Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner lässt sich nicht entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 25.07.2013, 18:13   #1
Sauber2013
 
GVU Trojaner lässt sich nicht entfernen - Standard

GVU Trojaner lässt sich nicht entfernen



Hallo, habe den GVU Trojaner auf dem Rechner. Eines von 2 Nutzerkonten lässt sich aber Gott sei Dank normal hochfahren und nutzen; beim anderen Nutzerkonto kommt nach dem Booten der "Sperrbildschirm".
Wer kann mir eine Anleitung für die Bereinigung geben? Habe mich schon 1,5 Tage im Internet nach Möglichkeiten umgesehen, aber nichts gefunden. Spybot hilft nicht, Antivir auch nicht. Bin nicht Fachmann genug für das Ganze...
HIer die Logfiles von Farbar (FRST + ADDITION, OTL, EXTRAS, GMER




Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2013
Ran by cr (administrator) on 25-07-2013 15:25:52
Running from C:\Dokumente und Einstellungen\cr\Eigene Dateien
Microsoft Windows XP Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Smapp] - C:\Programme\Analog Devices\SoundMAX\SMTray.exe [98304 2002-11-09] (Analog Devices, Inc.)
HKLM\...\Run: [Mouse Suite 98 Daemon] - ICO.EXE [x]
HKLM\...\Run: [AVMWlanClient] - C:\Programme\avmwlanstick\wlangui.exe [1794048 2008-09-05] (AVM Berlin)
HKLM\...\Run: [avgnt] - C:\Programme\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SDTray] - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKU\ncc\...\Run: [ibmmessages] - C:\Programme\IBM\Messages By IBM\ibmmessages.exe [x]
HKU\ncc\...\Run: [MSMSGS] - "C:\Programme\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
HKU\ncc.IBM-081AD4FC1A3\...\Run: [] - [x]
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tab2
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.web.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {67CF1440-7876-41D2-8205-1387F7ADAC0C} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {13311806-A005-4843-835E-2A8090519353} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {21359D4B-C4E3-4E0E-AB0F-332EBD072EA2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {33057AFD-8E31-452F-B2B5-F6329943EB78} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {3F475770-2F59-4FFE-8846-C8BD255DFEAA} URL = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
SearchScopes: HKCU - {67CF1440-7876-41D2-8205-1387F7ADAC0C} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
SearchScopes: HKCU - {6904E9C0-2CF0-4383-A406-7FD6DF97ADA3} URL = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
SearchScopes: HKCU - {70C6408D-44EE-4507-B916-32A0F6821F4D} URL = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: WEB.DE Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO: WEB.DE Browser Configuration - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - WEB.DE Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM - No Name - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No File
Toolbar: HKCU -WEB.DE Toolbar - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU -Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} hxxp://picasaweb.google.com/s/v/47.13/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u20-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\cr\Anwendungsdaten\Mozilla\Firefox\Profiles\vizo16cl.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Default - C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [fe_9.0@nokia.com] C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664 2011-05-25] (Apple Inc.)
R2 AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [81920 2005-11-21] (AVM Berlin)
R2 AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [364544 2008-09-05] (AVM Berlin)
R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [349472 2011-04-06] (Apple Inc.)
S3 de_serv; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [315392 2005-11-21] (AVM Berlin)
S2 gupdate1c9b6925d592ad8; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-04-06] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-04-06] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-10-12] (Google)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation)
S3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [820520 2011-06-07] (Apple Inc.)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [129976 2012-06-10] (Mozilla Foundation)
R2 Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [935208 2010-05-18] (Nero AG)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
R2 Radio.fx; C:\Programme\Tobit Radio.fx\Server\rfx-server.exe [3673944 2011-11-18] ()
R2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [718888 2012-01-04] (Nokia)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
R2 SoundMAX Agent Service (default); C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-21] (Analog Devices, Inc.)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [770432 2013-06-27] (Enigma Software Group USA, LLC.)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
S2 winmgmt; C:\DOKUME~1\ALLUSE~1\ANWEND~1\b34btbztdb0vavaw.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S3 AR5523; C:\Windows\System32\DRIVERS\ar5523.sys [285568 2005-02-24] (Atheros Communications, Inc.)
S3 ATHFMWDL; C:\Windows\System32\Drivers\ATHFMWDL.sys [43392 2005-02-24] (Windows (R) 2000 DDK provider)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-08-31] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-06-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-06-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-06-14] (Avira Operations GmbH & Co. KG)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\avmcowan.sys [53248 2004-09-16] (AVM GmbH)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2008-09-05] (AVM Berlin)
R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [59520 2001-10-23] (AVM Berlin)
S3 CBTNDIS5; C:\WINDOWS\system32\CBTNDIS5.SYS [17142 2003-07-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [122368 2003-05-28] (Intel Corporation)
S3 esgiguard; C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 FUS2BASE; C:\Windows\System32\DRIVERS\fus2base.sys [502144 2003-06-18] (AVM Berlin)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2008-09-05] (AVM GmbH)
S3 FXUSBASE; C:\Windows\System32\DRIVERS\fxusbase.sys [547968 2004-09-16] (AVM Berlin)
S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [91419 2003-07-22] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-08-31] ()
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2011-11-01] (Nokia)
S3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2011-11-01] (Nokia)
R3 odysseyIM4; C:\Windows\System32\DRIVERS\odysseyIM4.sys [173056 2004-09-03] (Funk Software, Inc.)
R3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16384 2003-01-10] (Primax Electronics Ltd.)
R3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [9216 2003-02-11] (Primax Electronics Ltd.)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2007-02-18] (Padus, Inc.)
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2001-09-13] (Microsoft Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-14] (Avira GmbH)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [120062 2003-07-22] (Intel Corporation)
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [96858 2003-07-22] (Intel Corporation)
S3 cpuz132; \??\C:\DOKUME~1\NCC~1.IBM\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys [x]
U1 d3dswpuj; \??\C:\WINDOWS\system32\drivers\d3dswpuj.sys [x]
S3 NETFRITZ; system32\DRIVERS\NETFRITZ.SYS [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 14:51 - 2013-07-25 14:53 - 00033948 _____ C:\Dokumente und Einstellungen\cr\Eigene Dateien\Addition.txt
2013-07-25 14:49 - 2013-07-25 14:49 - 00000000 ____D C:\FRST
2013-07-25 14:48 - 2013-07-25 14:48 - 01220306 _____ (Farbar) C:\Dokumente und Einstellungen\cr\Eigene Dateien\FRST.exe
2013-07-25 09:18 - 2013-07-25 14:30 - 00000636 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-07-25 09:18 - 2013-07-25 09:18 - 00000608 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-07-25 09:18 - 2013-07-25 09:18 - 00000438 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-07-25 09:17 - 2013-07-25 14:24 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-07-25 09:16 - 2013-07-25 09:17 - 00000000 ____D C:\Programme\Spybot - Search & Destroy 2
2013-07-25 09:16 - 2013-07-25 09:16 - 00001811 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
2013-07-25 09:16 - 2009-01-25 13:14 - 00015224 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2013-07-25 00:49 - 2013-07-25 00:49 - 00000000 ____D C:\Dokumente und Einstellungen\cr\Anwendungsdaten\Mozilla
2013-07-24 21:12 - 2013-07-24 21:12 - 00001958 _____ C:\Dokumente und Einstellungen\cr\Desktop\SpyHunter.lnk
2013-07-24 21:12 - 2013-07-24 21:12 - 00000000 ____D C:\sh4ldr
2013-07-24 21:12 - 2013-07-24 21:12 - 00000000 ____D C:\Programme\Enigma Software Group
2013-07-24 21:12 - 2013-07-24 21:12 - 00000000 ____D C:\Dokumente und Einstellungen\cr\Startmenü\Programme\SpyHunter
2013-07-24 21:11 - 2013-07-24 21:12 - 00000000 ____D C:\WINDOWS\027B5748C40941FE949B7B81A8304EF4.TMP
2013-07-24 21:11 - 2013-07-24 21:11 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-07-24 21:04 - 2013-07-24 21:04 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Dokumente und Einstellungen\cr\Eigene Dateien\SpyHunter-Installer.exe
2013-07-24 16:36 - 2013-07-24 16:36 - 00000000 ____D C:\Dokumente und Einstellungen\cr\Anwendungsdaten\Avira
2013-07-24 16:28 - 2013-07-24 16:28 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-07-19 22:14 - 2013-07-19 22:14 - 00477856 _____ (Sourcefire, Inc.) C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\Desktop\ClamAVSetup.exe
2013-07-14 17:17 - 2013-07-21 23:05 - 00000000 ____D C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\Desktop\Flyer
2013-07-11 00:18 - 2013-07-11 00:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-11 00:17 - 2013-07-11 00:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-11 00:15 - 2013-07-11 00:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-11 00:14 - 2013-07-11 00:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-06-30 20:25 - 2013-06-30 20:25 - 08240651 _____ C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\Desktop\Fotos Einweihung klein.zip

