03.2013 21:32:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Delwork\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,87% Memory free
4,22 Gb Paging File | 2,95 Gb Available in Paging File | 70,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,44 Gb Total Space | 0,57 Gb Free Space | 1,13% Space Free | Partition Type: NTFS
Drive D: | 22,62 Gb Total Space | 15,45 Gb Free Space | 68,28% Space Free | Partition Type: NTFS
 
Computer Name: DELWORK-PC | User Name: Delwork | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.23 21:07:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Delwork\Desktop\OTL.exe
PRC - [2013.03.12 10:23:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.12 10:20:24 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.12 10:20:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.12 10:20:03 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.11.29 10:32:16 | 002,086,984 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Programme\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
PRC - [2009.09.25 09:12:36 | 000,206,992 | ---- | M] () -- C:\Programme\pdf24\PDFBackend.exe
PRC - [2009.07.28 15:07:42 | 000,073,528 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 08:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe
PRC - [2007.07.26 15:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007.07.25 16:06:30 | 002,027,792 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe
PRC - [2007.07.25 16:02:54 | 000,563,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007.07.25 16:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007.07.20 19:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007.07.20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007.07.20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007.07.06 10:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.19 14:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007.04.24 15:00:10 | 000,225,280 | ---- | M] (ATK0100) -- C:\Programme\ATK Hotkey\HControl.exe
PRC - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
PRC - [2007.03.22 16:09:28 | 002,420,736 | ---- | M] () -- C:\Programme\ATK Hotkey\ATKOSD.exe
PRC - [2007.02.08 23:53:50 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007.02.08 23:51:54 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () -- C:\Programme\ATK Hotkey\ASLDRSrv.exe
PRC - [2006.11.14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.09.25 09:12:36 | 000,206,992 | ---- | M] () -- C:\Programme\pdf24\PDFBackend.exe
MOD - [2007.07.25 16:13:54 | 000,098,064 | ---- | M] () -- C:\Programme\Logitech\QuickCam\LAppRes.DLL
MOD - [2007.07.25 16:06:30 | 002,027,792 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe
MOD - [2007.07.25 16:04:38 | 000,149,264 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2007.07.25 16:04:14 | 000,165,136 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2007.07.25 16:04:02 | 000,138,000 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2007.07.25 16:03:18 | 000,167,184 | ---- | M] () -- C:\Programme\Logitech\QuickCam\EFVal.dll
MOD - [2007.07.25 16:02:54 | 000,563,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2007.07.25 16:02:54 | 000,343,312 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2007.07.20 00:39:16 | 000,068,120 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2013.03.12 21:44:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.12 10:23:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.12 10:20:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.28 15:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.26 15:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007.07.20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.07.20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007.07.20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.11.14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.03.12 10:25:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.03.12 10:25:26 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.12 10:25:24 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.12 10:25:21 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.12.21 13:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2012.12.21 13:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.09.10 14:54:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2007.07.30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.26 15:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007.07.20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007.07.20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007.07.19 01:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.07.19 01:39:15 | 001,278,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2007.07.18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007.07.13 15:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.06.01 12:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.05.11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.09 01:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 05:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2007.03.05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007.01.18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006.12.14 14:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Delwork\Pictures\ooooo
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..\SearchScopes\{4BDA9295-5B28-4567-929D-8F1F7442AD27}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.29 17:05:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.29 17:05:47 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin:  (Enabled) = C:\Users\Delwork\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Delwork\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Mail = C:\Users\Delwork\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.10.02 22:30:34 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EaseUS EPM tray] C:\Programme\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\PDFBackend.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-268639378-705954818-2566428265-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Delwork\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..Trusted Domains: emule.com ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..Trusted Domains: emule.de ([]https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{418269F0-6CC9-4388-928E-B34822DAD499}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cc1fb3f0-7ec7-11e0-b883-00030d000001}\Shell - "" = AutoRun
O33 - MountPoints2\{cc1fb3f0-7ec7-11e0-b883-00030d000001}\Shell\AutoRun\command - "" = D:\VTP_Manager.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.23 21:07:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Delwork\Desktop\OTL.exe
[2013.03.21 16:40:18 | 000,000,000 | ---D | C] -- C:\Local Disk E_32120131613
[2013.03.21 13:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.2.1 Home Edition
[2013.03.21 13:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2013.03.21 12:13:03 | 000,000,000 | ---D | C] -- C:\Users\Delwork\Desktop\Maleware Log
