![]() |
Plagegeister aller Art und deren Bekämpfung: Windows XP: Avira Scanner starten nicht; Avira regiert nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #16 |
![]() | ![]() Otlpe Einstellungen: Standard Registry = Use Safe List, Extra Registry = Use Safe List C:\OTL.Txt Code:
ATTFilter OTL logfile created on: 3/14/2016 4:37:00 PM - Run OTLPE by OldTimer - Version Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 47.79 Gb Total Space | 13.28 Gb Free Space | 27.79% Space Free | Partition Type: NTFS Drive D: | 53.44 Gb Total Space | 15.26 Gb Free Space | 28.56% Space Free | Partition Type: NTFS Drive E: | 10.56 Gb Total Space | 10.50 Gb Free Space | 99.47% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand] -- -- (stllssvr) SRV - [2016/02/18 07:49:19 | 000,462,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2016/02/18 07:49:09 | 001,032,328 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2016/02/18 07:49:06 | 000,834,568 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2016/02/18 07:49:06 | 000,462,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2016/02/18 07:49:05 | 001,054,008 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2015/08/07 12:43:35 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/08/28 05:06:06 | 000,043,336 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2014/04/03 14:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014/03/12 16:52:16 | 000,560,528 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2011/12/30 06:19:21 | 003,483,600 | ---- | M] (Acronis) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011/11/10 05:10:16 | 005,899,240 | ---- | M] (Acronis) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2011/11/10 05:09:24 | 000,813,320 | ---- | M] (Acronis) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011/07/20 00:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010/10/01 07:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto] -- C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2009/11/28 18:13:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/03/18 11:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007/05/08 02:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007/04/22 10:32:42 | 000,221,184 | ---- | M] (SafeBoot International) [Auto] -- C:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2007/04/19 07:35:46 | 000,075,304 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007/02/06 21:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2007/01/04 14:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006/11/06 07:31:14 | 000,887,544 | ---- | M] (Sonic Solutions) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9) SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/06/22 01:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (vsdatant) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | On_Demand] -- -- (catchme) DRV - [2016/02/18 07:49:06 | 000,135,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2015/12/03 04:11:26 | 000,106,968 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2015/06/11 06:07:27 | 000,027,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2014/03/12 16:35:16 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva) DRV - [2014/03/12 16:33:56 | 000,058,736 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux) DRV - [2014/03/12 16:33:56 | 000,040,304 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint) DRV - [2013/11/28 19:48:08 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013/07/31 02:35:19 | 000,113,024 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot) DRV - [2013/07/31 02:35:19 | 000,092,448 | ---- | M] (Avira GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim) DRV - [2011/12/30 06:19:21 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp) DRV - [2011/12/30 06:19:17 | 000,766,496 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman) DRV - [2011/12/30 06:19:15 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2011/12/30 06:19:13 | 000,126,144 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr) DRV - [2011/12/30 06:19:11 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61) DRV - [2011/12/30 06:19:08 | 000,170,752 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2011/12/30 06:19:05 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv) DRV - [2009/12/25 09:33:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt) DRV - [2009/09/10 08:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009/07/24 12:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009/06/22 14:00:48 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2008/11/21 15:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008/11/17 10:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008/11/16 13:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008/04/28 15:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008/04/13 19:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2007/10/31 13:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007/04/23 09:10:48 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32) DRV - [2007/04/22 10:25:30 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2007/04/22 10:24:58 | 000,100,095 | ---- | M] (SafeBoot International) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2007/04/10 09:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007/03/29 10:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2007/02/27 06:21:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM) DRV - [2007/02/14 10:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007/02/14 10:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006/11/30 05:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/11/22 05:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006/10/17 05:59:06 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2006/10/17 05:57:58 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2006/10/09 07:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2006/09/19 12:58:58 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2001/08/17 22:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.loca