Trojaner-Board - Dieses Programm kann die Webseite nicht anzeigen

1. Nach dem Fixen mit OTL:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eueejbfzwnwlhuf not found.

File C:\WINDOWS\eueejbfz.exe not found.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.

========== FILES ==========

File\Folder C:\WINDOWS\eueejbfz.exe not found.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lhewbstfwqfeowc folder moved successfully.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\engbalvqijcxvds moved successfully.

File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eueejbfz.exe not found.

File\Folder C:\Dokumente und Einstellungen\Yvonne\ms.exe not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Auflösungscache wurde geleert.

C:\Dokumente und Einstellungen\Yvonne\Eigene Dateien\Downloads\cmd.bat deleted successfully.

C:\Dokumente und Einstellungen\Yvonne\Eigene Dateien\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 176 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Google Chrome cache emptied: 594288 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1502174 bytes

 

User: Mustermann

->Temp folder emptied: 6941992904 bytes

->Temporary Internet Files folder emptied: 1665506556 bytes

->Java cache emptied: 157648733 bytes

->FireFox cache emptied: 67523599 bytes

->Google Chrome cache emptied: 6715097 bytes

->Flash cache emptied: 9579 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 4905863 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 10059144 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 8.446,00 mb

 

 

OTL by OldTimer - Version 3.2.70.1 log created on 11012012_103300
 

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

2. Nach vollständigem Suchlauf mit Malwarebytes:

Code:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.09.29.05
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Yvonne :: YVONNE [Administrator]
 

01.11.2012 10:49:55

mbam-log-2012-11-01 (10-49-55).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 341078

Laufzeit: 2 Stunde(n), 4 Minute(n), 53 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

3. Installierte Programme mit CC Cleaner:

Code:

Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        28.10.2012                11.4.402.287

Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        28.10.2012                11.4.402.287

Adobe Reader 8.1.2 - Deutsch        Adobe Systems Incorporated        02.03.2008        101,00MB        8.1.2

AFPL Ghostscript 8.54                18.05.2007                

AFPL Ghostscript Fonts                18.05.2007                

Apple Application Support        Apple Inc.        02.04.2011        52,66MB        1.5.0

Apple Mobile Device Support        Apple Inc.        02.04.2011        21,75MB        3.4.0.25

Apple Software Update        Apple Inc.        02.04.2011        2,26MB        2.1.2.120

ATI - Dienstprogramm zur Deinstallation der Software                03.09.2005                6.14.10.1012

ATI Display Driver                16.03.2007                8.152-050629m-025929C-Samsung

ATI Systemsteuerung                03.09.2005                6.14.10.5157

avast! Free Antivirus        AVAST Software        03.10.2012                7.0.1466.0

AVStation premium        Samsung        30.08.2005                1.00.0000

Bonjour        Apple Inc.        02.04.2011        1,20MB        2.0.4.0

CCleaner        Piriform        24.10.2012                3.24

Cisco Systems VPN Client 5.0.05.0290        Cisco Systems, Inc.        12.03.2010        13,13MB        5.0.5

Digital Video                03.09.2005                

DjVu Solo 3.1                09.04.2009                

EasyBox                30.08.2005                2.00

EPSON Easy Photo Print                04.08.2006                1.1.0.0

EPSON-Drucker-Software                03.10.2012                

ESD68 Benutzerhandbuch                30.06.2012                

Free Studio version 5.0.8        DVDVideoSoft Limited.        02.04.2011                

Google Chrome        Google Inc.        31.07.2010                22.0.1229.94

IEEE 802.11 Wireless Lan Driver                01.11.2012                1.10.000

Intel(R) Graphics Media Accelerator Driver for Mobile                24.11.2005                6.14.10.4363

Intel(R) PROSet/Wireless Software        Intel Corporation        16.03.2007                

InterActual Player                03.10.2012                

iTunes        Apple Inc.        02.04.2011        142,00MB        10.2.1.1

J2SE Runtime Environment 5.0        Sun Microsystems, Inc.        30.08.2005        71,77MB        1.5.0

J2SE Runtime Environment 5.0 Update 6        Sun Microsystems, Inc.        06.09.2006        145,00MB        1.5.0.60

