Trojaner-Board - Gvu /BKA /Interpol –Virus, starten im abgesicherten Modus nicht möglich (Windows XP 32bit)

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Gvu /BKA /Interpol –Virus, starten im abgesicherten Modus nicht möglich (Windows XP 32bit) (https://www.trojaner-board.de/160607-gvu-bka-interpol-virus-starten-abgesicherten-modus-moeglich-windows-xp-32bit.html)

Gvu /BKA /Interpol –Virus, starten im abgesicherten Modus nicht möglich (Windows XP 32bit)

Auf den Rechner meines Vater ist seid gestern Abend oben genanntes Problem. Auf meinem Laptop hatte ich vor zwei Jahren auch schonmal mit einem Befall von diesem Typ zu tun. Ein start im Abgesicherten Modus ist auch nicht möglich, da der Rechner dann gleich wieder neu startet.

Ich habe den ersten Schritt aus folgender Anleitung ausgeführt:

http://www.trojaner-board.de/151073-...-xp-32bit.html

Als Abweichung wurde ich gefragt:

Select Windows Install

C:\Windwos [XP]
D:\Windows [XP]

Auch wie im Link oben habe ich nur die otl.txt aber keine Extras.txt.
Habe den scan für Beide Auswahlmöglichkeiten ausgeführt:

Für C:\Windwos [XP]

Code:

OTL logfile created on: 11/11/2014 9:43:44 AM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,015.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 80.00% Memory free

903.00 Mb Paging File | 845.00 Mb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97.66 Gb Total Space | 70.31 Gb Free Space | 71.99% Space Free | Partition Type: NTFS

Drive D: | 135.22 Gb Total Space | 122.10 Gb Free Space | 90.29% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2014/11/10 11:18:00 | 000,258,048 | ---- | M] (Microsoft Corporation) [Auto] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\E9011BAD.cpp -- (winmgmt)

SRV - [2014/09/24 23:40:25 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/08/25 04:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2014/08/25 04:41:34 | 001,417,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2014\avgfws.exe -- (avgfws)

SRV - [2014/08/25 04:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2014\avgwdsvc.exe -- (avgwd)

SRV - [2014/04/14 13:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2014/03/11 03:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2007/08/01 08:36:58 | 000,290,816 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand] -- C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand] --  -- (UIUSys)

DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)

DRV - File not found [Kernel | System] --  -- (PCIDump)

DRV - File not found [Kernel | System] --  -- (lbrtfdc)

DRV - File not found [Kernel | System] --  -- (i2omgmt)

DRV - File not found [Kernel | System] --  -- (Changer)

DRV - File not found [Kernel | System] --  -- (98f4)

DRV - [2014/08/06 03:49:48 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2014/07/21 14:03:50 | 000,191,256 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgidsdriverlx.sys -- (AVGIDSDriverl)

DRV - [2014/06/30 05:43:12 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)

DRV - [2014/06/17 09:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2014/06/17 09:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)

DRV - [2014/06/17 09:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2014/05/13 07:17:22 | 000,210,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2014/05/13 07:17:20 | 000,149,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)

DRV - [2014/05/13 07:04:34 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)

DRV - [2012/01/12 12:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2012/01/12 12:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2008/04/14 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2007/06/26 05:53:54 | 000,013,824 | ---- | M] (T-Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tsmpkt.sys -- (TSMPacket)

DRV - [2006/09/12 12:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/08/14 14:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2003/07/17 19:44:24 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto] -- C:\WINDOWS\system32\MLPTDR_N.SYS -- (MLPTDR_N)

DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

DRV - [2000/10/15 11:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\T-Com\DSLCheck\Pcandis5.sys -- (PCANDIS5)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Buero_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

IE - HKU\Buero_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\Buero_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\Buero_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Programme\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

O1 HOSTS File: ([2012/08/13 11:01:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\Buero_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\Buero_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG_UI] C:\Programme\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)

O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)

O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Buero_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285770613933 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 10.55.2)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 10.55.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/29 08:53:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/03/14 02:48:02 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{1f512880-3a51-11e1-aae7-001966581b36}\Shell - "" = AutoRun

O33 - MountPoints2\{1f512880-3a51-11e1-aae7-001966581b36}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1f512880-3a51-11e1-aae7-001966581b36}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (/sync /restart) -  File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2014/11/10 11:18:00 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2014/11/11 02:44:00 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2014/11/11 02:40:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/11/11 02:35:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2014/11/11 02:34:00 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