[2013.03.21 09:31:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.20 20:29:18 | 000,000,000 | ---D | C] -- C:\Users\Delwork\Videos
[2013.03.14 09:31:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 09:31:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 09:30:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 09:30:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 09:30:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 09:30:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.14 09:30:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 09:30:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.12 10:50:31 | 000,000,000 | ---D | C] -- C:\Users\Delwork\AppData\Roaming\Avira
[2013.03.12 10:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.12 10:44:38 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.12 10:44:37 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.12 10:44:37 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.12 10:44:37 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.12 10:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.12 10:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.02.22 22:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\GinyasBrowserCompanion
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.23 21:13:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.23 21:07:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Delwork\Desktop\OTL.exe
[2013.03.23 21:00:27 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.23 21:00:27 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.23 21:00:19 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.23 20:59:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.23 20:56:55 | 000,000,170 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.23 20:54:27 | 000,609,993 | ---- | M] () -- C:\Users\Delwork\Desktop\adwcleaner.exe
[2013.03.23 20:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.21 17:13:02 | 000,001,934 | ---- | M] () -- C:\Users\Public\Desktop\Logitech QuickCam.lnk
[2013.03.21 16:13:20 | 000,001,142 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2013.03.21 14:12:15 | 000,083,968 | ---- | M] () -- C:\Users\Delwork\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.21 13:47:26 | 000,001,278 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Partition Master 9.2.1 Home Edition.lnk
[2013.03.21 13:27:56 | 000,639,460 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.21 13:27:56 | 000,605,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.21 13:27:56 | 000,131,274 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.21 13:27:56 | 000,108,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.20 15:26:46 | 000,029,181 | ---- | M] () -- C:\Users\Delwork\Desktop\Holtus.odt
[2013.03.20 15:26:39 | 000,066,727 | ---- | M] () -- C:\Users\Delwork\Desktop\A_Holtus_Mandat_pdf.pdf
[2013.03.20 14:08:13 | 000,005,433 | ---- | M] () -- C:\Users\Delwork\Desktop\Vodka 1.jpg
[2013.03.15 09:29:06 | 000,002,605 | ---- | M] () -- C:\Users\Delwork\Desktop\Microsoft Word.lnk
[2013.03.12 21:44:30 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.12 21:44:30 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.12 10:44:46 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.12 10:25:27 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.12 10:25:26 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.12 10:25:24 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.12 10:25:21 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.07 14:57:15 | 000,990,638 | ---- | M] () -- C:\Users\Delwork\Documents\Olaf Schwarting_Bewerbung_Projekt_QM.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.23 20:55:59 | 000,000,170 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.23 20:54:13 | 000,609,993 | ---- | C] () -- C:\Users\Delwork\Desktop\adwcleaner.exe
[2013.03.21 17:13:02 | 000,001,934 | ---- | C] () -- C:\Users\Public\Desktop\Logitech QuickCam.lnk
[2013.03.21 16:11:30 | 000,001,142 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2013.03.21 13:47:26 | 000,001,278 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Partition Master 9.2.1 Home Edition.lnk
[2013.03.21 13:47:23 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2013.03.21 13:47:22 | 002,468,520 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2013.03.21 13:47:22 | 000,087,112 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2013.03.21 13:47:22 | 000,014,920 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2013.03.21 13:47:22 | 000,009,160 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2013.03.20 15:24:56 | 000,066,727 | ---- | C] () -- C:\Users\Delwork\Desktop\A_Holtus_Mandat_pdf.pdf
[2013.03.20 15:24:38 | 000,029,181 | ---- | C] () -- C:\Users\Delwork\Desktop\Holtus.odt
[2013.03.20 14:08:37 | 000,005,433 | ---- | C] () -- C:\Users\Delwork\Desktop\Vodka 1.jpg
[2013.03.12 10:44:46 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.07 14:57:07 | 000,990,638 | ---- | C] () -- C:\Users\Delwork\Documents\Olaf Schwarting_Bewerbung_Projekt_QM.pdf
[2013.02.27 19:48:07 | 000,002,605 | ---- | C] () -- C:\Users\Delwork\Desktop\Microsoft Word.lnk
[2012.11.08 16:39:00 | 000,014,087 | ---- | C] () -- C:\Users\Delwork\Überprüfungsantrag Arbeitsamt.pdf
[2012.07.29 16:52:38 | 000,241,383 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.01.12 21:14:35 | 000,000,095 | ---- | C] () -- C:\Users\Delwork\AppData\Local\fusioncache.dat
[2010.11.05 17:21:10 | 000,229,712 | ---- | C] () -- C:\Users\Delwork\EndPlan 3 VL Herren halle 2010.pdf
[2010.04.05 12:43:27 | 000,018,259 | ---- | C] () -- C:\Users\Delwork\Elster 1 Quartal 2010.elfo
[2009.09.22 12:31:45 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\ewogxph.bat
[2009.09.20 16:28:13 | 000,000,091 | ---- | C] () -- C:\Users\Delwork\AppData\Local\hclfab.bat
[2009.09.08 12:08:14 | 000,000,090 | ---- | C] () -- C:\Users\Delwork\AppData\Local\ohoxh.bat
[2009.08.29 16:43:05 | 000,000,093 | ---- | C] () -- C:\Users\Delwork\AppData\Local\edsqigwv.bat
[2009.08.18 20:43:00 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\kawlbea.bat
[2009.07.27 15:18:52 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\wywymii.bat
[2009.07.18 17:26:20 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\cuaueaw.bat
[2009.07.16 17:25:43 | 000,000,090 | ---- | C] () -- C:\Users\Delwork\AppData\Local\saoyc.bat
[2009.07.14 17:24:48 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\egaiyyi.bat
[2009.01.23 22:47:34 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2008.12.30 19:37:38 | 000,000,680 | ---- | C] () -- C:\Users\Delwork\AppData\Local\d3d9caps.dat
[2008.12.30 15:59:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.10.31 20:12:41 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.05.18 17:41:35 | 000,000,016 | -H-- | C] () -- C:\Users\Delwork\AppData\Local\mxfilerelatedcache.mxc2
[2008.05.18 17:41:34 | 000,000,016 | -H-- | C] () -- C:\Users\Delwork\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.05.18 17:41:32 | 000,000,016 | -H-- | C] () -- C:\Users\Delwork\mxfilerelatedcache.mxc2
[2007.10.24 16:46:02 | 000,083,968 | ---- | C] () -- C:\Users\Delwork\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---

