Trojaner-Board - S.M.A.R.T Check

Hallo Kira,

Wahnsinn wie schnell du antwortest... :rofl:
ich habe mit Maleware jetzt noch einmal einen Vollscan durchgeführt mit zwei weiteren Funden. Hier der Report:

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.04.04.08
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Hopfen :: xxx [Administrator]
 

Schutz: Aktiviert
 

11.05.2012 23:08:25

mbam-log-2012-05-11 (23-08-25).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 429400

Laufzeit: 2 Stunde(n), 39 Minute(n), 23 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

E:\Adobe.Acrobat.Pro.X.v10.0.Multilingual.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt.

E:\Adobe.Acrobat.Pro.X.v10.0.Multilingual.Incl.Keymaker-CORE\keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Anschließend habe ich mit Schritt 4 weitergemacht. Hier der OTL.txt-Report:

OTL Logfile:

Code:

OTL logfile created on: 12.05.2012 08:26:28 - Run 1

OTL by OldTimer - Version 3.2.42.3     Folder = F:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,46 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 82,32% Memory free

5,30 Gb Paging File | 4,89 Gb Available in Paging File | 92,27% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 29,29 Gb Total Space | 0,70 Gb Free Space | 2,39% Space Free | Partition Type: NTFS

Drive D: | 29,29 Gb Total Space | 22,03 Gb Free Space | 75,21% Space Free | Partition Type: NTFS

Drive E: | 174,30 Gb Total Space | 22,81 Gb Free Space | 13,09% Space Free | Partition Type: NTFS

Drive F: | 7,53 Gb Total Space | 7,51 Gb Free Space | 99,78% Space Free | Partition Type: FAT32

 

Computer Name: HUPKA | User Name: Hopfen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.11 12:12:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- F:\OTL.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- D:\Progarmme_1\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- D:\Progarmme_1\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.01.03 15:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- D:\Progarmme_1\Adobe Acrobat Pro X V 10.0\Acrobat\acrotray.exe

PRC - [2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2011.05.05 18:54:39 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2010.12.03 19:59:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2009.07.28 13:14:50 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

PRC - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Programme\Winamp\winampa.exe

PRC - [2009.02.01 00:15:38 | 000,049,152 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe

PRC - [2009.01.31 22:43:30 | 000,049,250 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe

PRC - [2009.01.23 11:07:14 | 000,217,088 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe

PRC - [2008.11.24 13:56:46 | 000,054,568 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe

PRC - [2008.11.14 15:05:54 | 001,708,032 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe

PRC - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2008.07.21 11:44:12 | 000,225,362 | ---- | M] (IDT, Inc.) -- c:\Programme\IDT\XPM09_6047v002\WDM\stacsv.exe

PRC - [2008.07.21 11:42:16 | 000,442,460 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe

PRC - [2008.07.11 13:15:06 | 000,466,944 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004.04.07 01:02:00 | 000,895,488 | ---- | M] (SWR3.online) -- C:\Programme\RauchFrei\RauchFrei.exe

PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.01.03 15:10:54 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU

MOD - [2012.01.03 15:10:54 | 000,019,968 | -H-- | M] () -- D:\Progarmme_1\Adobe Acrobat Pro X V 10.0\Acrobat\Locale\de_DE\AcroTray.DEU

MOD - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe

MOD - [2010.01.30 02:41:12 | 004,254,560 | -H-- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010.01.28 14:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Programme\Winamp\winampa.exe

MOD - [2008.11.26 11:39:24 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll

MOD - [2008.11.26 11:39:16 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll

MOD - [2008.11.14 15:06:14 | 000,098,304 | ---- | M] () -- C:\Programme\Dell\QuickSet\dadkeyb.dll

MOD - [2008.10.04 09:40:30 | 000,090,223 | ---- | M] () -- C:\Programme\Dell\QuickSet\preflibcl.dll

