| pippi-19781 | 10.02.2013 21:30 |
Hallo t´john,
vielen Dank für deine rasche Antwort,
hier der Log von otl Code:
OTL logfile created on: 10.02.2013 21:13:10 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wätzel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,50% Memory free
4,84 Gb Paging File | 3,84 Gb Available in Paging File | 79,34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 98,59 Gb Total Space | 59,49 Gb Free Space | 60,34% Space Free | Partition Type: NTFS
Drive D: | 50,42 Gb Total Space | 30,65 Gb Free Space | 60,79% Space Free | Partition Type: NTFS
Drive H: | 465,73 Gb Total Space | 152,81 Gb Free Space | 32,81% Space Free | Partition Type: NTFS
Drive J: | 3,74 Gb Total Space | 3,56 Gb Free Space | 95,03% Space Free | Partition Type: FAT32
Computer Name: PIPPI | User Name: Wätzel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Wätzel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\FileZilla FTP Client\filezilla.exe (FileZilla Project)
PRC - C:\Programme\FileZilla FTP Client\fzsftp.exe (FileZilla Project)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - D:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
PRC - C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Programme\NVIDIA Corporation\nview\nvShell.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - D:\xampp\apache\bin\zlib1.dll ()
MOD - C:\Programme\FileZilla FTP Client\mingwm10.dll ()
MOD - C:\Programme\PSPad editor\PSPadShell.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\CGamma.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\CSensor.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\Programme\Analog Devices\SoundMAX\spkrmon.exe ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Programme\Spybot File not found
SRV - (SDUpdateService) -- C:\Programme\Spybot File not found
SRV - (SDScannerService) -- C:\Programme\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (mysql) -- D:\xampp\mysql\bin\mysqld.exe ()
SRV - (Apache2.2) -- D:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (FileZilla Server) -- D:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (wlidsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ASFIPmon) -- C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (spkrmon) -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe ()
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (StMp3Rec) -- C:\WINDOWS\system32\drivers\StMp3Rec.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (Spyder3) -- C:\WINDOWS\system32\drivers\Spyder3.sys ()
DRV - (BASFND) -- C:\Programme\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-562591055-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1078081533-562591055-839522115-1003\..\SearchScopes,DefaultScope = {08357FF3-5B15-422E-989D-6B7F1E399B45}
IE - HKU\S-1-5-21-1078081533-562591055-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1078081533-562591055-839522115-1003\..\SearchScopes\{08357FF3-5B15-422E-989D-6B7F1E399B45}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=
IE - HKU\S-1-5-21-1078081533-562591055-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100789&babsrc=SP_ss&mntrId=d0bd0570000000000000001111d04f63
IE - HKU\S-1-5-21-1078081533-562591055-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-562591055-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Programme\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Programme\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Programme\Gemeinsame Dateien\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.05 16:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.09 15:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.11.14 12:07:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\ThunderbirdPortable08-2012\App\thunderbird\components [2013.01.09 12:22:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: D:\ThunderbirdPortable08-2012\App\thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.05 16:13:55 | 000,000,000 | ---D | M]
[2012.06.24 10:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wätzel\Anwendungsdaten\Mozilla\Extensions
[2012.06.24 10:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wätzel\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2013.02.09 15:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.01 19:21:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2013.02.01 20:33:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 20:33:32 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.02.01 20:33:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 20:33:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 20:33:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 20:33:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1078081533-562591055-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingE1674] C:\Programme\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Z1] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1078081533-562591055-839522115-1003..\RunOnce: [SpybotDeletingF3620] C:\Programme\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Spyder3Utility.lnk = C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Wätzel\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-562591055-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-562591055-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Wätzel\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFC4C5D-E732-4CB1-BD5C-FBF8790F50A9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Wätzel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Wätzel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.29 18:40:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{176e315b-1cc2-11e1-96a4-001111d04f63}\Shell - "" = AutoRun