IE - HKU\Dorothee_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\Dorothee_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKU\Dorothee_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Heinz_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\Heinz_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKU\Heinz_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "AT" FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.de,Bing,eBay" FF - prefs.js..browser.search.region: "AT" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2015/08/07 12:42:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2015/08/07 12:43:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010/12/29 05:49:46 | 000,000,000 | ---D | M] [2010/12/28 15:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions [2010/12/28 15:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/12/03 08:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\xffq8n5l.default\extensions [2011/12/03 08:40:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\xffq8n5l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2015/08/07 12:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2015/08/07 12:43:41 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- [2010/11/30 13:01:40 | 000,288,568 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\ieatgpc.dll [2010/11/30 13:01:16 | 000,171,320 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\npatgpc.dll [2011/11/10 00:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2016/03/11 17:26:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found. O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found. O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No CLSID value found. O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found. O3 - HKU\Dorothee_ON_D\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found. O3 - HKU\Dorothee_ON_D\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\Heinz_ON_D\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found. O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Avira System Speedup] C:\Programme\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [CognizanceTS] C:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Speedup_umh] C:\Programme\Avira\AviraSpeedup\Speedup_umh.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKU\Heinz_ON_D..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data] O7 - HKU\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\Heinz_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - Reg Error: Key error. File not found O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - Reg Error: Key error. File not found O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - Reg Error: Key error. File not found O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - Reg Error: Key error. File not found O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - Reg Error: Key error. File not found O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - Reg Error: Key error. File not found O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - Reg Error: Key error. File not found O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\OneCard: DllName - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - CLSID or File not found. O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - Reg Error: Key error. File not found O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - Reg Error: Key error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{c9de0e10-d079-11e1-97dd-efbf148c2a67}\Shell - "" = AutoRun O33 - MountPoints2\{c9de0e10-d079-11e1-97dd-efbf148c2a67}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9de0e10-d079-11e1-97dd-efbf148c2a67}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2016/03/11 17:04:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2016/03/11 17:04:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2016/03/11 17:04:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2016/03/11 17:04:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2016/03/11 17:00:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2016/03/11 16:59:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2016/03/11 16:52:23 | 005,658,088 | R--- | C] (Swearware) -- D:\$UserProfiles\Dorothee\Desktop\ComboFix.exe [2016/03/10 10:16:52 | 000,000,000 | ---D | C] -- D:\Dorothee\_neu [2016/03/04 18:01:40 | 000,000,000 | ---D | C] -- C:\FRST [1 D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2016/03/14 08:11:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2016/03/14 08:05:24 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\MATLAB R2011b Startup Accelerator.job [2016/03/14 08:02:39 | 3212,103,680 | -HS- | M] () -- C:\hiberfil.sys [2016/03/13 14:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2016/03/11 17:26:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2016/03/11 17:26:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2016/03/11 16:52:23 | 005,658,088 | R--- | M] (Swearware) -- D:\$UserProfiles\Dorothee\Desktop\ComboFix.exe [2016/03/07 02:55:47 | 000,002,389 | ---- | M] () -- D:\$UserProfiles\Dorothee\Desktop\Microsoft Office Word 2007.lnk [2016/02/18 07:49:06 | 000,135,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [1 D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2016/03/13 12:25:23 | 3212,103,680 | -HS- | C] () -- C:\hiberfil.sys [2016/03/11 17:04:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2016/03/11 17:04:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2016/03/11 17:04:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2016/03/11 17:04:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2016/03/11 17:04:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2015/05/25 04:57:51 | 000,000,860 | ---- | C] () -- D:\$UserProfiles\Dorothee\.recently-used.xbel [2015/05/22 19:50:09 | 000,000,057 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ament.ini [2014/11/07 07:06:10 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll [2014/08/27 04:20:21 | 000,233,472 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\s-1-5-19.rrr [2014/08/26 17:58:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/03/18 06:23:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2012/02/01 15:54:01 | 000,000,600 | ---- | C] () -- D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2011/12/31 09:02:58 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe [2011/09/06 11:14:24 | 000,000,104 | ---- | C] () -- C:\WINDOWS\medigraf.INI [2011/03/15 04:30:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/03/10 02:14:20 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAZCA_L.DLL [2010/07/26 16:03:08 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010/03/23 08:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2010/01/02 10:17:22 | 000,000,655 | ---- | C] () -- D:\$UserProfiles\Dorothee\quosasdddm.properties [2009/12/25 18:31:12 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL [2009/12/25 18:31:12 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DAT [2009/12/25 16:56:52 | 000,000,613 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2009/12/25 09:33:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2009/10/15 09:36:52 | 000,006,656 | ---- | C] () -- D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/22 10:53:36 | 000,000,019 | ---- | C] () -- C:\WINDOWS\retrieve.ini [2009/07/25 05:59:45 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL [2009/05/07 12:23:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/04/18 11:22:38 | 000,000,600 | ---- | C] () -- D:\$UserProfiles\Dorothee\PUTTY.RND [2009/04/14 17:29:14 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLec.DAT [2009/04/14 17:18:41 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Enhance Timing [2009/04/14 17:18:41 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Echo [2009/04/14 17:18:41 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLds.DAT [2009/04/14 17:18:41 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Examples [2009/04/14 15:57:05 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2009/04/14 15:57:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2009/04/14 15:30:07 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2009/01/01 05:37:21 | 000,000,146 | ---- | C] () -- D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009/01/01 05:37:11 | 000,000,146 | ---- | C] () -- D:\$UserProfiles\Heinz\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008/12/31 09:07:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/11/02 17:54:07 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT [2008/11/02 17:12:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/11/02 17:12:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/11/02 17:12:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/11/02 17:12:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/11/02 17:12:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/11/02 17:12:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/11/02 17:08:48 | 000,000,146 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007/07/24 15:24:29 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007/07/24 15:24:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2007/07/24 15:09:55 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007/05/16 07:48:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll [2007/05/16 07:14:58 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2007/02/06 10:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007/02/06 09:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2007/01/19 10:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/18 17:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/18 17:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2004/08/07 02:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/08/07 02:08:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/08/07 02:04:28 | 000,519,834 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004/08/07 02:04:28 | 000,495,612 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/07 02:04:28 | 000,100,180 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004/08/07 02:04:28 | 000,083,864 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/07 02:02:10 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/07 01:57:28 | 001,645,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/07 01:52:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/07 01:49:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 04:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 04:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002/05/28 04:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 04:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001/07/06 11:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [1998/05/06 22:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== LOP Check ========== [2011/12/30 06:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Acronis [2008/12/30 18:00:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Design Science [2012/03/18 05:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EndNote [2012/03/18 05:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Epson [2012/07/22 09:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EurekaLog [2009/04/15 05:29:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nikon [2011/12/31 10:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Registry Mechanic [2007/07/25 03:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView [2010/12/28 15:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird [2013/09/12 17:41:52 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Acronis [2013/07/05 16:23:33 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Audacity [2014/11/07 07:06:10 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Cliqz [2010/05/12 02:21:09 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Design Science [2013/12/15 10:40:00 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Dropbox [2012/01/30 15:02:24 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\EndNote [2012/03/29 17:46:22 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Epson [2012/11/14 17:05:28 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\EurekaLog [2015/05/25 04:57:52 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\gtk-2.0 [2010/09/29 16:18:44 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Idegf [2012/11/19 18:49:09 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\InterVideo [2010/09/22 07:04:10 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Nikon [2009/01/01 05:37:21 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\SampleView [2010/09/29 16:18:44 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Sanaze [2010/12/29 10:31:56 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Thunderbird [2012/02/22 07:59:08 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Tracker Software [2011/07/13 12:51:46 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\webex [2014/08/27 05:20:02 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Heinz\Anwendungsdaten\Acronis [2009/01/01 05:37:11 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Heinz\Anwendungsdaten\SampleView [2014/10/11 09:23:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2011/12/30 07:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2013/07/31 02:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\APN [2014/05/18 06:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco [2009/04/14 17:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp [2012/03/18 05:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2009/04/15 13:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2009/12/25 09:36:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Molecular Devices [2012/07/22 07:53:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at [2009/04/14 17:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2012/01/30 11:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers [2012/03/18 05:35:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2009/04/14 17:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15 [2012/11/11 12:35:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{092C512F-9ECA-47B0-BF89-F0FF91DB1676} [2008/11/02 16:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2009/04/15 13:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2016/03/14 08:05:24 | 000,000,536 | ---- | M] () -- C:\WINDOWS\Tasks\MATLAB R2011b Startup Accelerator.job [2016/03/13 14:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013/11/27 15:16:27 | 106,527,028 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\毛哜6 [2013/11/23 09:15:27 | 106,527,028 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\毛哜6 [2013/10/08 06:26:50 | 099,859,239 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\痣哜6 [2013/09/19 10:44:01 | 099,859,239 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\痣哜6 < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/14/2016 4:37:00 PM - Run OTLPE by OldTimer - Version Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 47.79 Gb Total Space | 13.28 Gb Free Space | 27.79% Space Free | Partition Type: NTFS Drive D: | 53.44 Gb Total Space | 15.26 Gb Free Space | 28.56% Space Free | Partition Type: NTFS Drive E: | 10.56 Gb Total Space | 10.50 Gb Free Space | 99.47% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung "5357:TCP" = 5357:TCP:*:Enabled:WS-Eventing TCP Port 5357 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\$UserProfiles\Dorothee\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = D:\$UserProfiles\Dorothee\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) "C:\Programme\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe" = C:\Programme\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung (HP Deskjet 2540 series) -- (Hewlett-Packard Co.) "C:\Programme\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe" = C:\Programme\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator COM (HP Deskjet 2540 series) -- (Hewlett-Packard Co.) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Programme\Mozilla Firefox) -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1CF925D3-1E33-4447-889B-0751D2CF886D}" = Drive Encryption for HP ProtectTools "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{2186F2E0-7023-453B-B604-0F13C72AFF37}" = Acronis*True*Image*Home 2012 "{2186F2E0-7023-453B-B604-0F13C72AFF37}Visible" = Acronis*True*Image*Home 2012 "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.22 "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 F2 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1" = Cliqz "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6310A66B-F080-4E81-90F4-2AA6C30008EB}" = Axon pCLAMP 10.2 demo "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support "{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062 "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{80416A15-214B-4F25-A025-ED6E875631F2}" = Cisco AnyConnect Secure Mobility Client "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 7.3.1 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology "{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8A7CB3D4-0C49-4A19-8504-CF250CE1F5E8}" = HP Deskjet 2540 series - Grundlegende Software für das Gerät "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3 "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B3E5B153-CC4B-40F2-9802-288B0AF2A966}" = HP Deskjet 2540 series Hilfe "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C0CC75CD-F5B7-46AD-B016-17C0F5171718}" = Apple Mobile Device Support "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEA791BB-6F54-48ED-BC2A-F78157C1D558}" = Adobe Setup "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EBC81659-188F-4260-B9A8-E1EA53C4D650}" = Eudora "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F32DC846-4457-40A8-BECA-BCC0E960BC53}" = iTunes "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}" = HP BIOS Configuration for ProtectTools "{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager "{FBB55C5E-2548-4511-A6F5-8CBCDE16484C}" = A1 Dashboard "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject "{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2 "A1 