Java(TM) 6 Update 3        Sun Microsystems, Inc.        02.01.2008        133,00MB        1.6.0.30

Java(TM) 6 Update 34        Oracle        29.08.2012        95,70MB        6.0.340

Java(TM) SE Runtime Environment 6 Update 1        Sun Microsystems, Inc.        08.06.2007        159,00MB        1.6.0.10

Magic Keyboard                30.08.2005                6.7.19.0

Malwarebytes Anti-Malware Version 1.65.1.1000        Malwarebytes Corporation        01.11.2012                1.65.1.1000

MathPlayer        Design Science, Inc.        04.09.2007                2.1b

Microsoft .NET Framework 2.0 Service Pack 2        Microsoft Corporation        16.06.2012        183,00MB        2.2.30729

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU        Microsoft Corporation        02.04.2011        6,30MB        2.2.30729

Microsoft .NET Framework 3.0 Service Pack 2        Microsoft Corporation        13.05.2012        239,00MB        3.2.30729

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU        Microsoft Corporation        02.04.2011        37,52MB        3.2.30729

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        02.04.2011                

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        13.05.2012                

Microsoft Compression Client Pack 1.0 for Windows XP        Microsoft Corporation        01.09.2007                1

Microsoft Office File Validation Add-In        Microsoft Corporation        05.01.2012        11,21MB        14.0.5130.5003

Microsoft Office Standard Edition 2003        Microsoft Corporation        12.10.2012        960,00MB        11.0.8173.0

Microsoft User-Mode Driver Framework Feature Pack 1.0        Microsoft Corporation        01.09.2007                

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        12.11.2009        0,15MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        24.04.2011        10,20MB        9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        10.11.2009        10,28MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        22.11.2010        10,19MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        15.06.2011        10,20MB        9.0.30729.6161

MiKTeX 2.7        MiKTeX.org        08.03.2010                2.7

Mozilla Firefox 16.0.2 (x86 en-GB)        Mozilla        29.10.2012                16.0.2

Mozilla Maintenance Service        Mozilla        30.10.2012                16.0.2

MSXML 4.0 SP2 (KB927978)        Microsoft Corporation        15.11.2006        2,56MB        4.20.9841.0

MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        16.08.2007        2,62MB        4.20.9848.0

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        12.11.2008        2,67MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.11.2009        2,77MB        4.20.9876.0

MSXML 4.0 SP2 Parser and SDK        Microsoft Corporation        30.08.2005        1,23MB        4.20.9818.0

PowerDVD                25.09.2011                

QuickTime        Apple Inc.        02.04.2011        73,73MB        7.69.80.9

RealPlayer        RealNetworks        08.12.2011                

Recover Pro                30.08.2005                

Samsung Battery Manager                30.08.2005                1.00

Samsung Command Center        Ihr Firmenname        30.08.2005                1.0.24.0N

Samsung Network Manager 2.0        Ihr Firmenname        30.08.2005                2.0.5.0

Samsung Smart Screen                30.08.2005                1.0.90.0

Samsung Theme        Ihr Firmenname        30.08.2005                1.1.0.0

Samsung Universal Print Driver        Samsung Electronics CO.,LTD        09.01.2010                

Samsung Update Plus        Samsung Electronics Co., LTD        30.08.2005                1.2.0.10

SENS LT56ADW Modem                                

Skype 3.1        Skype Technologies S.A.        17.04.2007                3.1

SoundMAX        Analog Devices        30.08.2005                5.12.01.5240

Synaptics Pointing Device Driver                30.08.2005                7.13.0.1

TeXnicCenter Version 1.0 Stable RC1        TeXnicCenter.org        08.03.2010                Version 1.0 Stable RC1

Uninstall 1.0.0.1                02.04.2011                

User's Guide                03.09.2005                

VLC media player 1.1.8        VideoLAN        02.04.2011                1.1.8

WinDjView 1.0.1        Andrew Zhezherun        09.04.2009                1.0.1

Windows Internet Explorer 8        Microsoft Corporation        12.07.2009                20090308.140743

Windows Live Anmelde-Assistent        Microsoft Corporation        13.07.2009        1,92MB        5.000.818.5