[2014/11/11 02:33:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/11/10 11:18:00 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp

[2014/11/10 11:18:00 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk

[2014/11/08 12:36:41 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job

[2014/10/30 06:24:45 | 000,229,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2014/10/28 05:37:41 | 000,459,250 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2014/10/28 05:37:41 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2014/10/28 05:37:41 | 000,084,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2014/10/28 05:37:41 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2014/10/22 03:46:53 | 137,377,631 | ---- | M] () -- C:\Dokumente und Einstellungen\Buero\Eigene Dateien\LxOffice20141022_103452.zip

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2014/11/10 11:18:00 | 000,000,575 | ---- | C] () -- C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk

[2014/10/22 03:46:19 | 137,377,631 | ---- | C] () -- C:\Dokumente und Einstellungen\Buero\Eigene Dateien\LxOffice20141022_103452.zip

[2014/01/02 11:04:59 | 000,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2012/02/15 07:09:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2010/11/06 02:24:02 | 000,016,629 | ---- | C] () -- C:\WINDOWS\LxFrame.ini

[2010/11/06 01:58:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/10/01 08:56:32 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010/09/30 04:18:26 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/29 09:37:45 | 000,004,359 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/09/29 09:36:47 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/09/29 09:26:38 | 000,000,233 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2010/09/29 09:21:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll

[2010/09/29 09:19:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2010/09/29 09:19:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/09/29 08:55:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/09/29 08:51:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/08/04 04:37:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter20.dll

[2009/11/17 10:11:26 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll

[2009/11/17 10:09:36 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll

[2009/11/17 10:09:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll

[2009/02/02 14:11:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll

[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 07:00:00 | 000,459,250 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2008/04/14 07:00:00 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 07:00:00 | 000,084,754 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2008/04/14 07:00:00 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/12/12 05:29:50 | 000,017,127 | ---- | C] () -- C:\WINDOWS\MSTMON_N.INI

[2003/06/30 07:13:24 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_N.INI

[2001/12/12 07:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll

[2001/12/12 07:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll

 
 ========== LOP Check ==========

 

[2013/10/04 01:38:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\AVG2014

[2013/10/04 01:40:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\AVG2014

[2010/10/21 12:40:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\Lexware

[2010/10/27 13:38:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\OpenOffice.org

[2011/05/01 03:49:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\T-Online

[2012/08/13 10:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\TeamViewer

[2012/12/11 10:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\TuneUp Software

[2012/08/16 01:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AMMYY

[2013/01/23 02:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG January 2013 Campaign

[2013/02/02 02:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar

[2013/10/04 01:38:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014

[2010/10/21 12:40:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve

[2012/08/15 04:25:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2014/10/15 00:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware

[2014/11/11 02:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2010/10/01 08:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online

[2014/11/11 02:34:00 | 000,000,222 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

[2014/11/08 12:36:41 | 000,000,216 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job

 
 ========== Purity Check ==========

 

 

< End of report >

Für D:\Windows [XP]

Code:

OTL logfile created on: 11/11/2014 9:54:45 AM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1,015.00 Mb Total Physical Memory | 697.00 Mb Available Physical Memory | 69.00% Memory free

903.00 Mb Paging File | 708.00 Mb Available in Paging File | 78.00% Paging File free

Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97.66 Gb Total Space | 70.32 Gb Free Space | 72.00% Space Free | Partition Type: NTFS

Drive D: | 135.22 Gb Total Space | 122.10 Gb Free Space | 90.29% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet003

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand] --  -- (WudfSvc)

SRV - File not found [On_Demand] --  -- (WMPNetworkSvc)

SRV - File not found [Auto] --  -- (UxTuneUp)

SRV - File not found [On_Demand] --  -- (UMWdf)

SRV - File not found [On_Demand] --  -- (TuneUp.Defrag)

SRV - File not found [Auto] --  -- (SLService)

SRV - File not found [Auto] --  -- (RemoteSrv)

SRV - File not found [On_Demand] --  -- (ose)

SRV - File not found [On_Demand] --  -- (odserv)

SRV - File not found [On_Demand] --  -- (Microsoft Office Groove Audit Service)