==================== One Month Modified Files and Folders =======

2013-07-25 15:26 - 2011-02-11 21:11 - 00000414 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{59864E43-2CF6-4651-8FAF-291DEFA0C1D4}.job
2013-07-25 14:53 - 2013-07-25 14:51 - 00033948 _____ C:\Dokumente und Einstellungen\cr\Eigene Dateien\Addition.txt
2013-07-25 14:49 - 2013-07-25 14:49 - 00000000 ____D C:\FRST
2013-07-25 14:48 - 2013-07-25 14:48 - 01220306 _____ (Farbar) C:\Dokumente und Einstellungen\cr\Eigene Dateien\FRST.exe
2013-07-25 14:35 - 2012-05-12 14:22 - 02005889 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-25 14:30 - 2013-07-25 09:18 - 00000636 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-07-25 14:30 - 1980-01-01 09:00 - 00002500 _____ C:\WINDOWS\system32\wpa.dbl
2013-07-25 14:29 - 2012-09-25 18:01 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-07-25 14:29 - 2012-09-25 18:01 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-07-25 14:29 - 2010-04-09 13:19 - 00000340 _____ C:\WINDOWS\Tasks\WinMaximizer-ncc-Startup.job
2013-07-25 14:29 - 2003-02-24 18:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-25 14:26 - 2006-06-20 15:02 - 00000300 ___SH C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\ntuser.ini
2013-07-25 14:26 - 2006-06-20 15:02 - 00000000 ____D C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3
2013-07-25 14:24 - 2013-07-25 09:17 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-07-25 14:24 - 2012-09-06 09:30 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-07-25 13:24 - 2012-09-06 09:45 - 00000300 ___SH C:\Dokumente und Einstellungen\cr\ntuser.ini
2013-07-25 13:24 - 2012-09-06 09:45 - 00000000 ____D C:\Dokumente und Einstellungen\cr
2013-07-25 13:24 - 2003-02-24 18:47 - 00032098 _____ C:\WINDOWS\SchedLgU.Txt
2013-07-25 09:18 - 2013-07-25 09:18 - 00000608 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-07-25 09:18 - 2013-07-25 09:18 - 00000438 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-07-25 09:17 - 2013-07-25 09:16 - 00000000 ____D C:\Programme\Spybot - Search & Destroy 2
2013-07-25 09:16 - 2013-07-25 09:16 - 00001811 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
2013-07-25 09:16 - 2009-03-25 12:43 - 00000000 ____D C:\Programme\Spybot - Search & Destroy
2013-07-25 09:16 - 2003-02-24 18:33 - 00000000 ___RD C:\Programme
2013-07-25 09:16 - 2003-02-24 18:33 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Desktop
2013-07-25 00:49 - 2013-07-25 00:49 - 00000000 ____D C:\Dokumente und Einstellungen\cr\Anwendungsdaten\Mozilla
2013-07-25 00:05 - 2009-03-25 12:41 - 00000000 ____D C:\Programme\Google
2013-07-25 00:00 - 2009-04-02 10:45 - 00000000 ____D C:\Programme\gs
2013-07-24 23:58 - 2009-06-25 16:46 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-24 21:24 - 2012-09-06 09:45 - 00001610 _____ C:\Dokumente und Einstellungen\cr\Startmenü\Programme\Remoteunterstützung.lnk
2013-07-24 21:12 - 2013-07-24 21:12 - 00001958 _____ C:\Dokumente und Einstellungen\cr\Desktop\SpyHunter.lnk
2013-07-24 21:12 - 2013-07-24 21:12 - 00000000 ____D C:\sh4ldr
2013-07-24 21:12 - 2013-07-24 21:12 - 00000000 ____D C:\Programme\Enigma Software Group
2013-07-24 21:12 - 2013-07-24 21:12 - 00000000 ____D C:\Dokumente und Einstellungen\cr\Startmenü\Programme\SpyHunter
2013-07-24 21:12 - 2013-07-24 21:11 - 00000000 ____D C:\WINDOWS\027B5748C40941FE949B7B81A8304EF4.TMP
2013-07-24 21:12 - 2012-09-06 09:45 - 00000000 ___RD C:\Dokumente und Einstellungen\cr\Startmenü\Programme
2013-07-24 21:12 - 2012-09-06 09:45 - 00000000 ____D C:\Dokumente und Einstellungen\cr\Desktop
2013-07-24 21:11 - 2013-07-24 21:11 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-07-24 21:04 - 2013-07-24 21:04 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Dokumente und Einstellungen\cr\Eigene Dateien\SpyHunter-Installer.exe
2013-07-24 20:10 - 2010-12-15 01:36 - 00000665 _____ C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
2013-07-24 20:10 - 2009-03-25 12:42 - 00000000 ____D C:\Programme\CCleaner
2013-07-24 18:45 - 2011-06-05 15:20 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-07-24 16:36 - 2013-07-24 16:36 - 00000000 ____D C:\Dokumente und Einstellungen\cr\Anwendungsdaten\Avira
2013-07-24 16:36 - 2003-02-24 18:39 - 00000000 ____D C:\WINDOWS\Registration
2013-07-24 16:28 - 2013-07-24 16:28 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-07-23 22:25 - 2008-11-02 00:24 - 00000000 __SHD C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\UserData
2013-07-22 00:05 - 2008-11-02 00:18 - 00000000 ____D C:\Programme\PDFCreator
2013-07-21 23:05 - 2013-07-14 17:17 - 00000000 ____D C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\Desktop\Flyer
2013-07-20 23:28 - 2006-06-20 15:02 - 00000000 ____D C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\Desktop
2013-07-19 22:14 - 2013-07-19 22:14 - 00477856 _____ (Sourcefire, Inc.) C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\Desktop\ClamAVSetup.exe
2013-07-19 21:40 - 2003-02-24 18:33 - 01086156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-13 21:23 - 2006-08-23 19:12 - 00002509 _____ C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\Desktop\Word.lnk
2013-07-12 21:47 - 2009-07-08 17:53 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-12 21:47 - 2009-07-08 17:53 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-11 21:16 - 2004-09-03 06:30 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-11 20:36 - 2003-02-24 18:32 - 00177856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-11 00:18 - 2013-07-11 00:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-11 00:17 - 2013-07-11 00:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-11 00:15 - 2013-07-11 00:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-11 00:14 - 2013-07-11 00:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-10 23:58 - 2006-06-19 13:24 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-10 23:56 - 2010-04-11 23:22 - 00000000 ____D C:\WINDOWS\ie8updates
2013-07-10 23:50 - 2010-04-10 08:42 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-06-30 20:25 - 2013-06-30 20:25 - 08240651 _____ C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\Desktop\Fotos Einweihung klein.zip
2013-06-27 23:06 - 2013-06-23 13:28 - 00000444 _____ C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_ncc.job
2013-06-27 23:05 - 2013-06-23 13:28 - 00000438 _____ C:\WINDOWS\Tasks\ReclaimerUpdateFiles_ncc.job
2013-06-27 23:05 - 2013-06-23 13:28 - 00000434 _____ C:\WINDOWS\Tasks\ReclaimerUpdateXML_ncc.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-04 14:00] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e