Windows Live Essentials        Microsoft Corporation        13.07.2009                14.0.8064.0206

Windows Live-Uploadtool        Microsoft Corporation        13.07.2009        0,22MB        14.0.8014.1029

Windows Media Format 11 runtime                12.07.2009                

Windows Media Player 11                12.07.2009                

Windows XP Service Pack 3        Microsoft Corporation        12.07.2009                20080414.031514

WinEdt        WinEdt Team        26.06.2009                

WinRAR                07.01.2010                

WOW XT and TSXT Filter Driver        SRS Labs, Inc.        30.08.2005        1,88MB        1.06.0000

XVID Codec Installation                03.09.2005                

Zattoo 3.3.4 Beta        Zattoo Inc.        24.01.2009                3.3.4 Beta

Zattoo4 4.0.5        Zattoo Inc.        18.07.2010                4.0.5

4. Erneuter OTL Scan
OTL.txt:

Code:

OTL logfile created on: 02.11.2012 16:15:33 - Run 2

OTL by OldTimer - Version 3.2.70.1     Folder = C:\Dokumente und Einstellungen\Yvonne\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1022,17 Mb Total Physical Memory | 558,45 Mb Available Physical Memory | 54,63% Memory free

2,40 Gb Paging File | 1,92 Gb Available in Paging File | 79,75% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 67,28 Gb Total Space | 10,41 Gb Free Space | 15,48% Space Free | Partition Type: NTFS

 

Computer Name: YVONNE | User Name: Yvonne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.10.28 17:38:06 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2012.10.03 08:32:36 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Yvonne\Eigene Dateien\Downloads\OTL.exe

PRC - [2012.08.21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe

PRC - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012.01.18 13:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe

PRC - [2012.01.18 13:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2011.12.08 13:43:22 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe

PRC - [2011.02.18 15:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2009.02.04 18:55:38 | 000,548,864 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

PRC - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005.08.18 09:33:26 | 001,933,312 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe

PRC - [2005.07.15 18:42:46 | 000,200,704 | R--- | M] () -- C:\Programme\Samsung\AVStation premium\Bin\AVStation Agent.exe

PRC - [2005.06.27 18:30:06 | 000,360,448 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\MagicKBD.exe

PRC - [2005.05.28 07:35:56 | 000,036,864 | R--- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe

PRC - [2005.03.08 07:48:50 | 000,081,920 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe

PRC - [2005.02.02 04:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe

PRC - [2004.08.17 02:37:00 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Programme\ltmoh\ltmoh.exe

PRC - [2004.07.27 12:48:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe

PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.11.02 09:51:16 | 001,826,304 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\12110200\algo.dll

MOD - [2012.10.28 17:38:03 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2012.10.09 12:26:39 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll

MOD - [2011.02.06 10:32:14 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll

MOD - [2009.02.04 18:55:38 | 000,548,864 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

MOD - [2009.01.13 11:29:00 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll

MOD - [2008.06.04 15:53:14 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\spd__l3.dll

MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008.03.25 05:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll

MOD - [2005.08.18 09:33:26 | 001,933,312 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe

MOD - [2005.07.15 18:42:46 | 000,200,704 | R--- | M] () -- C:\Programme\Samsung\AVStation premium\Bin\AVStation Agent.exe

MOD - [2005.07.08 18:21:48 | 000,098,304 | R--- | M] () -- C:\Programme\Samsung\AVStation premium\Bin\AVS3_Resource.dll

MOD - [2005.07.06 15:13:12 | 000,045,056 | R--- | M] () -- C:\Programme\Samsung\AVStation premium\Bin\SABI.dll

MOD - [2005.05.28 07:35:56 | 000,036,864 | R--- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe

MOD - [2005.05.27 21:03:06 | 000,364,666 | R--- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMCoreDll.dll

MOD - [2005.03.08 07:48:50 | 000,081,920 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe

MOD - [2005.02.25 15:51:54 | 000,049,255 | R--- | M] () -- C:\Programme\Samsung\AVStation premium\Bin\rfctrl.dll

MOD - [2005.02.25 15:51:44 | 000,028,672 | R--- | M] () -- C:\Programme\Samsung\AVStation premium\Bin\KBDHook.dll