SRV - File not found [Auto] --  -- (MDM)

SRV - File not found [Auto] --  -- (JavaQuickStarterService)

SRV - File not found [Auto] --  -- (AntiVirWebService)

SRV - File not found [Auto] --  -- (AntiVirService)

SRV - File not found [Auto] --  -- (AntiVirSchedulerService)

SRV - File not found [Auto] --  -- (AntiVirMailService)

SRV - [2008/04/14 07:00:00 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto] -- D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (WudfRd)

DRV - File not found [Kernel | On_Demand] --  -- (WudfPf)

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand] --  -- (V90drv)

DRV - File not found [Kernel | On_Demand] --  -- (USRpdA)

DRV - File not found [Kernel | On_Demand] --  -- (SymEvent)

DRV - File not found [Kernel | System] --  -- (ssmdrv)

DRV - File not found [Kernel | On_Demand] --  -- (SlWdmSup)

DRV - File not found [Kernel | On_Demand] --  -- (SlNtHal)

DRV - File not found [Kernel | On_Demand] --  -- (Slntamr)

DRV - File not found [Kernel | Boot] --  -- (PxHelp20)

DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)

DRV - File not found [Kernel | System] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand] --  -- (NtMtlFax)

DRV - File not found [Kernel | On_Demand] --  -- (Mtlstrm)

DRV - File not found [Kernel | On_Demand] --  -- (Mtlmnt5)

DRV - File not found [Kernel | On_Demand] --  -- (MODEMCSA)

DRV - File not found [Kernel | System] --  -- (lbrtfdc)

DRV - File not found [Kernel | System] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand] --  -- (EraserUtilDrv10741)

DRV - File not found [Kernel | System] --  -- (Changer)

DRV - File not found [Kernel | System] --  -- (avipbb)

DRV - File not found [File_System | Auto] --  -- (avgntflt)

DRV - File not found [Kernel | System] --  -- (avgio)

DRV - [2006/09/12 12:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/08/14 14:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2003/07/17 19:44:24 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto] -- C:\WINDOWS\system32\MLPTDR_N.SYS -- (MLPTDR_N)

DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.winfuture.de

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q = %s

IE - HKU\.DEFAULT\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2014/11/11 09:48:54 | 000,000,000 | ---D | M] (No name found) -- B:\Documents and Settings\Default User\Application Data\Mozilla\Extensions

 

O1 HOSTS File: ([2012/08/13 11:01:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.

O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} -  File not found

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  File not found

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -  File not found

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [avgnt]  File not found

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 1729136739

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 1

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -  File not found

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205481720210 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} -  File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} -  File not found

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -  File not found

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  File not found

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2010/09/29 08:53:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/03/14 02:48:02 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2014/11/10 11:18:00 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2014/11/11 02:44:00 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2014/11/11 02:40:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/11/11 02:35:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2014/11/11 02:34:00 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

[2014/11/11 02:33:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/11/10 11:18:00 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp

[2014/11/08 12:36:41 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job

[2014/10/30 06:24:45 | 000,229,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2014/10/28 05:37:41 | 000,459,250 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2014/10/28 05:37:41 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2014/10/28 05:37:41 | 000,084,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2014/10/28 05:37:41 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2014/01/02 11:04:59 | 000,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2012/02/15 07:09:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2010/11/06 02:24:02 | 000,016,629 | ---- | C] () -- C:\WINDOWS\LxFrame.ini

[2010/11/06 01:58:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/09/29 09:37:45 | 000,004,359 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/09/29 09:36:47 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/09/29 09:26:38 | 000,000,233 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2010/09/29 09:21:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll

[2010/09/29 09:19:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2010/09/29 09:19:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/09/29 08:55:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/09/29 08:51:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/08/04 04:37:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter20.dll

[2009/11/17 10:11:26 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll

[2009/11/17 10:09:36 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll

[2009/11/17 10:09:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll

[2009/02/02 14:11:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll

[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 07:00:00 | 000,459,250 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2008/04/14 07:00:00 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 07:00:00 | 000,084,754 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2008/04/14 07:00:00 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/12/12 05:29:50 | 000,017,127 | ---- | C] () -- C:\WINDOWS\MSTMON_N.INI

[2003/06/30 07:13:24 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_N.INI

[2001/12/12 07:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll

[2001/12/12 07:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll

 
 ========== LOP Check ==========

 