MOD - [2008.08.29 13:58:26 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll

MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008.04.04 21:05:24 | 000,324,608 | ---- | M] () -- C:\Programme\TeraCopy\TeraCopy.dll

MOD - [2007.08.14 03:42:00 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl31ml3.dll

MOD - [2005.01.06 18:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll

MOD - [2001.07.31 11:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Progarmme_1\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.06.30 19:33:12 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.05 18:54:39 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.10.25 16:16:34 | 000,071,024 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe -- (HRService)

SRV - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Progarmme_1\Office2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2008.07.21 11:44:12 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Programme\IDT\XPM09_6047v002\WDM\stacsv.exe -- (STacSV)

SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MonFilt.sys -- (MonFilt)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AMBFilt.sys -- (AMBFilt)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.06.30 19:33:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.30 19:33:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.06.22 19:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)

DRV - [2009.06.10 01:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)

DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.03.19 17:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA009Vid.sys -- (OA009Vid)

DRV - [2009.03.06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA009Ufd.sys -- (OA009Ufd)

DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.02.05 19:48:16 | 000,192,048 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2008.11.26 11:39:24 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2008.11.26 11:39:22 | 000,033,664 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS -- (BCMWLNPF)

DRV - [2008.10.04 09:40:30 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)

DRV - [2008.08.29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2008.07.24 10:03:00 | 000,289,664 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2008.07.21 11:46:18 | 001,384,595 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2008.07.11 13:15:10 | 000,108,160 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007.11.14 17:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2007.06.07 17:00:02 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA009Afx.sys -- (OA009Afx)

DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2002.07.17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de

IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGAR~1\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGAR~1\OFFICE~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Progarmme_1\Adobe Acrobat Pro X V 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Programme\AutocompletePro\support@predictad.com [2010.04.26 16:37:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Progarmme_1\Adobe Acrobat Pro X V 10.0\Acrobat\Browser\WCFirefoxExtn [2012.03.01 23:26:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Programme\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.07.10 16:23:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.11 11:25:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.03.02 00:10:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.02.18 21:33:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

 

[2010.08.22 11:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Mozilla\Extensions

[2010.08.22 11:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.12.26 15:36:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de

[2012.05.11 11:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Mozilla\Firefox\Profiles\1er94i1q.default\extensions

[2012.03.17 15:13:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Mozilla\Firefox\Profiles\1er94i1q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.05.11 11:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Mozilla\Firefox\Profiles\1er94i1q.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}

[2012.05.11 11:25:52 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Mozilla\Firefox\Profiles\1er94i1q.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}(2)

[2011.09.23 23:32:28 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Mozilla\Firefox\Profiles\1er94i1q.default\extensions\2020Player_IKEA@2020Technologies.com

[2011.03.27 19:18:02 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Mozilla\Firefox\Profiles\1er94i1q.default\extensions\engine@conduit.com

[2011.11.28 23:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.03.30 08:02:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2012.03.18 12:02:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2003.04.23 19:10:48 | 006,595,792 | ---- | M] (CambridgeSoft Corp.) -- C:\Programme\mozilla firefox\plugins\npcdp32.dll

[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2007.05.16 10:30:04 | 000,036,864 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npSfAppM.dll

[2012.01.05 10:46:17 | 000,001,392 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.01.05 10:46:17 | 000,002,252 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.01.05 10:46:17 | 000,001,153 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.05 10:46:17 | 000,006,805 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.05 10:46:17 | 000,001,178 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.01.05 10:46:17 | 000,001,105 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.50524.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGAR~1\OFFICE~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGAR~1\OFFICE~1\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: ChemDraw Pro Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npcdp32.dll