MOD - [2005.02.25 15:51:42 | 000,053,248 | R--- | M] () -- C:\Programme\Samsung\AVStation premium\Bin\DirMonitor.dll

MOD - [2004.08.16 10:09:26 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\MagicKBD\EasyBoxDll.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012.10.28 17:38:04 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.10.09 12:26:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011.02.18 15:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009.03.24 09:45:58 | 000,127,656 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\WINDOWS\system32\SUPDSvc.exe -- (Samsung UPD Service)

SRV - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2005.05.28 07:35:56 | 000,036,864 | R--- | M] () [Auto | Running] -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service)

SRV - [2005.03.08 07:48:52 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)

SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.11.01 10:49:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012.08.21 10:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.08.21 10:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.08.21 10:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.08.21 10:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012.08.21 10:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012.08.21 10:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012.08.21 10:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.01.13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2008.08.28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007.11.14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2005.07.13 10:58:18 | 000,463,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2005.06.28 15:01:58 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005.06.08 15:58:10 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WOWFilter.sys -- (wowfilter)

DRV - [2005.04.30 15:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)

DRV - [2005.04.18 21:21:08 | 000,027,136 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)

DRV - [2005.03.04 04:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2004.12.06 14:51:10 | 000,051,328 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2004.12.05 20:57:14 | 000,307,456 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2004.05.26 07:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2004.05.18 06:43:58 | 000,043,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\RITCPT.SYS -- (RITCPT)

DRV - [2004.05.18 06:43:54 | 000,005,088 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\FBAPI.sys -- (FBAPI)

DRV - [2000.08.23 17:19:38 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.08 13:44:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\Alwil Software\Avast5\WebRep\FF [2012.10.03 09:29:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.28 17:38:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.28 17:37:41 | 000,000,000 | ---D | M]

 

[2008.06.24 21:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Yvonne\Anwendungsdaten\Mozilla\Extensions

[2012.10.28 17:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Yvonne\Anwendungsdaten\Mozilla\Firefox\Profiles\pdglqcr9.default\extensions

[2011.04.02 18:38:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Yvonne\Anwendungsdaten\Mozilla\Firefox\Profiles\pdglqcr9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.10.28 17:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.10.28 17:37:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2012.10.28 17:38:07 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.05.06 08:50:32 | 000,001,525 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012.08.31 11:54:38 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.05.06 08:50:32 | 000,000,935 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012.05.06 08:50:32 | 000,001,166 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012.10.12 14:35:02 | 000,002,058 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\twitter.xml

[2012.05.06 08:50:32 | 000,001,121 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-en-GB.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.com

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\google\chrome\application\22.0.1229.94\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programme\google\chrome\application\22.0.1229.94\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\google\chrome\application\22.0.1229.94\gcswf32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Yvonne\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Yvonne\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\Yvonne\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Yvonne\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Yvonne\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [AVStation premium] C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe ()

O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()

O4 - HKLM..\Run: [farstone]  File not found

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems)

O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [RestoreIT!] C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE (FarStone Tech. Inc.)

O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Yvonne\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Yvonne\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Unable to open value key)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Unable to open value key)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Unable to open value key)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8483B3BC-0A31-4FB5-9119-5BB36A538E7D}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)

O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)

O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)

O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Yvonne\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Yvonne\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.08.30 09:33:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{0037f670-0372-11e0-a251-0000f07c5410}\Shell\AutoRun\command - "" = WDSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.01 11:33:51 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2012.11.01 10:49:29 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.11.01 10:33:00 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.10.28 17:37:07 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox

[2012.10.28 16:59:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Yvonne\Desktop\Korea 17. - 27.10.2012

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.02 15:26:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.11.02 14:31:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Yvonne.job

[2012.11.02 10:51:22 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012.11.02 10:50:34 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3275158196-1132446903-1280546173-1005.job

[2012.11.02 10:50:33 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Yvonne.job

[2012.11.02 10:50:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.11.02 10:50:31 | 000,001,543 | ---- | M] () -- C:\WINDOWS\System32\Yvonne_KBD.ini