[2013/10/04 01:38:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\AVG2014

[2012/08/16 01:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AMMYY

[2013/01/23 02:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG January 2013 Campaign

[2013/02/02 02:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar

[2013/10/04 01:38:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014

[2010/10/21 12:40:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve

[2012/08/15 04:25:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2014/10/15 00:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware

[2014/11/11 02:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2010/10/01 08:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online

[2014/11/11 02:34:00 | 000,000,222 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

[2014/11/08 12:36:41 | 000,000,216 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job

 
 ========== Purity Check ==========

 

 

< End of report >

Danke für die Mühe die Ihr mit meinem Problem haben werdet

Hallo Jim87

:hallo:

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Hier findest du die Anleitung für Hilfesuchende
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.

Lesestoff:
Windows XP

Auf deinem Rechner läuft noch Windows XP. Microsoft hat dieses Betriebssystem bereits 2001 veröffentlicht und stellt den Support endgültig ab April 2014 ein, d.h. ab Mai 2014 gibt es keine weiteren Updates mehr und danach gefundene Lücken werden nicht mehr durch Updates/Hotfixes geschlossen werden können.

Mit Windows XP nach April 2014 zu surfen wird damit ein großes Sicherheitsrisiko. Du solltest dir jetzt unbedingt Gedanken machen, möglichst schnell auf ein aktuelleres Betriebssystem umzusteigen.

Mach bitte FRST Log:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo Timo

Ich habe Frst in der gebooteten OTLPE Umgebung heruntergeladen und gestartet. Der normale Modus ist nicht moeglich. Auch hier wurde ich gefragt, welches Betreibsystem. Ich wusste bis dahin nicht das auf dem Rechner zweimal Win Xp installiert ist.

Ich habe auch diesmal zwei log files angehaengt. Einmal fuer Laufwerk C und einmal fuer D.

Eine Addition.txt ist bei beiden scans nicht erstellt wurden. Zumindest habe ich diese nicht im selben ordner wie die FRST.txt finden koennen.

C:/

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014

Ran by SYSTEM on REATOGO on 11-11-2014 12:47:05

Running from B:\Documents and Settings\Default User\Desktop

Platform: Microsoft Windows XP (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Recovery
 

The current controlset is ControlSet002
 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16264192 2006-09-12] (Realtek Semiconductor Corp.)

HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)

HKLM\...\Run: [LexwareInfoService] => C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [339240 2008-11-03] (Lexware GmbH & Co. KG)

HKLM\...\Run: [MSC] => C:\Programme\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [AVG_UI] => C:\Programme\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

BootExecute: autocheck autochk *  /sync /restartC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

AlternateShell: 
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 avgfws; C:\Programme\AVG\AVG2014\avgfws.exe [1417160 2014-08-25] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Programme\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

S2 avgwd; C:\Programme\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

S2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)

S2 MsMpSvc; C:\Programme\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S3 TDslMgrService; C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe [290816 2007-08-01] (T-Systems Enterprise Services GmbH)

S2 winmgmt; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp [258048 2014-11-10] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)

S3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)

S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)

S1 AVGIDSDriverl; C:\Windows\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)

S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)

S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)

S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)

S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)

S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)

S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)

S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)

S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)

S2 MLPTDR_N; C:\WINDOWS\system32\MLPTDR_N.SYS [18848 2003-07-17] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-24] (Microsoft Corporation)

S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)

S3 PCANDIS5; C:\Programme\Gemeinsame Dateien\T-Com\DSLCheck\Pcandis5.sys [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA))

S3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

S3 TSMPacket; C:\Windows\System32\DRIVERS\tsmpkt.sys [13824 2007-06-26] (T-Systems)

S1 98f4; \??\C:\WINDOWS\system32\drivers\98f4.sys [X]

S4 IntelIde; No ImagePath

S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-11 12:39 - 2014-11-11 12:40 - 00000000 ____D () C:\FRST

2014-11-11 09:45 - 2014-11-11 09:55 - 00039570 _____ () C:\OTL.Txt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-11 02:57 - 2010-09-29 08:52 - 02083499 _____ () C:\Windows\WindowsUpdate.log

2014-11-11 02:35 - 2008-04-14 07:00 - 00013646 _____ () C:\Windows\System32\wpa.dbl