C:\Windows\System32\winlogon.exe
[2004-08-04 14:00] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a

C:\Windows\System32\svchost.exe
[2004-08-04 14:00] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366

C:\Windows\System32\services.exe
[2004-08-04 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc

C:\Windows\System32\User32.dll
[2004-08-04 14:00] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd

C:\Windows\System32\userinit.exe
[2004-08-04 14:00] - [2008-04-14 04:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 14:00] - [2008-04-14 03:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d


==================== End Of Log ============================


OTL Extras logfile created on: 25.7.2013 17:03:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\cr\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

1014,98 Mb Total Physical Memory | 518,61 Mb Available Physical Memory | 51,10% Memory free
2,39 Gb Paging File | 1,89 Gb Available in Paging File | 79,29% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 125,84 Gb Total Space | 89,39 Gb Free Space | 71,03% Space Free | Partition Type: NTFS

Computer Name: IBM-KDPYR2K | User Name: cr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Programme\iMesh Applications\iMesh\iMesh.exe" = C:\Programme\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Support.com\Bin\tgcmd.exe" = C:\Programme\Support.com\Bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher -- (SupportSoft, Inc.)
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe" = C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\web_de_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\web_de_Update.exe:*:Enabled:WEB.DE Update
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe" = C:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate
"C:\Programme\Tobit Radio.fx\Server\rfx-server.exe" = C:\Programme\Tobit Radio.fx\Server\rfx-server.exe:*:Enabled:Radio.fx Server -- ()
"C:\Programme\Tobit Radio.fx\Client\rfx-client.exe" = C:\Programme\Tobit Radio.fx\Client\rfx-client.exe:*:Enabled:Radio.fx Client -- (Tobit.Software)
"C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OGIU86K2\SweetImSetup[1].exe" = C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OGIU86K2\SweetImSetup[1].exe:*:Enabled:SweetIM Installer
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabledienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Programme\iMesh Applications\iMesh\iMesh.exe" = C:\Programme\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\Anwendungsdaten\Spotify\spotify.exe" = C:\Dokumente und Einstellungen\ncc.IBM-081AD4FC1A3\Anwendungsdaten\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Programme\3CXPhone\3CXPhone.exe" = C:\Programme\3CXPhone\3CXPhone.exe:*:Enabled:3CXPhone -- (3CX Ltd)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Durchstarten mit Ponky - Deutsch 3+4"" = "Durchstarten mit Ponky - Deutsch 3+4"
""Durchstarten mit Ponky - Mathe 3+4"" = "Durchstarten mit Ponky - Mathe 3+4"
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{027B5748-C409-41FE-949B-7B81A8304EF4}" = SpyHunter
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0DF8FA4D-299C-4250-9F09-C14E47E12224}" = 3CXPhone
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor für Windows
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2D6BDF3A-6BDB-4169-909F-E882F23AB795}" = Camera Window
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38470B46-9BF1-40AE-A588-F6AD6D1C2D42}" = Free TV Radio
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{6041D07D-CBC6-4119-8C35-D95B77AD5FBA}" = InternetExplorer-WEB.DE-Addon
"{627673ff-f4ea-43fd-893d-28fc6176fb2d}" = Gigaset QuickSync
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit SDK for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{80380166-A872-4B78-B98A-33447A032BDF}" = ThinkCentre Wallpaper
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8F955718-248F-4E76-8975-768643A3C51C}" = 4Team Safe PST Backup Free Edition
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a2863573-bdc3-47f2-b251-ac8ed0442647}" = Nero 9 Essentials
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia Klavier-Schule
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = IBM Cleanup Utility
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6)
"911 Screensaver" = 911 Screensaver 1.0
"Access IBM Tools" = Access IBM Tools
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AudioCrusher_is1" = AudioCrusher
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = FRITZ!Box
"AVMWLANCLI" = AVM FRITZ!WLAN
"BearShare" = BearShare
"Cayenne Screensaver" = Cayenne Screensaver
"CCleaner" = CCleaner
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8)
"FreePDF_XP" = FreePDF (Remove only)
"FRITZ!DSL" = AVM FRITZ!DSL
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2D6BDF3A-6BDB-4169-909F-E882F23AB795}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit SDK for Java 2, v1.4.1
"IrfanView" = IrfanView (remove only)
"Lillebi" = Lillebi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"PhotoRecord" = Canon PhotoRecord
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SimpleScreenshot" = SimpleScreenshot 1.40
"ST5UNST #1" = Kaminfeuer Titanium Edition II
"Support.com" = Support.com Software
"T-Com Konfigurator Eumex 5520PC" = T-Com Konfigurator Eumex 5520PC
"Tobit Radio.fx Server 1" = WDR RadioRecorder
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"ZipStar 5" = ZipStar 5