[2012.11.02 10:50:29 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk

[2012.11.02 10:50:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.11.02 10:50:11 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.01 11:34:00 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk

[2012.11.01 10:49:15 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.31 16:29:38 | 000,183,296 | ---- | M] () -- C:\Dokumente und Einstellungen\Yvonne\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.10.31 08:27:04 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Yvonne.job

[2012.10.29 18:58:04 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3275158196-1132446903-1280546173-1005.job

[2012.10.29 08:40:59 | 000,452,956 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.10.29 08:40:59 | 000,436,080 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.10.29 08:40:59 | 000,081,992 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.10.29 08:40:59 | 000,068,976 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.10.13 17:05:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012.10.12 09:11:03 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.10.09 12:26:39 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012.10.09 12:26:39 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

 
 ========== Files Created - No Company Name ==========

 

[2012.11.01 11:33:59 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk

[2012.10.03 08:31:18 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Yvonne\defogger_reenable

[2012.02.16 15:13:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.11.16 08:14:02 | 000,041,164 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011.03.19 11:27:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2010.07.18 19:26:00 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Yvonne\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db

[2007.06.08 08:20:36 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

[2006.08.08 13:45:34 | 000,183,296 | ---- | C] () -- C:\Dokumente und Einstellungen\Yvonne\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== ZeroAccess Check ==========

 

[2011.04.02 17:24:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2010.11.22 09:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software

[2005.08.30 10:14:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung Electronics

[2006.08.04 11:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL

[2011.04.02 17:55:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011.05.01 18:16:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yvonne\Anwendungsdaten\Arfo

[2011.04.02 18:38:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yvonne\Anwendungsdaten\DVDVideoSoft

[2011.04.02 18:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yvonne\Anwendungsdaten\DVDVideoSoftIEHelpers

[2012.10.02 15:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yvonne\Anwendungsdaten\Ivudy

[2005.08.30 10:14:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yvonne\Anwendungsdaten\Samsung Electronics

[2012.10.02 15:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yvonne\Anwendungsdaten\TeamViewer

[2012.10.14 09:32:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Yvonne\Anwendungsdaten\WinEdt

 
 ========== Purity Check ==========

 

 
 

< End of report >

Extras.txt:

Code:

OTL Extras logfile created on: 02.11.2012 16:15:33 - Run 2

OTL by OldTimer - Version 3.2.70.1     Folder = C:\Dokumente und Einstellungen\Yvonne\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1022,17 Mb Total Physical Memory | 558,45 Mb Available Physical Memory | 54,63% Memory free

2,40 Gb Paging File | 1,92 Gb Available in Paging File | 79,75% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 67,28 Gb Total Space | 10,41 Gb Free Space | 15,48% Space Free | Partition Type: NTFS

 

Computer Name: YVONNE | User Name: Yvonne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Unable to open value key File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Unable to open value key

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Unable to open value key

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\WINDOWS\system32\SUPDSvc.exe" = C:\WINDOWS\system32\SUPDSvc.exe:*:Enabled:Samsung UPD Service -- (Samsung Electronics CO., LTD.)

"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)

"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3

"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager

"{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A71E27C-07D2-4CB8-ACA9-165242416758}" = Digital Video

"{4B5E34BE-B93B-488E-B776-509EA41A0F39}" = AVStation premium

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus

"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A174DB5-0B95-46B1-A787-341DF14AB2D5}" = Samsung Smart Screen

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A15E5EFD-76D7-4006-B7A5-8FBD86449BCB}" = IEEE 802.11 Wireless Lan Driver

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox

"{AAB9478F-DE6B-498B-9420-21E1F1AC700D}" = WOW XT and TSXT Filter Driver

"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch

"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DD4B6FB8-8A28-4E21-B21B-3DA352DB2AEF}" = Samsung Command Center

"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0

"{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54

"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts

"Agere Systems Soft Modem" = SENS LT56ADW Modem

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"ATI Display Driver" = ATI Display Driver

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner

"DjVu Solo 3.1" = DjVu Solo 3.1

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"ESD68 Benutzerhandbuch" = ESD68 Benutzerhandbuch