CHR - plugin: SciFinder Application Plugin for Mozilla (Enabled) = C:\Programme\Mozilla Firefox\plugins\npSfAppM.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Hopfen\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Hopfen\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Hopfen\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2011.07.09 14:01:44 | 000,000,850 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Progarmme_1\Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Progarmme_1\Office2010\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Progarmme_1\Adobe Acrobat Pro X V 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Progarmme_1\Adobe Acrobat Pro X V 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BirdieSync] C:\Programme\BirdieSync\BirdieSync.exe -minimized File not found

O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Progarmme_1\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()

O4 - HKCU..\Run: [AdobeBridge]  File not found

O4 - HKCU..\Run: [SWR3RauchFrei] C:\Programme\RauchFrei\RauchFrei.exe (SWR3.online)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Progarmme_1\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Progarmme_1\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Progarmme_1\Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Progarmme_1\Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{840BBC05-8847-449F-8020-4F1332B00BFD}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Progarmme_1\Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.07.27 14:10:41 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{a2e4dbf2-a55e-11e0-b413-00265e06fada}\Shell - "" = AutoRun

O33 - MountPoints2\{a2e4dbf2-a55e-11e0-b413-00265e06fada}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{a2e4dbf2-a55e-11e0-b413-00265e06fada}\Shell\AutoRun\command - "" = F:\SafeStick.exe

O33 - MountPoints2\{a4261472-2b75-11df-b077-00265e06fada}\Shell - "" = AutoRun

O33 - MountPoints2\{a4261472-2b75-11df-b077-00265e06fada}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{a4261472-2b75-11df-b077-00265e06fada}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.11 12:17:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.05.11 12:17:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.05.11 11:26:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hopfen\Desktop\Steuer 2011 xxx

[2012.05.11 11:26:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hopfen\Desktop\Steuer 2011 Biggi

[2012.05.11 11:26:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hopfen\Desktop\Flo_Steuer

[2012.05.11 11:26:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hopfen\Desktop\Biggi_Steuer

[2012.05.11 11:24:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Hopfen\Recent

[2012.05.08 22:10:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Malwarebytes

[2012.05.08 22:10:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.05.08 22:10:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.05.07 17:43:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla

[2012.05.02 23:48:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Simfy

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.12 08:21:42 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk

[2012.05.12 08:21:31 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.05.12 08:21:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.05.12 05:51:10 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{692836D5-5D51-44B2-98E9-8FC9791FCB44}.job

[2012.05.12 02:00:01 | 000,000,348 | -H-- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-xxx-Hopfen.job

[2012.05.11 14:31:00 | 000,000,860 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2012.05.11 12:17:41 | 000,000,640 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.10 14:05:58 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-jYCTTkOQ2TkE0u

[2012.05.08 22:22:36 | 000,000,176 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-jYCTTkOQ2TkE0ur

[2012.05.08 22:17:21 | 000,453,348 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.05.08 22:17:21 | 000,436,482 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.05.08 22:17:21 | 000,081,772 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.05.08 22:17:21 | 000,068,996 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.05.07 19:05:07 | 000,000,256 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jYCTTkOQ2TkE0u

[2012.05.02 23:48:45 | 000,000,032 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hopfen\.simfy

[2012.04.23 23:21:18 | 001,557,699 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hopfen\Desktop\IMG_6490_neu.jpg

[2012.04.23 19:41:46 | 134,155,355 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hopfen\Desktop\IMG_6490.psd

[2012.04.22 17:24:38 | 000,000,553 | ---- | M] () -- C:\WINDOWS\wiso.ini

[2012.04.22 14:19:26 | 005,390,860 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hopfen\Desktop\Socken.JPG

[2012.04.21 16:51:20 | 005,474,778 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hopfen\Desktop\IMG_6490.JPG

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.11 12:17:41 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.08 22:22:36 | 000,000,176 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-jYCTTkOQ2TkE0ur

[2012.05.08 22:22:36 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-jYCTTkOQ2TkE0u

[2012.05.07 19:05:04 | 000,000,256 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jYCTTkOQ2TkE0u

[2012.05.02 23:48:45 | 000,000,032 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hopfen\.simfy