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14.6.2013 13:52:47 | Computer Name = IBM-KDPYR2K | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung setuppending.exe, Version 13.6.0.778, fehlgeschlagenes
Modul msvcr100.dll, Version 10.0.40219.325, Fehleradresse 0x0008d6fd.

Error - 14.6.2013 13:54:39 | Computer Name = IBM-KDPYR2K | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .

Error - 14.6.2013 13:54:39 | Computer Name = IBM-KDPYR2K | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .

Error - 25.7.2013 03:01:05 | Computer Name = IBM-KDPYR2K | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.

[ System Events ]
Error - 25.7.2013 08:49:49 | Computer Name = IBM-KDPYR2K | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 25.7.2013 08:50:19 | Computer Name = IBM-KDPYR2K | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 25.7.2013 08:50:49 | Computer Name = IBM-KDPYR2K | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 25.7.2013 08:51:20 | Computer Name = IBM-KDPYR2K | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 25.7.2013 08:51:50 | Computer Name = IBM-KDPYR2K | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 25.7.2013 08:52:20 | Computer Name = IBM-KDPYR2K | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 25.7.2013 08:52:50 | Computer Name = IBM-KDPYR2K | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 25.7.2013 08:53:20 | Computer Name = IBM-KDPYR2K | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 25.7.2013 09:26:22 | Computer Name = IBM-KDPYR2K | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 25.7.2013 10:05:58 | Computer Name = IBM-KDPYR2K | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


< End of report >




OTL logfile created on: 25.7.2013 18:04:59 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\cr\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

1014,98 Mb Total Physical Memory | 486,76 Mb Available Physical Memory | 47,96% Memory free
2,39 Gb Paging File | 1,86 Gb Available in Paging File | 77,98% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 125,84 Gb Total Space | 89,39 Gb Free Space | 71,03% Space Free | Partition Type: NTFS

Computer Name: IBM-KDPYR2K | User Name: cr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.25 17:02:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\cr\Eigene Dateien\Downloads\OTL.exe
PRC - [2013.07.02 07:02:47 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.07.02 07:00:24 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.07.02 07:00:03 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.07.02 07:00:02 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.27 23:48:00 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.09.19 13:46:36 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2011.11.18 15:51:12 | 003,673,944 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2011.05.25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.09.05 02:01:00 | 001,794,048 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2003.11.20 23:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003.11.07 04:24:32 | 000,131,072 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2003.11.07 00:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
PRC - [2002.11.09 00:50:32 | 000,098,304 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002.09.21 01:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013.06.14 19:46:40 | 000,397,704 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.12.18 16:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.08.23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012.04.03 17:06:14 | 000,565,640 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\av\BDSmartDB.dll
MOD - [2011.12.10 05:00:34 | 001,431,120 | ---- | M] () -- C:\WINDOWS\system32\ieconfig_1und1.dll
MOD - [2011.11.18 15:51:12 | 003,673,944 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe
MOD - [2011.05.19 20:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Programme\Spybot - Search & Destroy 2\av\avxdisk.dll
MOD - [2010.06.17 21:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2003.11.07 00:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\b34btbztdb0vavaw.exe -- (winmgmt)
SRV - File not found [Auto | Stopped] -- C:\Programme\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDScannerService)
SRV - [2013.07.02 07:02:47 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.07.02 07:00:03 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.27 23:48:00 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012.09.19 13:46:36 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.10 21:41:03 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.11.18 15:51:12 | 003,673,944 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.05.25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.11.21 10:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.09.21 01:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETFRITZ.SYS -- (NETFRITZ)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\d3dswpuj.sys -- (d3dswpuj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\NCC~1.IBM\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.06.14 19:47:37 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.06.14 19:47:37 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.06.14 19:47:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.06.14 19:47:37 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.10.08 14:09:34 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB)
DRV - [2012.08.31 17:24:55 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.08.31 17:24:53 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012.06.22 12:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2012.01.18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011.05.06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2008.09.05 02:01:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.09.05 02:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.02.18 14:36:03 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005.02.24 23:38:30 | 000,285,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
DRV - [2005.02.24 08:42:26 | 000,043,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL)
DRV - [2004.09.16 02:00:00 | 000,547,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE)
DRV - [2004.09.16 02:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2004.09.03 16:38:16 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2003.07.16 23:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003.06.18 02:00:00 | 000,502,144 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fus2base.sys -- (FUS2BASE)
DRV - [2003.02.11 22:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003.01.10 22:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001.10.23 01:00:00 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{4FF23BF6-0DAD-4DA3-89AC-E262EEBD7E45}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\.DEFAULT\..\SearchScopes\{61D61887-E8DB-41B1-934B-34D481B79B77}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{9AF15490-41C6-4303-B23A-1F54A60DB581}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{CAC5E3D8-B1CC-4122-BAEC-7B4DA6BC95BD}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.2.1