THX a lot

Gruß DEL 66

..... habe soeben festgestellt, dass nur 455 MB in Partition C frei sind und Partition D
noch immer vorhanden ist ..... LOL... was mit Sicherheit zum Verhalten des Rechners beiträgt.

aber eins nach dem anderen.

aharonov · 23.03.2013, 22:24

Hallo,

Zitat:

Drive C: | 50,44 Gb Total Space | 0,57 Gb Free Space | 1,13% Space Free | Partition Type: NTFS

Das ist natürlich wirklich nicht ideal.. Da würd ich dringen Platz schaffen.

Schritt 1

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 2

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Combofix
Log von OTL

DEL66 · 24.03.2013, 12:19

Hallo,

ComboFix durchlaufen lassen.

Log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-03-23.01 - Delwork 24.03.2013  11:31:31.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2038.1101 [GMT 1:00]
ausgeführt von:: c:\users\Delwork\Pictures\ooooo\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Delwork\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Delwork\Favorites\mxfilerelatedcache.mxc2
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\rnaph.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-24 bis 2013-03-24  ))))))))))))))))))))))))))))))
.
.
2013-03-24 10:56 . 2013-03-24 11:01	--------	d-----w-	c:\users\Delwork\AppData\Local\temp
2013-03-24 10:56 . 2013-03-24 10:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-23 19:55 . 2013-03-23 19:56	170	----a-w-	c:\windows\DeleteOnReboot.bat
2013-03-22 07:58 . 2013-03-15 07:21	7108640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{991ED4B7-26C0-4DDC-AA9F-E4D279975D05}\mpengine.dll
2013-03-21 15:40 . 2013-03-21 15:40	--------	d-----w-	C:\Local Disk E_32120131613
2013-03-21 12:47 . 2011-07-29 12:54	19840	----a-w-	c:\windows\system32\EuEpmGdi.dll
2013-03-21 12:47 . 2012-12-21 16:20	2468520	----a-w-	c:\windows\system32\BootMan.exe
2013-03-21 12:47 . 2012-12-21 12:54	14920	----a-w-	c:\windows\system32\epmntdrv.sys
2013-03-21 12:47 . 2012-12-21 12:53	9160	----a-w-	c:\windows\system32\EuGdiDrv.sys
2013-03-21 12:47 . 2012-12-21 12:53	87112	----a-w-	c:\windows\system32\setupempdrv03.exe
2013-03-21 12:47 . 2013-03-21 12:47	--------	d-----w-	c:\program files\EaseUS
2013-03-21 08:31 . 2013-02-12 01:57	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-14 08:31 . 2013-02-02 03:23	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-03-14 08:31 . 2013-02-02 04:19	149552	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-03-14 08:31 . 2013-02-02 03:26	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-03-14 08:31 . 2013-02-02 03:27	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-03-12 09:50 . 2013-03-12 09:50	--------	d-----w-	c:\users\Delwork\AppData\Roaming\Avira
2013-03-12 09:44 . 2013-03-12 09:25	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-12 09:44 . 2013-03-12 09:25	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-12 09:44 . 2013-03-12 09:25	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-12 09:44 . 2013-03-12 09:44	--------	d-----w-	c:\programdata\Avira
2013-03-12 09:44 . 2013-03-12 09:44	--------	d-----w-	c:\program files\Avira
2013-02-22 21:26 . 2013-03-23 19:55	--------	d-----w-	c:\programdata\GinyasBrowserCompanion
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 20:44 . 2012-04-27 21:01	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-12 20:44 . 2012-04-27 21:01	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2009-10-03 00:11	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 05:26 . 2013-02-13 17:34	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26 . 2013-02-13 17:34	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28 . 2013-02-13 17:35	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38 . 2013-02-13 17:35	2048512	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-22 894248]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"NDSTray.exe"="NDSTray.exe" [BU]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"PDFPrint"="c:\program files\pdf24\PDFBackend.exe" [2009-09-25 206992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-12 385248]
"EaseUS EPM tray"="c:\program files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93f261fc-7dce-4268-9edb-4c94f8afb899}"= "mscoree.dll" [2009-11-08 297808]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-02-08 22:56	295856	----a-w-	c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 15:02	563984	----a-w-	c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 15:06	2027792	----a-w-	c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-15 14:45	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 07:24	581632	----a-w-	c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 13:13	1629648	----a-w-	c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 20:44]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-05 17:57]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-05 17:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube Download - c:\users\Delwork\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
Trusted Zone: emule.com\www
Trusted Zone: emule.de
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-FRITZ!protect - FwebProt.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Desktop SMS - c:\program files\IDM\Desktop SMS\DesktopSMS.exe
AddRemove-Ashampoo Burning Studio 2010_is1 - e:\ashampoo burning studio 2010\unins000.exe
AddRemove-CCleaner - e:\ccleaner\uninst.exe
AddRemove-ElsterFormular 11.2.0.4074 - c:\program files\ElsterFormular\uninstall.exe
AddRemove-eMule - e:\program files\eMule\Uninstall.exe
AddRemove-Firebird SQL Server D - c:\program files\MAGIX\Common\Database\uninstall.exe
AddRemove-Kalender-Excel-8.7.1_is1 - c:\users\Delwork\Documents\Kalender-Excel-8.7.1\unins000.exe
AddRemove-KaraFun_is1 - e:\karafun\unins000.exe
AddRemove-MAGIX Digital Foto Maker SE D - c:\program files\MAGIX\DigitalFotoMaker2007_SE\instslct.exe
AddRemove-MAGIX Foto Suite D - c:\program files\MAGIX\Foto_Suite\instslct.exe
AddRemove-MAGIX music maker 2003 - c:\magix\mm2003\unwise.exe
AddRemove-MAGIX Online Druck Service D - c:\program files\MAGIX\Online_Druck_Service\instslct.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - e:\malwarebytes' anti-malware\unins000.exe
AddRemove-Optimizer Pro_is1 - c:\program files\Optimizer Pro\unins000.exe
AddRemove-WinCleanerMemOptimizer_is1 - e:\wincleaner memory optimizer\unins000.exe
AddRemove-{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1 - e:\smartpcfixer\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-24 12:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(11740)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\FRITZ!DSL\IGDCTRL.EXE
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-24  12:08:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-24 11:07
.
Vor Suchlauf: 314.339.328 Bytes frei
Nach Suchlauf: 383.504.384 Bytes frei
.
- - End Of File - - 9BD8B1617FA7E769D5658811C3519265

--- --- ---

aharonov · 24.03.2013, 13:44

Hallo,

fehlt nur noch das frische OTL-Log und dann geht's weiter.