Dashboard" = A1 Dashboard "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "ActiveTouchMeetingClient" = Cisco WebEx Meetings "Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Adobe_c015d5ef39552390a753ee735d16041" = Adobe Illustrator CS3 "Avira AntiVir Desktop" = Avira Internet Security "Avira System Speedup_is1" = Avira System Speedup "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "DSMT5" = MathType 5 "EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall "EPSON BX535WD Series Netg" = Netzwerkhandbuch EPSON BX535WD Series "EPSON BX535WD Series Useg" = Benutzerhandbuch EPSON BX535WD Series "EPSON Scanner" = EPSON Scan "FileZilla" = FileZilla (remove only) "FreePDF_XP" = FreePDF XP (Remove only) "GPL Ghostscript 8.63" = GPL Ghostscript 8.63 "HDMI" = Intel(R) Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Matlab R2011b" = MATLAB R2011b "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 39.0.3 (x86 de)" = Mozilla Firefox 39.0.3 (x86 de) "Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Origin 6.0" = Origin 6.0 "PDF Complete" = PDF Complete "PROHYBRIDR" = 2007 Microsoft Office system "PuTTY_is1" = PuTTY version 0.62 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Registry Mechanic_is1" = Registry Mechanic 10.0 "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper "SynTPDeinstKey" = Synaptics Pointing Device Driver "Tweak UI 2.10" = Tweak UI "VLC media player" = VLC media player "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.6 "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "OnlineFestplatte" = aon Online Festplatte (entfernen) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox < End of report > C:\OTL.Txt Code:
ATTFilter OTL logfile created on: 3/14/2016 2:43:29 PM - Run OTLPE by OldTimer - Version Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 47.79 Gb Total Space | 13.28 Gb Free Space | 27.79% Space Free | Partition Type: NTFS Drive D: | 53.44 Gb Total Space | 15.26 Gb Free Space | 28.56% Space Free | Partition Type: NTFS Drive E: | 10.56 Gb Total Space | 10.50 Gb Free Space | 99.47% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand] -- -- (stllssvr) SRV - [2016/02/18 07:49:19 | 000,462,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2016/02/18 07:49:09 | 001,032,328 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2016/02/18 07:49:06 | 000,834,568 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2016/02/18 07:49:06 | 000,462,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2016/02/18 07:49:05 | 001,054,008 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2015/08/07 12:43:35 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/08/28 05:06:06 | 000,043,336 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2014/04/03 14:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014/03/12 16:52:16 | 000,560,528 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2011/12/30 06:19:21 | 003,483,600 | ---- | M] (Acronis) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011/11/10 05:10:16 | 005,899,240 | ---- | M] (Acronis) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2011/11/10 05:09:24 | 000,813,320 | ---- | M] (Acronis) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011/07/20 00:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010/10/01 07:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto] -- C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2009/11/28 18:13:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/03/18 11:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007/05/08 02:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007/04/22 10:32:42 | 000,221,184 | ---- | M] (SafeBoot International) [Auto] -- C:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2007/04/19 07:35:46 | 000,075,304 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007/02/06 21:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2007/01/04 14:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006/11/06 07:31:14 | 000,887,544 | ---- | M] (Sonic Solutions) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9) SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/06/22 01:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (vsdatant) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | On_Demand] -- -- (catchme) DRV - [2016/02/18 07:49:06 | 000,135,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2015/12/03 04:11:26 | 000,106,968 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2015/06/11 06:07:27 | 000,027,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2014/03/12 16:35:16 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva) DRV - [2014/03/12 16:33:56 | 000,058,736 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux) DRV - [2014/03/12 16:33:56 | 000,040,304 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint) DRV - [2013/11/28 19:48:08 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013/07/31 02:35:19 | 000,113,024 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot) DRV - [2013/07/31 02:35:19 | 000,092,448 | ---- | M] (Avira GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim) DRV - [2011/12/30 06:19:21 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp) DRV - [2011/12/30 06:19:17 | 000,766,496 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman) DRV - [2011/12/30 06:19:15 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2011/12/30 06:19:13 | 000,126,144 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr) DRV - [2011/12/30 06:19:11 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61) DRV - [2011/12/30 06:19:08 | 000,170,752 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2011/12/30 06:19:05 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv) DRV - [2009/12/25 09:33:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt) DRV - [2009/09/10 08:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009/07/24 12:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009/06/22 14:00:48 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2008/11/21 15:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008/11/17 10:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008/11/16 13:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008/04/28 15:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008/04/13 19:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2007/10/31 13:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007/04/23 09:10:48 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32) DRV - [2007/04/22 10:25:30 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2007/04/22 10:24:58 | 000,100,095 | ---- | M] (SafeBoot International) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2007/04/10 09:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007/03/29 10:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2007/02/27 06:21:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM) DRV - [2007/02/14 10:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007/02/14 10:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006/11/30 05:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/11/22 05:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006/10/17 05:59:06 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2006/10/17 05:57:58 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2006/10/09 07:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2006/09/19 12:58:58 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2001/08/17 22:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.loca IE - HKU\Dorothee_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\Dorothee_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKU\Dorothee_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Heinz_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\Heinz_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKU\Heinz_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "AT" FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.de,Bing,eBay" FF - prefs.js..browser.search.region: "AT" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2015/08/07 12:42:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2015/08/07 12:43:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010/12/29 05:49:46 | 000,000,000 | ---D | M] [2010/12/28 15:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions [2010/12/28 15:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/12/03 08:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\xffq8n5l.default\extensions [2011/12/03 08:40:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\xffq8n5l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2015/08/07 12:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2015/08/07 12:43:41 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- [2010/11/30 13:01:40 | 000,288,568 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\ieatgpc.dll [2010/11/30 13:01:16 | 000,171,320 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\npatgpc.dll [2011/11/10 00:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2016/03/11 17:26:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found. O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found. O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No CLSID value found. O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found. O3 - HKU\Dorothee_ON_D\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found. O3 - HKU\Dorothee_ON_D\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\Heinz_ON_D\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found. O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Avira System Speedup] C:\Programme\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [CognizanceTS] C:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Speedup_umh] C:\Programme\Avira\AviraSpeedup\Speedup_umh.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKU\Heinz_ON_D..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data] O7 - HKU\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\Heinz_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - Reg Error: Key error. File not found O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - Reg Error: Key error. File not found O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - Reg Error: Key error. File not found O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - Reg Error: Key error. File not found O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - Reg Error: Key error. File not found O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - Reg Error: Key error. File not found O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - Reg Error: Key error. File not found O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\OneCard: DllName - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - CLSID or File not found. O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - Reg Error: Key error. File not found O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - Reg Error: Key error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{c9de0e10-d079-11e1-97dd-efbf148c2a67}\Shell - "" = AutoRun O33 - MountPoints2\{c9de0e10-d079-11e1-97dd-efbf148c2a67}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9de0e10-d079-11e1-97dd-efbf148c2a67}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2016/03/11 17:04:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2016/03/11 17:04:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2016/03/11 17:04:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2016/03/11 17:04:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2016/03/11 17:00:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2016/03/11 16:59:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2016/03/11 16:52:23 | 005,658,088 | R--- | C] (Swearware) -- D:\$UserProfiles\Dorothee\Desktop\ComboFix.exe [2016/03/10 10:16:52 | 000,000,000 | ---D | C] -- D:\Dorothee\_neu [2016/03/04 18:01:40 | 000,000,000 | ---D | C] -- C:\FRST [1 D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2016/03/14 08:11:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2016/03/14 08:05:24 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\MATLAB R2011b Startup Accelerator.job [2016/03/14 08:02:39 | 3212,103,680 | -HS- | M] () -- C:\hiberfil.sys [2016/03/13 14:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2016/03/11 17:26:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2016/03/11 17:26:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2016/03/11 16:52:23 | 005,658,088 | R--- | M] (Swearware) -- D:\$UserProfiles\Dorothee\Desktop\ComboFix.exe [2016/03/07 02:55:47 | 000,002,389 | ---- | M] () -- D:\$UserProfiles\Dorothee\Desktop\Microsoft Office Word 2007.lnk [2016/02/18 07:49:06 | 000,135,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [1 D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2016/03/13 12:25:23 | 3212,103,680 | -HS- | C] () -- C:\hiberfil.sys [2016/03/11 17:04:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2016/03/11 17:04:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2016/03/11 17:04:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2016/03/11 17:04:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2016/03/11 17:04:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2015/05/25 04:57:51 | 000,000,860 | ---- | C] () -- D:\$UserProfiles\Dorothee\.recently-used.xbel [2015/05/22 19:50:09 | 000,000,057 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ament.ini [2014/11/07 07:06:10 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll [2014/08/27 04:20:21 | 000,233,472 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\s-1-5-19.rrr [2014/08/26 17:58:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/03/18 06:23:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2012/02/01 15:54:01 | 000,000,600 | ---- | C] () -- D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2011/12/31 09:02:58 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe [2011/09/06 11:14:24 | 000,000,104 | ---- | C] () -- C:\WINDOWS\medigraf.INI [2011/03/15 04:30:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/03/10 02:14:20 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAZCA_L.DLL [2010/07/26 16:03:08 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010/03/23 08:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2010/01/02 10:17:22 | 000,000,655 | ---- | C] () -- D:\$UserProfiles\Dorothee\quosasdddm.properties [2009/12/25 18:31:12 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL [2009/12/25 18:31:12 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DAT [2009/12/25 16:56:52 | 000,000,613 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2009/12/25 09:33:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2009/10/15 09:36:52 | 000,006,656 | ---- | C] () -- D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/22 10:53:36 | 000,000,019 | ---- | C] () -- C:\WINDOWS\retrieve.ini [2009/07/25 05:59:45 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL [2009/05/07 12:23:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/04/18 11:22:38 | 000,000,600 | ---- | C] () -- D:\$UserProfiles\Dorothee\PUTTY.RND [2009/04/14 17:29:14 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLec.DAT [2009/04/14 17:18:41 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Enhance Timing [2009/04/14 17:18:41 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Echo [2009/04/14 17:18:41 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLds.DAT [2009/04/14 17:18:41 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Examples [2009/04/14 15:57:05 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2009/04/14 15:57:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2009/04/14 15:30:07 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2009/01/01 05:37:21 | 000,000,146 | ---- | C] () -- D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009/01/01 05:37:11 | 000,000,146 | ---- | C] () -- D:\$UserProfiles\Heinz\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008/12/31 09:07:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/11/02 17:54:07 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT [2008/11/02 17:12:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/11/02 17:12:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/11/02 17:12:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/11/02 17:12:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/11/02 17:12:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/11/02 17:12:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/11/02 17:08:48 | 000,000,146 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007/07/24 15:24:29 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007/07/24 15:24:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2007/07/24 15:09:55 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007/05/16 07:48:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll [2007/05/16 07:14:58 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2007/02/06 10:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007/02/06 09:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2007/01/19 10:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/18 17:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/18 17:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2004/08/07 02:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/08/07 02:08:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/08/07 02:04:28 | 000,519,834 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004/08/07 02:04:28 | 000,495,612 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/07 02:04:28 | 000,100,180 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004/08/07 02:04:28 | 000,083,864 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/07 02:02:10 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/07 01:57:28 | 001,645,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/07 01:52:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/07 01:49:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 04:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 04:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002/05/28 04:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 04:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001/07/06 11:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [1998/05/06 22:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== LOP Check ========== [2011/12/30 06:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Acronis [2008/12/30 18:00:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Design Science [2012/03/18 05:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EndNote [2012/03/18 05:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Epson [2012/07/22 09:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EurekaLog [2009/04/15 05:29:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nikon [2011/12/31 10:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Registry Mechanic [2007/07/25 03:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView [2010/12/28 15:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird [2013/09/12 17:41:52 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Acronis [2013/07/05 16:23:33 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Audacity [2014/11/07 07:06:10 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Cliqz [2010/05/12 02:21:09 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Design Science [2013/12/15 10:40:00 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Dropbox [2012/01/30 15:02:24 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\EndNote [2012/03/29 17:46:22 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Epson [2012/11/14 17:05:28 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\EurekaLog [2015/05/25 04:57:52 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\gtk-2.0 [2010/09/29 16:18:44 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Idegf [2012/11/19 18:49:09 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\InterVideo [2010/09/22 07:04:10 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Nikon [2009/01/01 05:37:21 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\SampleView [2010/09/29 16:18:44 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Sanaze [2010/12/29 10:31:56 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Thunderbird [2012/02/22 07:59:08 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Tracker Software [2011/07/13 12:51:46 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\webex [2014/08/27 05:20:02 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Heinz\Anwendungsdaten\Acronis [2009/01/01 05:37:11 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Heinz\Anwendungsdaten\SampleView [2014/10/11 09:23:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2011/12/30 07:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2013/07/31 02:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\APN [2014/05/18 06:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco [2009/04/14 17:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp [2012/03/18 05:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2009/04/15 13:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2009/12/25 09:36:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Molecular Devices [2012/07/22 07:53:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at [2009/04/14 17:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2012/01/30 11:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers [2012/03/18 05:35:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2009/04/14 17:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15 [2012/11/11 12:35:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{092C512F-9ECA-47B0-BF89-F0FF91DB1676} [2008/11/02 16:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2009/04/15 13:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2016/03/14 08:05:24 | 000,000,536 | ---- | M] () -- C:\WINDOWS\Tasks\MATLAB R2011b Startup Accelerator.job [2016/03/13 14:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013/11/27 15:16:27 | 106,527,028 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\毛哜6 [2013/11/23 09:15:27 | 106,527,028 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\毛哜6 [2013/10/08 06:26:50 | 099,859,239 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\痣哜6 [2013/09/19 10:44:01 | 099,859,239 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\痣哜6 < End of report > wurde nicht erstellt |
![]() | #17 |
/// Malwareteam ![]() ![]() | ![]() Windows XP: Avira Scanner starten nicht; Avira regiert nicht Hi,
__________________bin derzeit ziemlich im Schulstress (Diplomprojekt, Diplomarbeit, Matura und so). Ich kann dir hier nicht garantieren, dass ich immer schnell Antworten kann und dass wir den PC wieder zum Laufen kriegen. Am einfachsten wäre hier neu aufsetzen. Falls du trotzdem eine Reparatur probieren willst sag mir bitte bescheid.
__________________ |
![]() | #18 |
![]() | ![]() Windows XP: Avira Scanner starten nicht; Avira regiert nicht Hallo,
__________________danke für die Info! Dann werde ich mich wohl Richtung Heimat (und dort vorhandenen Backups + Computerexperte) machen und neu aufsetzen. Könntest du mir vorher noch folgende 2 Fragen beantworten: - Wo finde ich, was CF gelöscht/verändert hat? Kann ich davon ausgehen, dass CF nur gelöscht hat, was im CF Log unter den Überschriften "Weitere Löschungen" sowie "Entfernte verwaiste Registrierungseinträge" steht? - Hast du einen Anhaltspunkt gefunden, dass der Rechner befallen war? Das wär super! Danke und viel Erfolg bei den Uni- & Schulprojekten! |
![]() | #19 |
/// Malwareteam ![]() ![]() | ![]() Windows XP: Avira Scanner starten nicht; Avira regiert nicht Hi, CF löscht auch leider ein paar Sachen ohne diese zu protokollieren. Da ist es schwer nachzuvollziehen was da schief gelaufen ist. Ein paar Indikatoren hätt ich schon gesehen, aber müsste man näher analysieren. |
![]() |
Themen zu Windows XP: Avira Scanner starten nicht; Avira regiert nicht |
antivir, avira, avira aktivieren, avira blockiert, bonjour, browser, computer, device driver, dllhost.exe, dnsapi.dll, email, excel, festplatte, flash player, format, homepage, keine rückmeldung, launch, mozilla, prozesse, registry, rundll, scan, security, software, starten, starten nicht, svchost.exe, virus, windows, windows xp, wlan |