O33 - MountPoints2\{176e315b-1cc2-11e1-96a4-001111d04f63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{176e315b-1cc2-11e1-96a4-001111d04f63}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{59619bf3-1c18-11e1-969f-001111d04f63}\Shell - "" = AutoRun
O33 - MountPoints2\{59619bf3-1c18-11e1-969f-001111d04f63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{59619bf3-1c18-11e1-969f-001111d04f63}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{59619bf4-1c18-11e1-969f-001111d04f63}\Shell - "" = AutoRun
O33 - MountPoints2\{59619bf4-1c18-11e1-969f-001111d04f63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{59619bf4-1c18-11e1-969f-001111d04f63}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b0d6b84f-dd79-11e1-9822-001111d04f63}\Shell - "" = AutoRun
O33 - MountPoints2\{b0d6b84f-dd79-11e1-9822-001111d04f63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0d6b84f-dd79-11e1-9822-001111d04f63}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b0d6b850-dd79-11e1-9822-001111d04f63}\Shell - "" = AutoRun
O33 - MountPoints2\{b0d6b850-dd79-11e1-9822-001111d04f63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0d6b850-dd79-11e1-9822-001111d04f63}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.10 20:58:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wätzel\Desktop\OTL.exe
[2013.02.10 20:46:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wätzel\Desktop\www
[2013.02.09 18:28:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wätzel\Anwendungsdaten\Spyware Terminator
[2013.02.09 18:28:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
[2013.02.09 18:28:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
[2013.02.09 18:27:09 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator
[2013.02.09 12:49:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wätzel\Lokale Einstellungen\Anwendungsdaten\NPE
[2013.02.09 12:49:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
[2013.02.09 12:48:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wätzel\Desktop\Fotolia
[2013.02.09 11:01:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013.02.09 10:13:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wätzel\Anwendungsdaten\Malwarebytes
[2013.02.09 10:11:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.02.09 10:11:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.02.09 10:10:57 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.02.09 10:10:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.02.08 19:06:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2013.02.08 19:06:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2013.02.08 19:06:18 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013.02.08 19:06:08 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[2013.02.08 16:07:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Wätzel\Recent
[2013.02.08 15:42:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wätzel\Anwendungsdaten\QuickScan
[2013.02.06 10:40:39 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.01.16 15:21:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
[2013.01.14 08:51:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wätzel\Eigene Dateien\Eigene Scans
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Dokumente und Einstellungen\Wätzel\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Wätzel\Eigene Dateien\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.10 21:02:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.10 20:56:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wätzel\Desktop\OTL.exe
[2013.02.10 20:00:12 | 000,020,657 | ---- | M] () -- C:\Dokumente und Einstellungen\Wätzel\Desktop\FileZilla.xml
[2013.02.10 19:22:28 | 000,001,319 | ---- | M] () -- C:\Dokumente und Einstellungen\Wätzel\Desktop\index.php
[2013.02.10 15:46:27 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.02.10 15:05:08 | 000,000,216 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013.02.09 19:54:49 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2013.02.09 18:34:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.09 18:31:27 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2013.02.09 18:31:13 | 000,000,612 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.09 18:31:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.08 19:07:03 | 000,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.02.08 19:07:03 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.02.08 16:02:56 | 000,000,658 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2013.02.08 13:02:21 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.08 13:02:21 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.31 10:51:44 | 000,566,786 | ---- | M] () -- C:\Dokumente und Einstellungen\Wätzel\Desktop\wurst.jpg
[2013.01.24 14:49:50 | 000,397,876 | ---- | M] () -- C:\Dokumente und Einstellungen\Wätzel\Desktop\vv14.jpg
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Dokumente und Einstellungen\Wätzel\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Wätzel\Eigene Dateien\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.02.10 20:00:12 | 000,020,657 | ---- | C] () -- C:\Dokumente und Einstellungen\Wätzel\Desktop\FileZilla.xml