DEL66 · 24.03.2013, 15:54

Hallo,

frische OTL-Log:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.03.2013 15:34:06 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Delwork\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,79% Memory free
4,21 Gb Paging File | 3,02 Gb Available in Paging File | 71,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,44 Gb Total Space | 0,53 Gb Free Space | 1,06% Space Free | Partition Type: NTFS
Drive D: | 22,62 Gb Total Space | 18,56 Gb Free Space | 82,05% Space Free | Partition Type: NTFS
 
Computer Name: DELWORK-PC | User Name: Delwork | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.23 21:07:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Delwork\Desktop\OTL.exe
PRC - [2013.03.12 21:44:30 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013.03.12 10:23:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.12 10:20:24 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.12 10:20:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.12 10:20:03 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.11.29 10:32:16 | 002,086,984 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Programme\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
PRC - [2009.09.25 09:12:36 | 000,206,992 | ---- | M] () -- C:\Programme\pdf24\PDFBackend.exe
PRC - [2009.07.28 15:07:42 | 000,073,528 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 08:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe
PRC - [2007.07.26 15:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007.07.25 16:06:30 | 002,027,792 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe
PRC - [2007.07.25 16:02:54 | 000,563,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007.07.25 16:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007.07.20 19:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007.07.20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007.07.20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007.07.06 10:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.19 14:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007.04.24 15:00:10 | 000,225,280 | ---- | M] (ATK0100) -- C:\Programme\ATK Hotkey\HControl.exe
PRC - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
PRC - [2007.03.22 16:09:28 | 002,420,736 | ---- | M] () -- C:\Programme\ATK Hotkey\ATKOSD.exe
PRC - [2007.02.08 23:53:50 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007.02.08 23:51:54 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () -- C:\Programme\ATK Hotkey\ASLDRSrv.exe
PRC - [2006.11.14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.09.25 09:12:36 | 000,206,992 | ---- | M] () -- C:\Programme\pdf24\PDFBackend.exe
MOD - [2007.07.25 16:13:54 | 000,098,064 | ---- | M] () -- C:\Programme\Logitech\QuickCam\LAppRes.DLL
MOD - [2007.07.25 16:06:30 | 002,027,792 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe
MOD - [2007.07.25 16:04:38 | 000,149,264 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2007.07.25 16:04:14 | 000,165,136 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2007.07.25 16:04:02 | 000,138,000 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2007.07.25 16:03:18 | 000,167,184 | ---- | M] () -- C:\Programme\Logitech\QuickCam\EFVal.dll
MOD - [2007.07.25 16:02:54 | 000,563,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2007.07.25 16:02:54 | 000,343,312 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2007.07.20 00:39:16 | 000,068,120 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2013.03.12 21:44:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.12 10:23:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.12 10:20:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.28 15:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.26 15:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007.07.20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.07.20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007.07.20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.11.14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.03.12 10:25:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.03.12 10:25:26 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.12 10:25:24 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.12 10:25:21 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.12.21 13:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2012.12.21 13:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.09.10 14:54:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2007.07.30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.26 15:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007.07.20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007.07.20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007.07.19 01:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.07.19 01:39:15 | 001,278,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2007.07.18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007.07.13 15:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.06.01 12:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.05.11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.09 01:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 05:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2007.03.05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007.01.18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006.12.14 14:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Delwork\Pictures\ooooo
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..\SearchScopes\{4BDA9295-5B28-4567-929D-8F1F7442AD27}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.29 17:05:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.29 17:05:47 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin:  (Enabled) = C:\Users\Delwork\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Delwork\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Mail = C:\Users\Delwork\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.03.24 11:57:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EaseUS EPM tray] C:\Programme\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\PDFBackend.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-268639378-705954818-2566428265-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-268639378-705954818-2566428265-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-268639378-705954818-2566428265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Delwork\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O15 - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..Trusted Domains: emule.com ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..Trusted Domains: emule.de ([]https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{418269F0-6CC9-4388-928E-B34822DAD499}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.24 12:08:04 | 000,000,000 | ---D | C] -- C:\Users\Delwork\AppData\Local\temp
[2013.03.24 12:00:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.03.24 11:28:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.24 11:28:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.24 11:28:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.24 11:27:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.24 11:26:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.23 21:07:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Delwork\Desktop\OTL.exe
[2013.03.21 16:40:18 | 000,000,000 | ---D | C] -- C:\Local Disk E_32120131613
[2013.03.21 13:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.2.1 Home Edition