[2012.04.23 23:21:14 | 001,557,699 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hopfen\Desktop\IMG_6490_neu.jpg

[2012.04.22 21:07:59 | 134,155,355 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hopfen\Desktop\IMG_6490.psd

[2012.04.22 14:19:27 | 005,390,860 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hopfen\Desktop\Socken.JPG

[2012.04.21 16:51:20 | 005,474,778 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hopfen\Desktop\IMG_6490.JPG

[2012.03.04 16:14:31 | 000,000,553 | ---- | C] () -- C:\WINDOWS\wiso.ini

[2012.02.20 22:36:27 | 000,028,317 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR

[2012.02.20 22:34:50 | 000,028,323 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Tabulatorgetrennte Werte (Windows).ADR

[2012.02.20 22:30:59 | 000,028,313 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Kommagetrennte Werte (DOS).ADR

[2012.02.16 23:28:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.12.12 00:40:55 | 000,512,184 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2011.12.08 22:07:14 | 000,001,456 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hopfen\Lokale Einstellungen\Anwendungsdaten\Adobe Für Web speichern 12.0 Prefs

[2011.06.19 18:00:10 | 000,000,417 | ---- | C] () -- C:\WINDOWS\Chem3D.INI

[2010.08.01 15:02:48 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31ml3.dll

[2010.08.01 00:48:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI

 
 ========== LOP Check ==========

 

[2012.04.16 23:22:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH

[2011.04.18 21:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited

[2012.03.01 23:03:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular

[2011.12.13 01:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF

[2010.12.26 15:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe

[2010.12.26 15:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware

[2009.07.31 11:00:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mestrelab Research S.L

[2011.07.10 17:25:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe

[2011.07.22 01:02:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp

[2011.08.04 22:01:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrafficMonitor

[2010.06.21 17:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip

[2011.07.03 15:20:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\.#

[2012.02.29 21:54:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Audacity

[2010.04.26 16:37:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Audio Recorder for Free

[2011.07.10 15:27:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\becker

[2011.02.09 22:58:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\BirdieSync

[2012.03.04 16:15:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Buhl Data Service

[2011.04.18 21:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Canneverbe Limited

[2011.04.14 21:30:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Canon

[2012.03.19 21:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\DVDVideoSoft

[2012.02.29 20:11:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\elsterformular

[2012.03.01 22:10:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\gSyncit

[2011.04.18 22:47:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\gtk-2.0

[2010.12.26 15:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Haufe Mediengruppe

[2011.01.09 20:25:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\HTC

[2011.01.09 14:30:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2009.07.30 11:18:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\ICQ

[2010.12.26 15:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Lexware

[2009.07.31 11:00:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Mestrelab Research S.L

[2011.04.18 21:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\OpenCandy

[2012.02.29 22:06:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Outlook

[2012.05.08 23:04:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\PriceGong

[2012.05.02 23:48:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Simfy

[2011.07.12 23:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2009.09.15 14:05:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\TeraCopy

[2010.08.22 11:45:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Thunderbird

[2009.07.27 14:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\TMP

[2011.04.19 19:41:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hopfen\Anwendungsdaten\Uniblue

[2012.05.12 05:51:10 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{692836D5-5D51-44B2-98E9-8FC9791FCB44}.job

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

[/code]

Und hier der Extras.txt-Report:

OTL Logfile:

Code:

OTL Extras logfile created on: 12.05.2012 08:26:28 - Run 1

OTL by OldTimer - Version 3.2.42.3     Folder = F:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,46 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 82,32% Memory free

5,30 Gb Paging File | 4,89 Gb Available in Paging File | 92,27% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 29,29 Gb Total Space | 0,70 Gb Free Space | 2,39% Space Free | Partition Type: NTFS

Drive D: | 29,29 Gb Total Space | 22,03 Gb Free Space | 75,21% Space Free | Partition Type: NTFS