IE - HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Default User\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\ncc\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\ncc.IBM-081AD4FC1A3\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKU\ncc.IBM-081AD4FC1A3\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKU\ncc.IBM-081AD4FC1A3\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\ncc.IBM-081AD4FC1A3\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\ncc.IBM-081AD4FC1A3\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\ncc.IBM-081AD4FC1A3\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\ncc.IBM-081AD4FC1A3\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
IE - HKU\ncc.IBM-081AD4FC1A3\..\SearchScopes,DefaultScope = {5A90DDBA-05B8-4689-A5D5-F209DD8B4D62}
IE - HKU\ncc.IBM-081AD4FC1A3\..\SearchScopes\{5A90DDBA-05B8-4689-A5D5-F209DD8B4D62}: "URL" = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
IE - HKU\ncc.IBM-081AD4FC1A3\..\SearchScopes\{7405276D-84DD-4e5e-8463-3BB93C706F72}: "URL" = hxxp://go.web.de/suchbox/wikipedia?su={searchTerms}
IE - HKU\ncc.IBM-081AD4FC1A3\..\SearchScopes\{96DEA305-33AB-4BFF-A2E3-3D9BD23472E0}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\ncc.IBM-081AD4FC1A3\..\SearchScopes\{ABD852A8-D67E-48B0-9BBB-8AB1F4129692}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKU\ncc.IBM-081AD4FC1A3\..\SearchScopes\{B3A3D87F-EEBF-420e-AB6F-E43415020DF7}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}
IE - HKU\ncc.IBM-081AD4FC1A3\..\SearchScopes\{F4D95905-F2C5-4658-902F-A6ABB8E4FE76}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKU\ncc.IBM-081AD4FC1A3\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{4FF23BF6-0DAD-4DA3-89AC-E262EEBD7E45}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-18\..\SearchScopes\{61D61887-E8DB-41B1-934B-34D481B79B77}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{9AF15490-41C6-4303-B23A-1F54A60DB581}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{CAC5E3D8-B1CC-4122-BAEC-7B4DA6BC95BD}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.2.1

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.web.de [binary data]
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tab2
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes,DefaultScope = {67CF1440-7876-41D2-8205-1387F7ADAC0C}
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{13311806-A005-4843-835E-2A8090519353}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{21359D4B-C4E3-4E0E-AB0F-332EBD072EA2}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{33057AFD-8E31-452F-B2B5-F6329943EB78}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{3F475770-2F59-4FFE-8846-C8BD255DFEAA}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{67CF1440-7876-41D2-8205-1387F7ADAC0C}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{6904E9C0-2CF0-4383-A406-7FD6DF97ADA3}: "URL" = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{70C6408D-44EE-4507-B916-32A0F6821F4D}: "URL" = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.02.26 19:45:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.12.22 15:51:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.26 19:45:31 | 000,000,000 | ---D | M]

[2013.07.25 00:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\cr\Anwendungsdaten\Mozilla\Extensions
[2012.08.24 18:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.10 21:41:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.03.25 12:50:18 | 000,249,967 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8710 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\ncc\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\ncc.IBM-081AD4FC1A3\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\ncc.IBM-081AD4FC1A3\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\ncc.IBM-081AD4FC1A3\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKU\ncc.IBM-081AD4FC1A3\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O3 - HKU\ncc.IBM-081AD4FC1A3\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKU\ncc..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe File not found
O4 - HKU\ncc.IBM-081AD4FC1A3..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Default User\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ncc\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ncc.IBM-081AD4FC1A3\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\ncc.IBM-081AD4FC1A3\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\ncc.IBM-081AD4FC1A3\..Trusted Ranges: Range78 ([*] in Lokales Intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} hxxp://picasaweb.google.com/s/v/47.13/uploader2.cab (UploadListView Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225578348529 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Java Plug-in 1.4.1 <applet> redirector)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64C4751A-4A3B-4A20-8C8F-1719B00A53ED}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.16 20:17:56 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.07.25 14:49:04 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.25 14:48:32 | 001,220,306 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\cr\Eigene Dateien\FRST.exe
[2013.07.25 13:22:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\cr\Recent
[2013.07.25 09:16:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2013.07.25 09:16:53 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013.07.25 09:16:44 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[2013.07.25 09:13:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\cr\Eigene Dateien\Downloads
[2013.07.25 00:49:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\cr\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2013.07.25 00:49:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\cr\Anwendungsdaten\Mozilla
[2013.07.24 21:12:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\cr\Startmenü\Programme\SpyHunter
[2013.07.24 21:12:33 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.07.24 21:12:33 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2013.07.24 21:11:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2013.07.24 21:04:54 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\cr\Eigene Dateien\SpyHunter-Installer.exe
[2013.07.24 16:36:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\cr\Anwendungsdaten\Avira
[2008.11.03 20:03:26 | 000,357,936 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RealPlayer11GOLD_de.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.25 18:06:00 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{59864E43-2CF6-4651-8FAF-291DEFA0C1D4}.job
[2013.07.25 16:59:01 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\cr\defogger_reenable
[2013.07.25 14:48:45 | 001,220,306 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\cr\Eigene Dateien\FRST.exe
[2013.07.25 14:30:38 | 000,002,500 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.07.25 14:30:01 | 000,000,636 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.07.25 14:29:50 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\WinMaximizer-ncc-Startup.job
[2013.07.25 14:29:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.07.25 14:29:22 | 1064,357,888 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.25 09:18:08 | 000,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.07.25 09:18:08 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.07.25 09:16:59 | 000,001,811 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013.07.24 21:12:38 | 000,001,958 | ---- | M] () -- C:\Dokumente und Einstellungen\cr\Desktop\SpyHunter.lnk
[2013.07.24 21:04:58 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\cr\Eigene Dateien\SpyHunter-Installer.exe
[2013.07.24 20:10:34 | 000,000,665 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2013.07.24 16:28:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.07.19 21:40:08 | 000,464,978 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.07.19 21:40:08 | 000,445,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.07.19 21:40:08 | 000,086,824 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.07.19 21:40:08 | 000,073,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.07.12 21:47:04 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.12 21:47:03 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.11 20:36:58 | 000,177,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.06.27 23:06:01 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_ncc.job
[2013.06.27 23:05:57 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_ncc.job
[2013.06.27 23:05:51 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_ncc.job
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.07.25 16:59:01 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\cr\defogger_reenable
[2013.07.25 14:25:04 | 1064,357,888 | -HS- | C] () -- C:\hiberfil.sys
[2013.07.25 09:18:07 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.07.25 09:18:06 | 000,000,636 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.07.25 09:18:06 | 000,000,608 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.07.25 09:16:59 | 000,001,817 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2013.07.25 09:16:59 | 000,001,811 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013.07.24 21:12:38 | 000,001,958 | ---- | C] () -- C:\Dokumente und Einstellungen\cr\Desktop\SpyHunter.lnk
[2013.07.24 16:28:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.09.28 11:31:16 | 000,000,041 | ---- | C] () -- C:\WINDOWS\DurchstartenM34.ini
[2012.09.25 18:13:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2012.09.12 12:56:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2012.09.12 12:56:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2012.09.07 14:02:33 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\cr\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 14:00:27 | 000,000,220 | ---- | C] () -- C:\Dokumente und Einstellungen\cr\Anwendungsdaten\default.rss
[2012.08.31 17:24:54 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2012.08.31 17:24:53 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\WINDOWS\System32\ESGScanner.sys
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\EsgScanner.sys
[2012.05.12 11:40:33 | 000,000,106 | ---- | C] () -- C:\WINDOWS\XGUSB.INI
[2012.05.10 23:18:07 | 000,000,308 | ---- | C] () -- C:\WINDOWS\KM1gPref.ini
[2012.04.09 10:24:13 | 000,000,043 | ---- | C] () -- C:\WINDOWS\DurchstartenD34.ini
[2012.02.17 16:48:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.10 05:00:34 | 001,431,120 | ---- | C] () -- C:\WINDOWS\System32\ieconfig_1und1.dll
[2011.11.27 11:44:15 | 000,023,544 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.11.17 03:40:38 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011.11.07 22:48:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008.11.02 12:41:58 | 000,119,064 | ---- | C] () -- C:\Programme\IE7Setup.exe
[2008.11.02 01:00:26 | 000,002,908 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.08.26 18:45:14 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