[2013.03.21 13:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2013.03.21 12:13:03 | 000,000,000 | ---D | C] -- C:\Users\Delwork\Desktop\Maleware Log
[2013.03.21 09:31:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.20 20:29:18 | 000,000,000 | ---D | C] -- C:\Users\Delwork\Videos
[2013.03.14 09:31:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 09:31:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 09:30:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 09:30:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 09:30:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 09:30:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.14 09:30:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 09:30:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.12 10:50:31 | 000,000,000 | ---D | C] -- C:\Users\Delwork\AppData\Roaming\Avira
[2013.03.12 10:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.12 10:44:38 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.12 10:44:37 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.12 10:44:37 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.12 10:44:37 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.12 10:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.12 10:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.02.22 22:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\GinyasBrowserCompanion
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.24 15:13:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.24 14:48:52 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 14:48:48 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 14:48:19 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.24 14:47:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.24 11:57:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.24 11:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.23 21:07:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Delwork\Desktop\OTL.exe
[2013.03.23 20:56:55 | 000,000,170 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.23 20:54:27 | 000,609,993 | ---- | M] () -- C:\Users\Delwork\Desktop\adwcleaner.exe
[2013.03.21 17:13:02 | 000,001,934 | ---- | M] () -- C:\Users\Public\Desktop\Logitech QuickCam.lnk
[2013.03.21 16:13:20 | 000,001,142 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2013.03.21 14:12:15 | 000,083,968 | ---- | M] () -- C:\Users\Delwork\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.21 13:47:26 | 000,001,278 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Partition Master 9.2.1 Home Edition.lnk
[2013.03.21 13:27:56 | 000,639,460 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.21 13:27:56 | 000,605,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.21 13:27:56 | 000,131,274 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.21 13:27:56 | 000,108,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.20 15:26:46 | 000,029,181 | ---- | M] () -- C:\Users\Delwork\Desktop\Holtus.odt
[2013.03.20 15:26:39 | 000,066,727 | ---- | M] () -- C:\Users\Delwork\Desktop\A_Holtus_Mandat_pdf.pdf
[2013.03.20 14:08:13 | 000,005,433 | ---- | M] () -- C:\Users\Delwork\Desktop\Vodka 1.jpg
[2013.03.15 09:29:06 | 000,002,605 | ---- | M] () -- C:\Users\Delwork\Desktop\Microsoft Word.lnk
[2013.03.12 21:44:30 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.12 21:44:30 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.12 10:44:46 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.12 10:25:27 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.12 10:25:26 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.12 10:25:24 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.12 10:25:21 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.07 14:57:15 | 000,990,638 | ---- | M] () -- C:\Users\Delwork\Documents\Olaf Schwarting_Bewerbung_Projekt_QM.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.24 11:28:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.24 11:28:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.24 11:28:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.24 11:28:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.24 11:28:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.23 20:55:59 | 000,000,170 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.23 20:54:13 | 000,609,993 | ---- | C] () -- C:\Users\Delwork\Desktop\adwcleaner.exe
[2013.03.21 17:13:02 | 000,001,934 | ---- | C] () -- C:\Users\Public\Desktop\Logitech QuickCam.lnk
[2013.03.21 16:11:30 | 000,001,142 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2013.03.21 13:47:26 | 000,001,278 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Partition Master 9.2.1 Home Edition.lnk
[2013.03.21 13:47:23 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2013.03.21 13:47:22 | 002,468,520 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2013.03.21 13:47:22 | 000,087,112 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2013.03.21 13:47:22 | 000,014,920 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2013.03.21 13:47:22 | 000,009,160 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2013.03.20 15:24:56 | 000,066,727 | ---- | C] () -- C:\Users\Delwork\Desktop\A_Holtus_Mandat_pdf.pdf
[2013.03.20 15:24:38 | 000,029,181 | ---- | C] () -- C:\Users\Delwork\Desktop\Holtus.odt
[2013.03.20 14:08:37 | 000,005,433 | ---- | C] () -- C:\Users\Delwork\Desktop\Vodka 1.jpg
[2013.03.12 10:44:46 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.07 14:57:07 | 000,990,638 | ---- | C] () -- C:\Users\Delwork\Documents\Olaf Schwarting_Bewerbung_Projekt_QM.pdf
[2013.02.27 19:48:07 | 000,002,605 | ---- | C] () -- C:\Users\Delwork\Desktop\Microsoft Word.lnk
[2012.11.08 16:39:00 | 000,014,087 | ---- | C] () -- C:\Users\Delwork\Überprüfungsantrag Arbeitsamt.pdf
[2012.07.29 16:52:38 | 000,241,383 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.01.12 21:14:35 | 000,000,095 | ---- | C] () -- C:\Users\Delwork\AppData\Local\fusioncache.dat
[2010.11.05 17:21:10 | 000,229,712 | ---- | C] () -- C:\Users\Delwork\EndPlan 3 VL Herren halle 2010.pdf
[2010.04.05 12:43:27 | 000,018,259 | ---- | C] () -- C:\Users\Delwork\Elster 1 Quartal 2010.elfo
[2009.09.22 12:31:45 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\ewogxph.bat
[2009.09.20 16:28:13 | 000,000,091 | ---- | C] () -- C:\Users\Delwork\AppData\Local\hclfab.bat
[2009.09.08 12:08:14 | 000,000,090 | ---- | C] () -- C:\Users\Delwork\AppData\Local\ohoxh.bat
[2009.08.29 16:43:05 | 000,000,093 | ---- | C] () -- C:\Users\Delwork\AppData\Local\edsqigwv.bat
[2009.08.18 20:43:00 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\kawlbea.bat
[2009.07.27 15:18:52 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\wywymii.bat
[2009.07.18 17:26:20 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\cuaueaw.bat
[2009.07.16 17:25:43 | 000,000,090 | ---- | C] () -- C:\Users\Delwork\AppData\Local\saoyc.bat
[2009.07.14 17:24:48 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\egaiyyi.bat
[2009.01.23 22:47:34 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2008.12.30 19:37:38 | 000,000,680 | ---- | C] () -- C:\Users\Delwork\AppData\Local\d3d9caps.dat
[2008.12.30 15:59:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.10.31 20:12:41 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.05.18 17:41:35 | 000,000,016 | -H-- | C] () -- C:\Users\Delwork\AppData\Local\mxfilerelatedcache.mxc2
[2008.05.18 17:41:34 | 000,000,016 | -H-- | C] () -- C:\Users\Delwork\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.05.18 17:41:32 | 000,000,016 | -H-- | C] () -- C:\Users\Delwork\mxfilerelatedcache.mxc2
[2007.10.24 16:46:02 | 000,083,968 | ---- | C] () -- C:\Users\Delwork\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---