[2013.02.10 15:46:26 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.02.09 18:28:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2013.02.09 15:21:42 | 000,001,319 | ---- | C] () -- C:\Dokumente und Einstellungen\Wätzel\Desktop\index.php
[2013.02.08 19:51:25 | 000,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013.02.08 19:07:03 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.02.08 19:07:02 | 000,000,608 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.02.08 19:07:01 | 000,000,612 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.08 19:06:30 | 000,001,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2013.01.31 10:51:43 | 000,566,786 | ---- | C] () -- C:\Dokumente und Einstellungen\Wätzel\Desktop\wurst.jpg
[2013.01.24 14:49:50 | 000,397,876 | ---- | C] () -- C:\Dokumente und Einstellungen\Wätzel\Desktop\vv14.jpg
[2013.01.07 10:49:49 | 000,458,716 | ---- | C] () -- C:\Dokumente und Einstellungen\Wätzel\Neues Dokument 1.2013_01_07_10_49_49.0.svg
[2013.01.03 12:34:20 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013.01.03 12:34:20 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013.01.03 12:34:20 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013.01.03 12:34:17 | 002,807,708 | R--- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012.11.27 14:53:02 | 021,250,810 | ---- | C] () -- C:\Dokumente und Einstellungen\Wätzel\dankeskarten.cpr
[2012.09.30 19:59:16 | 000,991,378 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1078081533-562591055-839522115-1003-0.dat
[2012.09.29 19:17:44 | 001,001,558 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.09.05 16:47:46 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.08.20 21:16:58 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012.08.20 21:10:16 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\deluidrv.exe
[2012.08.20 21:10:16 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\delentry.exe
[2012.03.23 13:24:08 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll
[2012.03.20 18:18:35 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Wätzel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.16 09:15:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.01 16:08:33 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpomdl47.dat.temp
[2011.12.05 16:05:32 | 000,233,434 | ---- | C] () -- C:\WINDOWS\hpoins47.dat
[2011.12.05 16:05:32 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpomdl47.dat
[2011.12.02 08:19:29 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011.11.30 12:13:01 | 000,000,488 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2011.11.29 18:42:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.11.29 18:37:51 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.11.29 18:30:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.11.29 18:29:37 | 004,428,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.06.23 13:02:02 | 000,097,410 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4
[2008.05.23 17:48:50 | 000,020,270 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceInstaller.xml
========== ZeroAccess Check ==========
[2011.11.30 13:34:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.09.05 14:55:48 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
hier der asw-Log: Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-10 21:54:26
-----------------------------
21:54:26.406 OS Version: Windows 5.1.2600 Service Pack 3
21:54:26.406 Number of processors: 2 586 0x304
21:54:26.406 ComputerName: PIPPI UserName:
21:54:27.671 Initialize success
21:54:48.687 AVAST engine defs: 13021000
21:57:01.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
21:57:01.593 Disk 0 Vendor: WDC_WD1600JD-75HBB0 08.02D08 Size: 152587MB BusType: 3
21:57:01.593 Disk 0 MBR read successfully
21:57:01.609 Disk 0 MBR scan
21:57:01.640 Disk 0 Windows XP default MBR code
21:57:01.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100955 MB offset 63
21:57:01.687 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 51630 MB offset 206756550
21:57:01.750 Disk 0 scanning sectors +312496380
21:57:01.843 Disk 0 scanning C:\WINDOWS\system32\drivers
21:57:25.500 Service scanning
21:57:47.093 Modules scanning
21:58:10.171 Disk 0 trace - called modules:
21:58:10.203 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
21:58:10.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a203ab8]
21:58:10.234 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a1b7b00]
21:58:11.609 AVAST engine scan C:\WINDOWS
21:58:27.312 AVAST engine scan C:\WINDOWS\system32
22:05:34.484 AVAST engine scan C:\WINDOWS\system32\drivers
22:06:16.515 AVAST engine scan C:\Dokumente und Einstellungen\Wätzel
22:48:07.296 AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:49:01.937 Scan finished successfully
22:50:18.500 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Wätzel\Desktop\MBR.dat"
22:50:18.515 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Wätzel\Desktop\aswMBR.txt"
22:50:29.968 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Wätzel\Desktop\MBR.dat"
22:50:29.968 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Wätzel\Desktop\aswMBR2.txt"
|
aswMBR.exe und speichere die Datei auf deinem Desktop.
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
SecurityCheck und:
Hinweis: Registry Cleaner