2014-11-11 01:12 - 2010-09-29 08:56 - 00032564 _____ () C:\Windows\SchedLgU.Txt

2014-10-30 06:24 - 2010-09-29 12:41 - 00229000 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2014-10-28 05:37 - 2010-09-29 09:37 - 01071796 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-10-22 03:35 - 2014-01-17 02:36 - 00126428 _____ () C:\Windows\setupapi.log

2014-10-17 00:30 - 2014-01-16 08:08 - 00000000 ____D () C:\Windows\System32\MRT

2014-10-17 00:28 - 2010-09-29 11:51 - 100290944 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe

[2008-04-14 07:00] - [2008-04-14 07:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e     
 

C:\Windows\System32\winlogon.exe

[2008-04-14 07:00] - [2008-04-14 07:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a     
 

C:\Windows\System32\svchost.exe

[2008-04-14 07:00] - [2008-04-14 07:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366     
 

C:\Windows\System32\services.exe

[2008-04-14 07:00] - [2009-02-09 06:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc     
 

C:\Windows\System32\User32.dll

[2008-04-14 07:00] - [2008-04-14 07:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd     
 

C:\Windows\System32\userinit.exe

[2008-04-14 07:00] - [2008-04-14 07:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106     
 

C:\Windows\System32\rpcss.dll

[2008-04-14 07:00] - [2009-02-09 05:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b     
 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\Windows\System32\Drivers\volsnap.sys

[2008-04-14 07:00] - [2008-04-14 07:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d     
 
 

==================== Restore Points (XP) =====================
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 33%

Total physical RAM: 1015.23 MB

Available physical RAM: 671.36 MB

Total Pagefile: 902.79 MB

Available Pagefile: 684.38 MB

Total Virtual: 2047.88 MB

Available Virtual: 2000.68 MB
 

==================== Drives ================================
 

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.01 GB) NTFS

Drive c: () (Fixed) (Total:97.66 GB) (Free:70.27 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: () (Fixed) (Total:135.22 GB) (Free:122.1 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 78757875)

Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=135.2 GB) - (Type=05)
 

==================== End Of Log ============================

--- --- ---

D:/

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014

Ran by SYSTEM on REATOGO on 11-11-2014 12:52:53

Running from B:\Documents and Settings\Default User\Desktop

Platform: Microsoft Windows XP (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Recovery
 

The current controlset is ControlSet002
 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16264192 2006-09-12] (Realtek Semiconductor Corp.)

HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)

HKLM\...\Run: [LexwareInfoService] => C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [339240 2008-11-03] (Lexware GmbH & Co. KG)

HKLM\...\Run: [MSC] => C:\Programme\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [AVG_UI] => C:\Programme\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

BootExecute: autocheck autochk *  /sync /restartC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

AlternateShell: 
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 avgfws; C:\Programme\AVG\AVG2014\avgfws.exe [1417160 2014-08-25] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Programme\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

S2 avgwd; C:\Programme\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

S2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)

S2 MsMpSvc; C:\Programme\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S3 TDslMgrService; C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe [290816 2007-08-01] (T-Systems Enterprise Services GmbH)

S2 winmgmt; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp [258048 2014-11-10] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)

S3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)

S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)

S1 AVGIDSDriverl; C:\Windows\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)

S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)

S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)

S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)

S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)

S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)

S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)

S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)

S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)

S2 MLPTDR_N; C:\WINDOWS\system32\MLPTDR_N.SYS [18848 2003-07-17] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-24] (Microsoft Corporation)

S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)

S3 PCANDIS5; C:\Programme\Gemeinsame Dateien\T-Com\DSLCheck\Pcandis5.sys [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA))

S3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

S3 TSMPacket; C:\Windows\System32\DRIVERS\tsmpkt.sys [13824 2007-06-26] (T-Systems)

S1 98f4; \??\C:\WINDOWS\system32\drivers\98f4.sys [X]

S4 IntelIde; No ImagePath

S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-11 12:39 - 2014-11-11 12:47 - 00000000 ____D () C:\FRST

2014-11-11 09:45 - 2014-11-11 09:55 - 00039570 _____ () C:\OTL.Txt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-11 02:57 - 2010-09-29 08:52 - 02083499 _____ () C:\Windows\WindowsUpdate.log

2014-11-11 02:35 - 2008-04-14 07:00 - 00013646 _____ () C:\Windows\System32\wpa.dbl