========== ZeroAccess Check ==========

[2004.09.03 06:30:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.08.20 07:08:54 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >




GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-25 18:48:57
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Maxtor_6Y160M0 rev.YAR51EW0 128,00GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\cr\LOKALE~1\Temp\pwddaaog.sys


---- System - GMER 2.1 ----

SSDT F7EB8F14 ZwClose
SSDT F7EB8ECE ZwCreateKey
SSDT F7EB8F1E ZwCreateSection
SSDT F7EB8EC4 ZwCreateThread
SSDT F7EB8ED3 ZwDeleteKey
SSDT F7EB8EDD ZwDeleteValueKey
SSDT F7EB8F0F ZwDuplicateObject
SSDT F7EB8EE2 ZwLoadKey
SSDT F7EB8EB0 ZwOpenProcess
SSDT F7EB8EB5 ZwOpenThread
SSDT F7EB8F37 ZwQueryValueKey
SSDT F7EB8EEC ZwReplaceKey
SSDT F7EB8F28 ZwRequestWaitReplyPort
SSDT F7EB8EE7 ZwRestoreKey
SSDT F7EB8F23 ZwSetContextThread
SSDT F7EB8F2D ZwSetSecurityObject
SSDT F7EB8ED8 ZwSetValueKey
SSDT F7EB8F32 ZwSystemDebugControl
SSDT F7EB8EBF ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xEE277300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7B91300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text C:\Programme\Tobit Radio.fx\Server\rfx-server.exe[432] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes JMP 00641870 C:\Programme\Tobit Radio.fx\Server\rfx-server.exe
.text C:\Programme\Mozilla Firefox\plugin-container.exe[2520] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10454822 C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\plugin-container.exe[2520] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10454DD6 C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[3196] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0121C930 C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[3196] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0144E0AA C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[3196] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0144E083 C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[3196] GDI32.dll!CreateDIBSection 77EF9E19 5 Bytes JMP 0144E00D C:\Programme\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{89CE52C7-1E81-BA8E-1EC7-B7D1DDBBEE83}\InprocServer32@ C:\WINDOWS\system32\Shell32.dll

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Alt 25.07.2013, 18:23   #2
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner lässt sich nicht entfernen - Standard

GVU Trojaner lässt sich nicht entfernen



Hi,

scanne mit OTL nochmal, setz aber nen Haken bei Scanne alle Benutzer.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 26.07.2013, 14:44   #3
Sauber2013
 
GVU Trojaner lässt sich nicht entfernen - Standard

GVU Trojaner lässt sich nicht entfernen



Bitte sehr, Haken auf "Alle Benutzer",
Gruß




Code:
ATTFilter
OTL logfile created on: 26.7.2013 14:09:24 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\cr\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
 
1014,98 Mb Total Physical Memory | 509,57 Mb Available Physical Memory | 50,20% Memory free
2,39 Gb Paging File | 1,89 Gb Available in Paging File | 79,15% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 125,84 Gb Total Space | 89,38 Gb Free Space | 71,02% Space Free | Partition Type: NTFS
Drive F: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,18% Space Free | Partition Type: FAT
 