_________
___________
______________

Extra:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.03.2013 15:34:06 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Delwork\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,79% Memory free
4,21 Gb Paging File | 3,02 Gb Available in Paging File | 71,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,44 Gb Total Space | 0,53 Gb Free Space | 1,06% Space Free | Partition Type: NTFS
Drive D: | 22,62 Gb Total Space | 18,56 Gb Free Space | 82,05% Space Free | Partition Type: NTFS
 
Computer Name: DELWORK-PC | User Name: Delwork | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-268639378-705954818-2566428265-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026477FD-9344-4C89-84AC-C159E2C746C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{11F03507-219E-45DA-A954-E45DFDEB4C32}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{19932BE9-4B05-45D7-A3AB-8DF24214A6A3}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{21254FF2-EF1E-4C37-99E4-5055F8A6E4DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{22E9D63B-0062-410B-8864-540FBD46E851}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2404FC67-90F8-4819-997B-4086DCB634FB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{276B6B82-01D8-41BF-9C46-BA192F326930}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2879184D-A773-4881-8C55-1E83C622FD2C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{2945AC66-1809-4E98-998D-09CA86A6729B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2E390DD4-1D69-41AF-A5B7-173CC85C553C}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{3B17F46A-3218-4A58-B422-69B3862D7A51}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{437E97C4-76E8-43CF-ADE1-B9C9B1B42795}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4B0E5D57-355C-4002-9A41-F8087F18DB68}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{597CB49B-3AEB-41E9-AFBC-1CE5B1C52986}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5AD04576-4AEC-408C-85C5-50837C07B53E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{5C9CB5DB-B948-48C8-93C3-00A712F4CFD4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{600FE90A-0805-4D3D-A60A-D2E2BB97C391}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{60FADAD0-39ED-4C8A-B43E-9B6E53CC9BE8}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{63C3284F-6142-4B79-9F79-689BB05DBB00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71B11307-881C-4685-8628-8AE9833AA5B4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{740BDAB6-765E-4DED-B08E-83D918EA546B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7B64C758-EBF3-4B50-8B2A-D78736CC2581}" = lport=443 | protocol=6 | dir=in | name=http-port | 
"{7F0CBF08-2B83-4038-B776-14E6C04D2BA9}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{939CD7CE-CB55-4EF4-AF76-DBE333F45FD2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A43DBE10-8105-4D4F-9539-38610004F11E}" = lport=37335 | protocol=17 | dir=in | name=udp | 
"{B4603665-3460-462C-9950-AF0402EC87C0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BB1DA139-75FD-4835-94F8-298A7ADB50E2}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{BBCC1BF4-A4EF-48BC-B75C-14C8AA7DA701}" = lport=59185 | protocol=6 | dir=in | name=tcp | 
"{CFE1B2C2-E194-4945-A74F-2FA4E8E68391}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{D529253A-4F5D-4D79-8069-52A45DA22B77}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{D9BDF8BA-18A7-47DB-A3E5-E52014895B4E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E1D335E5-F827-4FAE-BFFC-CAD9DE9A0CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{E6FB9A84-2422-429C-8E1C-8FC516DA9469}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EBA02E0D-3B9F-481D-9CA5-D601E1AFDCFC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FF1B7836-3266-4902-AF01-A3C719EF8767}" = lport=139 | protocol=6 | dir=in | app=system | 
"TCP Query User{62AD041F-EDBD-485A-B7F4-13620B8B19D9}E:\program files\emule\emule.exe" = lport=4662 | protocol=6 | dir=in | app=e:\program files\emule\emule.exe | 
"UDP Query User{CEFAAE0B-60FA-41A7-8FB4-46482A5EBDED}E:\program files\emule\emule.exe" = lport=4672 | protocol=17 | dir=in | app=e:\program files\emule\emule.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058EF04D-383E-4815-A3CE-085A525CAB4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{096C59CF-3ACB-4AB6-A6E3-6DF2C5AC0641}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{11BA1B7E-7392-4384-BBDB-460A236949D6}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{193AC303-8716-45EA-8A30-892C32FF1054}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BB1EEF2-8E74-46E6-9D33-5541C14B6E7A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{1F1D51BA-B821-4244-AFDA-6C91CC2C8647}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{1FA946BE-0D64-4168-98F6-23C2216CB8B5}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{21171E2A-BF96-44A4-B2C8-89A5B46764DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{21D0092A-1DC3-447B-95DD-F8EB714A7224}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{387619AE-0526-40D2-9BEF-DF89B7F84903}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{39CE5047-A593-457D-87DA-4746979D131D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3F1A74DF-CF51-48F2-8151-2617582C6914}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{40F3E32D-6431-447D-806E-35B9A4DB9AEB}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{4158215C-D84A-494E-9CCA-224448AAABFD}" = protocol=6 | dir=in | app=c:\program files\elsterformular\2008-2009\elfostarter2008.exe | 
"{457495CB-90CD-4B04-A736-D9C01BA1A11A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{4688955A-D169-447F-9FA8-D17967E4E975}" = dir=in | app=f:\setup\hpznui01.exe | 
"{4D0914D6-CCF3-4A16-98DF-1CA81F081DAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{4D608DD1-814C-4A1E-8E74-95801968247C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{4D8AFB82-0E8A-4ED8-9AAA-814A3C95E5DC}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{50A5F723-BD94-4071-B392-C8CF8CF0F9E9}" = protocol=6 | dir=out | app=system | 