2014-11-11 01:12 - 2010-09-29 08:56 - 00032564 _____ () C:\Windows\SchedLgU.Txt

2014-10-30 06:24 - 2010-09-29 12:41 - 00229000 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2014-10-28 05:37 - 2010-09-29 09:37 - 01071796 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-10-22 03:35 - 2014-01-17 02:36 - 00126428 _____ () C:\Windows\setupapi.log

2014-10-17 00:30 - 2014-01-16 08:08 - 00000000 ____D () C:\Windows\System32\MRT

2014-10-17 00:28 - 2010-09-29 11:51 - 100290944 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe

[2008-04-14 07:00] - [2008-04-14 07:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e     
 

C:\Windows\System32\winlogon.exe

[2008-04-14 07:00] - [2008-04-14 07:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a     
 

C:\Windows\System32\svchost.exe

[2008-04-14 07:00] - [2008-04-14 07:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366     
 

C:\Windows\System32\services.exe

[2008-04-14 07:00] - [2009-02-09 06:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc     
 

C:\Windows\System32\User32.dll

[2008-04-14 07:00] - [2008-04-14 07:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd     
 

C:\Windows\System32\userinit.exe

[2008-04-14 07:00] - [2008-04-14 07:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106     
 

C:\Windows\System32\rpcss.dll

[2008-04-14 07:00] - [2009-02-09 05:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b     
 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\Windows\System32\Drivers\volsnap.sys

[2008-04-14 07:00] - [2008-04-14 07:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d     
 
 

==================== Restore Points (XP) =====================
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 35%

Total physical RAM: 1015.23 MB

Available physical RAM: 653.88 MB

Total Pagefile: 902.79 MB

Available Pagefile: 661.49 MB

Total Virtual: 2047.88 MB

Available Virtual: 2000.68 MB
 

==================== Drives ================================
 

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.01 GB) NTFS

Drive c: () (Fixed) (Total:97.66 GB) (Free:70.27 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: () (Fixed) (Total:135.22 GB) (Free:122.1 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Drive y: () (Fixed) (Total:97.66 GB) (Free:70.27 GB) NTFS ==>[Drive with boot components (Windows XP)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 78757875)

Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=135.2 GB) - (Type=05)
 

==================== End Of Log ============================

--- --- ---

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

S2 winmgmt; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp [258048 2014-11-10] (Microsoft Corporation)

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Danach sollte der Rechner wieder normal starten.

Mach dann bitte im gestarteten XP ein neuen FRST Scan.

Haken setzen bei addition.txt (falls nicht vorhanden) dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Habe fix zweimal ausgeführt einmal für C und einem für D. Beim start in normalen Modus trat das Ausgangsproblem leider wieder auf. Gvu /BKA /Interpol Fenster erschien wieder.

Hier die Beiden Log files:

C:\

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014

Ran by SYSTEM at 2014-11-11 13:26:18 Run:1

Running from B:\Documents and Settings\Default User\Desktop

Boot Mode: Recovery
 

==============================================
 

Content of fixlist:

*****************

S2 winmgmt; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp [258048 2014-11-10] (Microsoft Corporation)

         

*****************
 

winmgmt => Service restored successfully.
 

==== End of Fixlog ====

D:\

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014

Ran by SYSTEM at 2014-11-11 13:30:50 Run:2

Running from B:\Documents and Settings\Default User\Desktop

Boot Mode: Recovery
 

==============================================
 

Content of fixlist:

*****************

S2 winmgmt; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp [258048 2014-11-10] (Microsoft Corporation)
 

*****************
 

winmgmt => Service restored successfully.
 

==== End of Fixlog ====

Was soll ich als nächstest tun?

Hmm, hab ich wohl was übersehen.

Machst du mir nochmal Logs ?

Gern OTL + FRST wenn es kein Aufwand darstellt.