Computer Name: IBM-KDPYR2K | User Name: cr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.25 17:02:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\cr\Eigene Dateien\Downloads\OTL.exe
PRC - [2013.07.02 07:02:47 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.07.02 07:00:24 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.07.02 07:00:03 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.07.02 07:00:02 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.27 23:48:00 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.09.19 13:46:36 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012.06.10 21:41:02 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.11.18 15:51:12 | 003,673,944 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2011.05.25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.09.05 02:01:00 | 001,794,048 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2003.11.20 23:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003.11.07 04:24:32 | 000,131,072 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2003.11.07 00:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
PRC - [2002.11.09 00:50:32 | 000,098,304 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002.09.21 01:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.14 19:46:40 | 000,397,704 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.12.18 16:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.08.23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012.06.10 21:41:01 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.04.03 17:06:14 | 000,565,640 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\av\BDSmartDB.dll
MOD - [2011.12.10 05:00:34 | 001,431,120 | ---- | M] () -- C:\WINDOWS\system32\ieconfig_1und1.dll
MOD - [2011.11.18 15:51:12 | 003,673,944 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe
MOD - [2011.05.19 20:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Programme\Spybot - Search & Destroy 2\av\avxdisk.dll
MOD - [2010.06.17 21:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2003.11.07 00:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\b34btbztdb0vavaw.exe -- (winmgmt)
SRV - File not found [Auto | Stopped] -- C:\Programme\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDScannerService)
SRV - [2013.07.02 07:02:47 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.07.02 07:00:03 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.27 23:48:00 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012.09.19 13:46:36 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.10 21:41:03 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.11.18 15:51:12 | 003,673,944 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.05.25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.11.21 10:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.09.21 01:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETFRITZ.SYS -- (NETFRITZ)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\d3dswpuj.sys -- (d3dswpuj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\NCC~1.IBM\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013.06.14 19:47:37 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.06.14 19:47:37 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.06.14 19:47:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.06.14 19:47:37 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.10.08 14:09:34 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB)
DRV - [2012.08.31 17:24:55 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.08.31 17:24:53 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012.06.22 12:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2012.01.18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011.05.06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2008.09.05 02:01:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.09.05 02:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.02.18 14:36:03 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005.02.24 23:38:30 | 000,285,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
DRV - [2005.02.24 08:42:26 | 000,043,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL)
DRV - [2004.09.16 02:00:00 | 000,547,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE)
DRV - [2004.09.16 02:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2004.09.03 16:38:16 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2003.07.16 23:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003.06.18 02:00:00 | 000,502,144 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fus2base.sys -- (FUS2BASE)
DRV - [2003.02.11 22:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003.01.10 22:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001.10.23 01:00:00 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{4FF23BF6-0DAD-4DA3-89AC-E262EEBD7E45}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\.DEFAULT\..\SearchScopes\{61D61887-E8DB-41B1-934B-34D481B79B77}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{9AF15490-41C6-4303-B23A-1F54A60DB581}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{CAC5E3D8-B1CC-4122-BAEC-7B4DA6BC95BD}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.2.1
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{4FF23BF6-0DAD-4DA3-89AC-E262EEBD7E45}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-18\..\SearchScopes\{61D61887-E8DB-41B1-934B-34D481B79B77}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{9AF15490-41C6-4303-B23A-1F54A60DB581}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{CAC5E3D8-B1CC-4122-BAEC-7B4DA6BC95BD}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.2.1
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.web.de [binary data]
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tab2
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes,DefaultScope = {67CF1440-7876-41D2-8205-1387F7ADAC0C}
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{13311806-A005-4843-835E-2A8090519353}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{21359D4B-C4E3-4E0E-AB0F-332EBD072EA2}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{33057AFD-8E31-452F-B2B5-F6329943EB78}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{3F475770-2F59-4FFE-8846-C8BD255DFEAA}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{67CF1440-7876-41D2-8205-1387F7ADAC0C}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{6904E9C0-2CF0-4383-A406-7FD6DF97ADA3}: "URL" = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\SearchScopes\{70C6408D-44EE-4507-B916-32A0F6821F4D}: "URL" = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.02.26 19:45:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.12.22 15:51:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.26 19:45:31 | 000,000,000 | ---D | M]
 
[2013.07.25 00:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\cr\Anwendungsdaten\Mozilla\Extensions
[2012.08.24 18:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.10 21:41:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.03.25 12:50:18 | 000,249,967 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 8710 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3977644346-3476475875-1356669329-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} hxxp://picasaweb.google.com/s/v/47.13/uploader2.cab (UploadListView Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225578348529 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Java Plug-in 1.4.1 <applet> redirector)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64C4751A-4A3B-4A20-8C8F-1719B00A53ED}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.16 20:17:56 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.26 10:57:27 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\cr\Recent
[2013.07.25 14:49:04 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.25 14:48:32 | 001,220,306 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\cr\Eigene Dateien\FRST.exe
[2013.07.25 09:16:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2013.07.25 09:16:53 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013.07.25 09:16:44 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[2013.07.25 09:13:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\cr\Eigene Dateien\Downloads
[2013.07.25 00:49:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\cr\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2013.07.25 00:49:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\cr\Anwendungsdaten\Mozilla
[2013.07.24 21:12:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\cr\Startmenü\Programme\SpyHunter
[2013.07.24 21:12:33 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.07.24 21:12:33 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2013.07.24 21:11:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2013.07.24 21:04:54 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\cr\Eigene Dateien\SpyHunter-Installer.exe
[2013.07.24 16:36:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\cr\Anwendungsdaten\Avira
[2008.11.03 20:03:26 | 000,357,936 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RealPlayer11GOLD_de.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.26 14:04:01 | 000,002,500 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.07.26 14:03:22 | 000,000,636 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.07.26 14:03:10 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\WinMaximizer-ncc-Startup.job
[2013.07.26 14:02:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.07.26 14:02:54 | 1064,357,888 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.26 11:14:49 | 000,004,608 | ---- | M] () -- C:\Dokumente und Einstellungen\cr\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.26 10:53:40 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{59864E43-2CF6-4651-8FAF-291DEFA0C1D4}.job
[2013.07.25 16:59:01 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\cr\defogger_reenable
[2013.07.25 14:48:45 | 001,220,306 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\cr\Eigene Dateien\FRST.exe
[2013.07.25 09:18:08 | 000,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.07.25 09:18:08 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.07.25 09:16:59 | 000,001,811 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013.07.24 21:12:38 | 000,001,958 | ---- | M] () -- C:\Dokumente und Einstellungen\cr\Desktop\SpyHunter.lnk
[2013.07.24 21:04:58 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\cr\Eigene Dateien\SpyHunter-Installer.exe
[2013.07.24 20:10:34 | 000,000,665 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2013.07.24 16:28:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.07.19 21:40:08 | 000,464,978 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.07.19 21:40:08 | 000,445,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.07.19 21:40:08 | 000,086,824 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.07.19 21:40:08 | 000,073,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.07.12 21:47:04 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.12 21:47:03 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.11 20:36:58 | 000,177,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.06.27 23:06:01 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_ncc.job
[2013.06.27 23:05:57 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_ncc.job
[2013.06.27 23:05:51 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_ncc.job
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.26 13:59:23 | 1064,357,888 | -HS- | C] () -- C:\hiberfil.sys
[2013.07.25 16:59:01 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\cr\defogger_reenable
[2013.07.25 09:18:07 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.07.25 09:18:06 | 000,000,636 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.07.25 09:18:06 | 000,000,608 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.07.25 09:16:59 | 000,001,817 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2013.07.25 09:16:59 | 000,001,811 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013.07.24 21:12:38 | 000,001,958 | ---- | C] () -- C:\Dokumente und Einstellungen\cr\Desktop\SpyHunter.lnk
[2013.07.24 16:28:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.09.28 11:31:16 | 000,000,041 | ---- | C] () -- C:\WINDOWS\DurchstartenM34.ini
[2012.09.25 18:13:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2012.09.12 12:56:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2012.09.12 12:56:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2012.09.07 14:02:33 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\cr\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 14:00:27 | 000,000,220 | ---- | C] () -- C:\Dokumente und Einstellungen\cr\Anwendungsdaten\default.rss
[2012.08.31 17:24:54 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2012.08.31 17:24:53 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\WINDOWS\System32\ESGScanner.sys
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\EsgScanner.sys
[2012.05.12 11:40:33 | 000,000,106 | ---- | C] () -- C:\WINDOWS\XGUSB.INI
[2012.05.10 23:18:07 | 000,000,308 | ---- | C] () -- C:\WINDOWS\KM1gPref.ini
[2012.04.09 10:24:13 | 000,000,043 | ---- | C] () -- C:\WINDOWS\DurchstartenD34.ini
[2012.02.17 16:48:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.10 05:00:34 | 001,431,120 | ---- | C] () -- C:\WINDOWS\System32\ieconfig_1und1.dll
[2011.11.27 11:44:15 | 000,023,544 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.11.17 03:40:38 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011.11.07 22:48:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008.11.02 12:41:58 | 000,119,064 | ---- | C] () -- C:\Programme\IE7Setup.exe
[2008.11.02 01:00:26 | 000,002,908 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.08.26 18:45:14 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
 