"{5E8ECF47-34C6-4DD5-ABA8-F5C9FD31A7F2}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{62D35404-0125-476B-A970-58D94F6D3AC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{6FE810B2-716D-45C5-93F1-026266F63323}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{7601928C-9AAC-4D97-B86E-8DC714ED7851}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{7FD349D6-22A2-4C19-82BF-D7133615252D}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{80E3A903-CDD0-43FE-BED4-D67301BC6967}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{8619D524-1D0A-4C2E-B9EB-940F5EFBCC8A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{86A78A9C-B8AE-4FB8-ACEE-C22639B28719}" = protocol=17 | dir=in | app=c:\program files\elsterformular\2008-2009\elfostarter2008.exe | 
"{8B392676-557C-4AB1-AC63-26ACEA7031EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8B72F124-9815-49DF-9DD7-3E1CF16AD121}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{8E1CB0B1-A72B-4B9B-80C4-B0BD2F68713F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{9028FBBC-3D44-4248-B9A9-90303E4334A7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{913F60E5-3D8C-4446-9A2D-E28D4A5CBC40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{94C1ECDF-832D-4ECA-B496-776B031F5BEC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{95BDFAFD-73C1-495F-AE68-078D7D0CEF61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{9B9EAFC2-E9EB-4D49-8A7D-EC2BE5018240}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{A0167C8D-0F5A-415B-B735-30B837F25BDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A0C0D82F-926F-4832-BA2C-85D1B19D5766}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0D8B9EB-E40A-4095-8DC0-B95E25D9920D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{A5570419-E1DF-429D-AC9C-8C115ADD18A5}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{A5A08149-57A9-4024-941A-F646D77D19A5}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{C096E889-0072-403C-B3B2-044E11B3FA58}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C5FC1F58-2DA2-4806-A5AE-A74745EF61E3}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{C9FB0624-525A-4B98-B491-0D9E097ED19F}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{D208AD64-01D1-46C2-A0E4-BC6922081448}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D637C40E-A666-4597-9394-37A67655E58D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{D810A035-F54A-4708-8B64-0213577F9D06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DCB11CDF-10E2-4315-ABBF-9A255A344F7C}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{DE2B56E2-5C9C-4C52-9D4B-2ACB992AF02A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4B197AE-359A-40A0-AEE6-C90DCAB56801}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{E7DCF390-17BE-4669-B25B-ADA7EBF419CE}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{F3C9250D-0DB7-4DA8-96BF-F86A14A86BB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7B10461-5146-41C0-903F-43049FB59C75}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7E1F270-0984-4531-A1E4-224D3347B557}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{F96EFEFB-B195-401E-9B65-AB442D8D6053}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"TCP Query User{08B067F6-2A72-424D-A244-1373C38F0840}E:\cryptload\cryptload1.1.8\routerclient.exe" = protocol=6 | dir=in | app=e:\cryptload\cryptload1.1.8\routerclient.exe | 
"TCP Query User{53D99B72-9949-4C98-8B0A-303695B08AFA}C:\program files\radioripper\radioripper.exe" = protocol=6 | dir=in | app=c:\program files\radioripper\radioripper.exe | 
"TCP Query User{8984D283-6767-4649-83C4-CFC91DF376B7}E:\cryptload\cryptload1.1.8\routerclient.exe" = protocol=6 | dir=in | app=e:\cryptload\cryptload1.1.8\routerclient.exe | 
"TCP Query User{914EFA76-1314-4CB0-8822-2695A8CC38E7}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{A8379F35-1EF0-431F-94AC-C26640B48D94}E:\emule software\emule\emule.exe" = protocol=6 | dir=in | app=e:\emule software\emule\emule.exe | 
"TCP Query User{DEF5F729-E5A2-4A67-90C8-FF760BD7CF19}E:\program files\emule\emule.exe" = protocol=6 | dir=in | app=e:\program files\emule\emule.exe | 
"TCP Query User{EC54D089-A714-4DCD-A63C-C0F9FFD89F01}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{21230279-23AB-41FC-8BDB-DD33D9C58213}E:\cryptload\cryptload1.1.8\routerclient.exe" = protocol=17 | dir=in | app=e:\cryptload\cryptload1.1.8\routerclient.exe | 
"UDP Query User{47A1AB8B-6E69-4E23-B908-BB1F4040950A}C:\program files\radioripper\radioripper.exe" = protocol=17 | dir=in | app=c:\program files\radioripper\radioripper.exe | 
"UDP Query User{4EB92364-1076-475B-AA7D-E77E3F83C1C9}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{90BC6965-53DF-466A-B10E-82E660B5B1E1}E:\emule software\emule\emule.exe" = protocol=17 | dir=in | app=e:\emule software\emule\emule.exe | 
"UDP Query User{BA330DBE-D993-4016-BE25-B3CE63A2A3C9}E:\cryptload\cryptload1.1.8\routerclient.exe" = protocol=17 | dir=in | app=e:\cryptload\cryptload1.1.8\routerclient.exe | 
"UDP Query User{CEA2B600-29A9-4944-8E1F-1AE15973302D}E:\program files\emule\emule.exe" = protocol=17 | dir=in | app=e:\program files\emule\emule.exe | 
"UDP Query User{D39948DD-95B3-4C09-907E-AEF8BCFC38F2}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22AE56FC-D99B-4A65-A4EE-4FD9DF1415E9}" = MP3Find pro v4.93
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EAF092E3-6B95-41E8-B468-94B85DAD8603}" = eDocPrinter PDF Pro Ver 6.38 
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CodInstl" = Intel A/V Codecs V2.0
"doPDF 5  printer_is1" = doPDF 5.2  printer
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.2.1 Home Edition
"egaiyyi" = Favorit
"EWE TEL-DSL" = EWE TEL-DSL-Installationsdateien entfernen
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.18.1005
"Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark Fax Solutions" = Lexmark Fax-Lösungen
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"novaPDF Pro v5_is1" = novaPDF Pro v5 (novaPDF Professional Desktop 5.5  printer)
"PDF Converter_is1" = PDF Converter 3.0
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"QcDrv" = Logitech® Camera-Treiber
"SQIEK" = SQIEK - Version 1.01
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 0.9.9
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinImage" = WinImage
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-268639378-705954818-2566428265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RadioRipper" = RadioRipper 1.1d BETA5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2012 13:35:33 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 10ac  Anfangszeit: 01cda31fc3832d40  Zeitpunkt
 der Beendigung: 16
 