Also auf ein Neues

OTL
fuer C

Code:

OTL logfile created on: 11/11/2014 2:15:54 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,015.00 Mb Total Physical Memory | 806.00 Mb Available Physical Memory | 79.00% Memory free

903.00 Mb Paging File | 843.00 Mb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97.66 Gb Total Space | 70.27 Gb Free Space | 71.96% Space Free | Partition Type: NTFS

Drive D: | 135.22 Gb Total Space | 122.10 Gb Free Space | 90.29% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2014/09/24 23:40:25 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/08/25 04:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2014/08/25 04:41:34 | 001,417,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2014\avgfws.exe -- (avgfws)

SRV - [2014/08/25 04:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2014\avgwdsvc.exe -- (avgwd)

SRV - [2014/04/14 13:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2014/03/11 03:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2007/08/01 08:36:58 | 000,290,816 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand] -- C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand] --  -- (UIUSys)

DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)

DRV - File not found [Kernel | System] --  -- (PCIDump)

DRV - File not found [Kernel | System] --  -- (lbrtfdc)

DRV - File not found [Kernel | System] --  -- (i2omgmt)

DRV - File not found [Kernel | System] --  -- (Changer)

DRV - File not found [Kernel | System] --  -- (98f4)

DRV - [2014/08/06 03:49:48 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2014/07/21 14:03:50 | 000,191,256 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgidsdriverlx.sys -- (AVGIDSDriverl)

DRV - [2014/06/30 05:43:12 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)

DRV - [2014/06/17 09:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2014/06/17 09:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)

DRV - [2014/06/17 09:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2014/05/13 07:17:22 | 000,210,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2014/05/13 07:17:20 | 000,149,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)

DRV - [2014/05/13 07:04:34 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)

DRV - [2012/01/12 12:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2012/01/12 12:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2008/04/14 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2007/06/26 05:53:54 | 000,013,824 | ---- | M] (T-Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tsmpkt.sys -- (TSMPacket)

DRV - [2006/09/12 12:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/08/14 14:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2003/07/17 19:44:24 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto] -- C:\WINDOWS\system32\MLPTDR_N.SYS -- (MLPTDR_N)

DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

DRV - [2000/10/15 11:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\T-Com\DSLCheck\Pcandis5.sys -- (PCANDIS5)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Buero_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

IE - HKU\Buero_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\Buero_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\Buero_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Programme\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

O1 HOSTS File: ([2012/08/13 11:01:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\Buero_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\Buero_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG_UI] C:\Programme\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)

O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)

O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Buero_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285770613933 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 10.55.2)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 10.55.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/29 08:53:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/03/14 02:48:02 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{1f512880-3a51-11e1-aae7-001966581b36}\Shell - "" = AutoRun

O33 - MountPoints2\{1f512880-3a51-11e1-aae7-001966581b36}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1f512880-3a51-11e1-aae7-001966581b36}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (/sync /restart) -  File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2014/11/11 12:39:45 | 000,000,000 | ---D | C] -- C:\FRST

[2014/11/10 11:18:00 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2014/11/11 07:35:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/11/11 07:34:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2014/11/11 07:34:01 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

[2014/11/11 02:44:00 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2014/11/11 02:40:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/11/10 11:18:00 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp

[2014/11/10 11:18:00 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk

[2014/11/08 12:36:41 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job

[2014/10/30 06:24:45 | 000,229,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2014/10/28 05:37:41 | 000,459,250 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2014/10/28 05:37:41 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2014/10/28 05:37:41 | 000,084,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2014/10/28 05:37:41 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2014/10/22 03:46:53 | 137,377,631 | ---- | M] () -- C:\Dokumente und Einstellungen\Buero\Eigene Dateien\LxOffice20141022_103452.zip

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2014/11/10 11:18:00 | 000,000,575 | ---- | C] () -- C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk

[2014/10/22 03:46:19 | 137,377,631 | ---- | C] () -- C:\Dokumente und Einstellungen\Buero\Eigene Dateien\LxOffice20141022_103452.zip

[2014/01/02 11:04:59 | 000,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2012/02/15 07:09:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2010/11/06 02:24:02 | 000,016,629 | ---- | C] () -- C:\WINDOWS\LxFrame.ini

[2010/11/06 01:58:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/10/01 08:56:32 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010/09/30 04:18:26 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/29 09:37:45 | 000,004,359 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/09/29 09:36:47 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/09/29 09:26:38 | 000,000,233 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2010/09/29 09:21:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll

[2010/09/29 09:19:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2010/09/29 09:19:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/09/29 08:55:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/09/29 08:51:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/08/04 04:37:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter20.dll