"Free Studio_is1" = Free Studio version 5.0.8

"Google Chrome" = Google Chrome

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme

"InstallShield_{4B5E34BE-B93B-488E-B776-509EA41A0F39}" = AVStation premium

"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus

"InstallShield_{DD4B6FB8-8A28-4E21-B21B-3DA352DB2AEF}" = Samsung Command Center

"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0

"InterActual Player" = InterActual Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MiKTeX 2.7" = MiKTeX 2.7

"Mozilla Firefox 16.0.2 (x86 en-GB)" = Mozilla Firefox 16.0.2 (x86 en-GB)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"ProInst" = Intel(R) PROSet/Wireless Software

"RealPlayer 15.0" = RealPlayer

"RestoreIT!" = Recover Pro

"Samsung Universal Print Driver" = Samsung Universal Print Driver

"Skype_is1" = Skype 3.1

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.8

"WinDjView" = WinDjView 1.0.1

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinEdt_is1" = WinEdt

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"Zattoo" = Zattoo 3.3.4 Beta

"Zattoo4" = Zattoo4 4.0.5

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 
 ========== Last 20 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 31.07.2010 03:43:22 | Computer Name = NAME-86D88D87E2 | Source = avast! | ID = 33554522

Description = 

 

Error - 31.07.2010 03:43:22 | Computer Name = NAME-86D88D87E2 | Source = avast! | ID = 33554522

Description = 

 

[ Application Events ]

Error - 19.02.2012 18:12:21 | Computer Name = NAME-86D88D87E2 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung realplay.exe, Version 15.0.0.198, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 02.05.2012 03:58:00 | Computer Name = NAME-86D88D87E2 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung WINWORD.EXE, Version 11.0.8328.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 02.05.2012 03:58:01 | Computer Name = NAME-86D88D87E2 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung WINWORD.EXE, Version 11.0.8328.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 11.05.2012 05:20:32 | Computer Name = NAME-86D88D87E2 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung WINWORD.EXE, Version 11.0.8328.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 25.08.2012 09:02:02 | Computer Name = NAME-86D88D87E2 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung vlc.exe, Version 1.1.8.0, Stillstandmodul 

hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 31.08.2012 07:07:32 | Computer Name = YVONNE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 15.0.0.4619, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 01.11.2012 05:33:03 | Computer Name = YVONNE | Source = Service Control Manager | ID = 7034

Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 01.11.2012 05:33:03 | Computer Name = YVONNE | Source = Service Control Manager | ID = 7034

Description = Dienst "Cisco Systems, Inc. VPN Service" wurde unerwartet beendet.

 Dies ist bereits 1 Mal passiert.

 

Error - 01.11.2012 05:33:03 | Computer Name = YVONNE | Source = Service Control Manager | ID = 7034

Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 01.11.2012 05:33:03 | Computer Name = YVONNE | Source = Service Control Manager | ID = 7034

Description = Dienst "SNM WLAN Service" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 01.11.2012 05:33:03 | Computer Name = YVONNE | Source = Service Control Manager | ID = 7034

Description = Dienst "SoundMAX Agent Service" wurde unerwartet beendet. Dies ist

 bereits 1 Mal passiert.

 

Error - 01.11.2012 05:33:08 | Computer Name = YVONNE | Source = Service Control Manager | ID = 7034

Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 

Mal passiert.

 

Error - 01.11.2012 05:44:28 | Computer Name = YVONNE | Source = Service Control Manager | ID = 7000

Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 01.11.2012 05:44:28 | Computer Name = YVONNE | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 02.11.2012 05:50:22 | Computer Name = YVONNE | Source = Service Control Manager | ID = 7000

Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 02.11.2012 05:50:22 | Computer Name = YVONNE | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

 

< End of report >

Zitat:

5.
kann ich nicht zuordnen, um was handelt es sich dabei ?

Code:

[2011.05.01 19:16:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mustermann\Anwendungsdaten\Arfo

[2012.10.02 16:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mustermann\Anwendungsdaten\Ivudy

Die beide Ordner sind schon einige Jahre als, was es ist kann ich nicht sagen, das weiß ich nicht. Ein Ordner ist leer, in dem anderen befindet sich eine eizelne Datei - aber wie gesagt, beide Files sind schon einige Jahre alt.