Drive E: | 174,30 Gb Total Space | 22,81 Gb Free Space | 13,09% Space Free | Partition Type: NTFS

Drive F: | 7,53 Gb Total Space | 7,51 Gb Free Space | 99,78% Space Free | Partition Type: FAT32

 

Computer Name: xxx | User Name: Hopfen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\CambridgeSoft\ChemOffice2004\ChemDraw\ChemDraw.exe" = C:\Programme\CambridgeSoft\ChemOffice2004\ChemDraw\ChemDraw.exe:*:Enabled:ChemDraw Ultra 8.0 -- (CambridgeSoft Corp.)

"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()

"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver

"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application

"F:\CambridgeSoft\ChemOffice2004\ChemDraw\ChemDraw.exe" = F:\CambridgeSoft\ChemOffice2004\ChemDraw\ChemDraw.exe:*:Disabled:ChemDraw Ultra 8.0

"C:\Programme\BirdieSync\BirdieSync.exe" = C:\Programme\BirdieSync\BirdieSync.exe:*:Enabled:BirdieSync

"C:\Programme\Mozilla Thunderbird\thunderbird.exe" = C:\Programme\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Thunderbird -- (Mozilla Messaging)

"D:\Progarmme_1\Office2010\Office14\GROOVE.EXE" = D:\Progarmme_1\Office2010\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)

"D:\Progarmme_1\Office2010\Office14\ONENOTE.EXE" = D:\Progarmme_1\Office2010\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)

"D:\Progarmme_1\Office2010\Office14\OUTLOOK.EXE" = D:\Progarmme_1\Office2010\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Programme\CambridgeSoft\ChemOffice2004\Chem3D\Chem3D.exe" = C:\Programme\CambridgeSoft\ChemOffice2004\Chem3D\Chem3D.exe:*:Disabled:Chem3D Ultra -- (CambridgeSoft Corp.)

"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth

"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

""Update to XShell 4.01"" = "Update to XShell 4.01"

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection

"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 23

"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX

"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010

"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300

"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5A33744D-33F5-451A-9CB0-2FE49EE3809C}" = ChemOffice Ultra 2004

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.3

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 14

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AA721D14-CFE2-410E-B975-79FE5F82F99F}" = MSVCMergeModules

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch

"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"7-Zip" = 7-Zip 9.20

"Acoustica MP3 To Wave Converter PLUS" = Acoustica MP3 To Wave Converter PLUS

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AskTBar Uninstall" = Ask Toolbar

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)

"AutocompletePro2_is1" = AutocompletePro

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Becker Content Manager" = Becker Content Manager

"Broadcom 802.11 Application" = Dienstprogramm für Dell Wireless WLAN Karte

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"ChemWindow Suite" = ChemWindow Suite

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Content Manager 2" = Content Manager 2

"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)  

"Google Updater" = Google Updater

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"ie8" = Windows Internet Explorer 8

"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)

"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"Origin 6.0" = Origin 6.0

"PCFriendly" = PCFriendly

"RealPlayer 6.0" = RealPlayer

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"softonic-de3 Toolbar" = softonic-de3 Toolbar

"SWR3 RauchFrei_is1" = SWR3 RauchFrei Version 1.2

"TeraCopy_is1" = TeraCopy 2.01

"VLC media player" = VLC media player 1.0.0

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGX_is1" = Uninstall WinGX

"XP, XPREP, XSHELL" = ShelXTL

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

--- --- ---

[/code]

Es hat sich eigentlich nichts geändert. OTL konnte ich zudem nicht auf einem der Partitionen schieben. Ich habe das Programm also von einem USB-Stick gestartet. Die Folder mit meinen Dateien sind immer noch alle leer. Der Virus/trojaner scheint also noch auf meinem Laptop zu sein :daumenrunter:

Gibt es noch weitere Maßnahmen die ich anwenden könnte?

Dankeee!