Error - 05.10.2012 13:55:59 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 430  Anfangszeit: 01cda321e7cb02d6  Zeitpunkt
 der Beendigung: 19
 
Error - 12.10.2012 07:54:36 | Computer Name = Delwork-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LVPrcSrv.exe, Version 11.1.0.2021, Zeitstempel
 0x46a05f1a, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0xd1c, Anwendungsstartzeit
 01cda870587bed72.
 
Error - 19.10.2012 11:34:23 | Computer Name = Delwork-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.10.2012 13:06:30 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 6e0  Anfangszeit: 01cdadc848afcd37  Zeitpunkt
 der Beendigung: 112
 
Error - 22.10.2012 17:36:16 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 112c  Anfangszeit: 01cdb09d2202e71a  Zeitpunkt
 der Beendigung: 29
 
Error - 22.10.2012 17:42:24 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 474  Anfangszeit: 01cdb09dcff4525a  Zeitpunkt
 der Beendigung: 7
 
Error - 22.10.2012 17:43:06 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: ab8  Anfangszeit: 01cdb09e1faa5baa  Zeitpunkt
 der Beendigung: 8
 
Error - 30.10.2012 04:27:45 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 2610  Anfangszeit: 01cdb6745bc9b620  Zeitpunkt
 der Beendigung: 35
 
Error - 30.10.2012 04:28:34 | Computer Name = Delwork-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 279c  Anfangszeit: 01cdb67870127140  Zeitpunkt
 der Beendigung: 85
 
[ System Events ]
Error - 24.03.2013 07:26:27 | Computer Name = Delwork-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.03.2013 07:26:27 | Computer Name = Delwork-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.03.2013 07:26:27 | Computer Name = Delwork-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.03.2013 09:47:58 | Computer Name = Delwork-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker LexmarkFax nicht unter dem Namen
 LexmarkFax freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern
 im Netzwerk verwendet werden.
 
Error - 24.03.2013 09:47:58 | Computer Name = Delwork-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Lexmark 1200 Series nicht unter
 dem Namen Lexmark 1200 Series freigeben. Fehler: 2114. Der Drucker kann nicht von
 anderen Benutzern im Netzwerk verwendet werden.
 
Error - 24.03.2013 09:47:58 | Computer Name = Delwork-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker eDocPrinter PDF Pro nicht unter
 dem Namen eDocPrinter PDF Pro freigeben. Fehler: 2114. Der Drucker kann nicht von
 anderen Benutzern im Netzwerk verwendet werden.
 
Error - 24.03.2013 09:47:58 | Computer Name = Delwork-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Drag2PDF nicht unter dem Namen
 Drag2PDF freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern 
im Netzwerk verwendet werden.
 
Error - 24.03.2013 09:49:20 | Computer Name = Delwork-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.03.2013 09:49:20 | Computer Name = Delwork-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.03.2013 09:49:20 | Computer Name = Delwork-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

aharonov · 24.03.2013, 16:07

Hallo,

ist das ursprüngliche Problem verschwunden oder noch immer da?

DEL66 · 24.03.2013, 22:33

Hallo,

zu später Stunde:

das negative Internetverhalten ist komplett verschwunden.
Keine DoubleKlick-Banner
Netz läuft für einen Vista-Rechner mit 2 GB RAM wieder gut.
Er findet jetzt auch die Startseite ohne Probleme.

Fazit:
-Bin sehr dankbar über die Hilfe
-sehr gut nachvollziehbar
-vielen Dank.

**** Jetzt muss ich nur noch meine C&D Partitionen richtig zusammenfügen,
denn das hat mit EaseUS-Partitionsmanager nicht geklappt.
.... aber dazu werde ich ein neues "Thema" starten.

Grüße aus Delmenhorst

aharonov · 24.03.2013, 22:56

Hallo,

das tönt ja schon mal gut, aber wir sind noch nicht fertig!
Wir müssen noch eine Kontrolle machen und dein System etwas absichern:

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:OTL
[2009.09.22 12:31:45 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\ewogxph.bat
[2009.09.20 16:28:13 | 000,000,091 | ---- | C] () -- C:\Users\Delwork\AppData\Local\hclfab.bat
[2009.09.08 12:08:14 | 000,000,090 | ---- | C] () -- C:\Users\Delwork\AppData\Local\ohoxh.bat
[2009.08.29 16:43:05 | 000,000,093 | ---- | C] () -- C:\Users\Delwork\AppData\Local\edsqigwv.bat
[2009.08.18 20:43:00 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\kawlbea.bat
[2009.07.27 15:18:52 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\wywymii.bat
[2009.07.18 17:26:20 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\cuaueaw.bat
[2009.07.16 17:25:43 | 000,000,090 | ---- | C] () -- C:\Users\Delwork\AppData\Local\saoyc.bat
[2009.07.14 17:24:48 | 000,000,092 | ---- | C] () -- C:\Users\Delwork\AppData\Local\egaiyyi.bat
IE - HKU\S-1-5-21-268639378-705954818-2566428265-1000\..\SearchScopes\{4BDA9295-5B28-4567-929D-8F1F7442AD27}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848

:commands
[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Downloade dir bitte Malwarebytes Anti-Malware .

Installiere das Programm in den vorgegebenen Pfad.
Starte nun Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 4

Downloade dir bitte SecurityCheck (Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck

aharonov · 28.03.2013, 01:03

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

aharonov · 30.03.2013, 01:01

Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

24.03.2013, 13:44	#6
aharonov /// TB-Ausbilder	Meldung: tcbhn wurde beendet und geschlossen Hallo, fehlt nur noch das frische OTL-Log und dann geht's weiter. __________________ --> Meldung: tcbhn wurde beendet und geschlossen

24.03.2013, 16:07	#8
aharonov /// TB-Ausbilder	Meldung: tcbhn wurde beendet und geschlossen Hallo, ist das ursprüngliche Problem verschwunden oder noch immer da? __________________ cheers, Leo

Meldung: tcbhn wurde beendet und geschlossen

Plagegeister aller Art und deren Bekämpfung: Meldung: tcbhn wurde beendet und geschlossen