========== ZeroAccess Check ==========
 
[2004.09.03 06:30:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.08.20 07:08:54 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
__________________

Alt 27.07.2013, 10:24   #4
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner lässt sich nicht entfernen - Standard

GVU Trojaner lässt sich nicht entfernen



Sorry für die Verspätung, liege flach mit Grippe und Fieber.

OTL zeigt den Startpunkt nicht, wir müssen von aussen ran.

Falls Du kein Brennprogramm installiert hast, lade
dir bitte ISOBurner herunter.
Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen.
Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
    Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von mit der OTLPE CD.
Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.07.2013, 16:36   #5
Sauber2013
 
GVU Trojaner lässt sich nicht entfernen - Standard

GVU Trojaner lässt sich nicht entfernen



Hi Schrauber,
danke für Deine Hilfe bis hierhin + gute Besserung!
Mein interner CD-Brenner und auch der externe brennen seit einiger Zeit nicht mehr; hat vielleicht auch etwas mit dem Trojaner zu tun ?!? Werde das OTL-Tool auf einem anderen Rechner im Büro auf CD brennen und dann gehts erst weiter... Melde mich dann wieder.
Gruß Sauber 2013


Alt 28.07.2013, 17:02   #6
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner lässt sich nicht entfernen - Standard

GVU Trojaner lässt sich nicht entfernen



ok
__________________
--> GVU Trojaner lässt sich nicht entfernen

Alt 01.08.2013, 09:42   #7
Sauber2013
 
GVU Trojaner lässt sich nicht entfernen - Standard

GVU Trojaner lässt sich nicht entfernen



Hi Schrauber, bekomme die CD momentan nicht gebrannt. Mein externer Brenner ist kaputt, und auf meinem Rechner am Arbeitsplatz ist kein Brenner, nur ein Player. Nach Updates von Spybot und Antivir von gestern und komplettem System-Scan ist der Trojaner jetzt erstmal deaktiviert (gelöscht?) und der Rechner startet wieder ganz normal, der Sperrbildschirm ist weg. Sollte der OTLPscan denn trotzdem bei nächster Gelegenheit mal durchgeführt werden? Fest steht, dass es auf meinem Rechner noch mehr Themen zu beheben gibt -in den Prozessen im Task-Manager sind einige Dinge, die da wohl nicht hingehören, aber das ist wohl ein anderes Thema ?!? gruß Sauber2013

Alt 01.08.2013, 11:43   #8
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner lässt sich nicht entfernen - Standard

GVU Trojaner lässt sich nicht entfernen



Wenn der Rechner normal bootet machen wir so weiter:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu GVU Trojaner lässt sich nicht entfernen
antivir, avira, bonjour, booten, canon, desktop, dsl, entfernen, error, esgscanner.sys, farbar, farbar recovery scan tool, flash player, helper, homepage, iexplore.exe, installation, internet, intranet, konfigurator, lässt sich nicht entfernen, mozilla, ntdll.dll, object, origin, plug-in, refresh, registry, rundll, safer networking, security, software, stick, trojaner, usb, windows, windows xp




Ähnliche Themen: GVU Trojaner lässt sich nicht entfernen


  1. Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (9)
  2. Windows XP: Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 12.05.2014 (10)
  3. GVU Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.11.2013 (3)
  4. GVU Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (2)
  5. Zbot.gen!AJ Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (7)
  6. Trojaner lässt sich nicht entfernen! =(
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (15)
  7. Backdoor Trojaner lässt sich nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (5)
  8. BKA Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 22.03.2012 (27)
  9. Hartnäckiger Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.12.2011 (34)
  10. trojaner lässt sich nicht entfernen!
    Mülltonne - 15.10.2010 (1)
  11. Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.10.2010 (25)
  12. TR/CRYPT.FKM.Gen Trojaner lässt sich nicht entfernen
    Mülltonne - 10.08.2008 (0)
  13. Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 08.01.2008 (5)
  14. Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.12.2006 (8)
  15. Mssearchnet Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 20.02.2006 (2)
  16. Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 30.01.2006 (30)
  17. Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 02.03.2005 (1)

Zum Thema GVU Trojaner lässt sich nicht entfernen - Hallo, habe den GVU Trojaner auf dem Rechner. Eines von 2 Nutzerkonten lässt sich aber Gott sei Dank normal hochfahren und nutzen; beim anderen Nutzerkonto kommt nach dem Booten der - GVU Trojaner lässt sich nicht entfernen...
Archiv
Du betrachtest: GVU Trojaner lässt sich nicht entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.