[2009/11/17 10:11:26 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll

[2009/11/17 10:09:36 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll

[2009/11/17 10:09:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll

[2009/02/02 14:11:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll

[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 07:00:00 | 000,459,250 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2008/04/14 07:00:00 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 07:00:00 | 000,084,754 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2008/04/14 07:00:00 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/12/12 05:29:50 | 000,017,127 | ---- | C] () -- C:\WINDOWS\MSTMON_N.INI

[2003/06/30 07:13:24 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_N.INI

[2001/12/12 07:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll

[2001/12/12 07:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll

 
 ========== LOP Check ==========

 

[2013/10/04 01:38:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\AVG2014

[2013/10/04 01:40:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\AVG2014

[2010/10/21 12:40:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\Lexware

[2010/10/27 13:38:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\OpenOffice.org

[2011/05/01 03:49:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\T-Online

[2012/08/13 10:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\TeamViewer

[2012/12/11 10:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\TuneUp Software

[2012/08/16 01:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AMMYY

[2013/01/23 02:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG January 2013 Campaign

[2013/02/02 02:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar

[2013/10/04 01:38:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014

[2010/10/21 12:40:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve

[2012/08/15 04:25:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2014/10/15 00:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware

[2014/11/11 02:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2010/10/01 08:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online

[2014/11/11 07:34:01 | 000,000,222 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

[2014/11/08 12:36:41 | 000,000,216 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job

 
 ========== Purity Check ==========

 

 

< End of report >

fuer D

Code:

OTL logfile created on: 11/11/2014 2:19:23 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1,015.00 Mb Total Physical Memory | 688.00 Mb Available Physical Memory | 68.00% Memory free

903.00 Mb Paging File | 697.00 Mb Available in Paging File | 77.00% Paging File free

Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97.66 Gb Total Space | 70.28 Gb Free Space | 71.96% Space Free | Partition Type: NTFS

Drive D: | 135.22 Gb Total Space | 122.10 Gb Free Space | 90.29% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet003

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand] --  -- (WudfSvc)

SRV - File not found [On_Demand] --  -- (WMPNetworkSvc)

SRV - File not found [Auto] --  -- (UxTuneUp)

SRV - File not found [On_Demand] --  -- (UMWdf)

SRV - File not found [On_Demand] --  -- (TuneUp.Defrag)

SRV - File not found [Auto] --  -- (SLService)

SRV - File not found [Auto] --  -- (RemoteSrv)

SRV - File not found [On_Demand] --  -- (ose)

SRV - File not found [On_Demand] --  -- (odserv)

SRV - File not found [On_Demand] --  -- (Microsoft Office Groove Audit Service)

SRV - File not found [Auto] --  -- (MDM)

SRV - File not found [Auto] --  -- (JavaQuickStarterService)

SRV - File not found [Auto] --  -- (AntiVirWebService)

SRV - File not found [Auto] --  -- (AntiVirService)

SRV - File not found [Auto] --  -- (AntiVirSchedulerService)

SRV - File not found [Auto] --  -- (AntiVirMailService)

SRV - [2008/04/14 07:00:00 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto] -- D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (WudfRd)

DRV - File not found [Kernel | On_Demand] --  -- (WudfPf)

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand] --  -- (V90drv)

DRV - File not found [Kernel | On_Demand] --  -- (USRpdA)

DRV - File not found [Kernel | On_Demand] --  -- (SymEvent)

DRV - File not found [Kernel | System] --  -- (ssmdrv)

DRV - File not found [Kernel | On_Demand] --  -- (SlWdmSup)

DRV - File not found [Kernel | On_Demand] --  -- (SlNtHal)

DRV - File not found [Kernel | On_Demand] --  -- (Slntamr)

DRV - File not found [Kernel | Boot] --  -- (PxHelp20)

DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)

DRV - File not found [Kernel | System] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand] --  -- (NtMtlFax)

DRV - File not found [Kernel | On_Demand] --  -- (Mtlstrm)

DRV - File not found [Kernel | On_Demand] --  -- (Mtlmnt5)

DRV - File not found [Kernel | On_Demand] --  -- (MODEMCSA)

DRV - File not found [Kernel | System] --  -- (lbrtfdc)

DRV - File not found [Kernel | System] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand] --  -- (EraserUtilDrv10741)

DRV - File not found [Kernel | System] --  -- (Changer)

DRV - File not found [Kernel | System] --  -- (avipbb)

DRV - File not found [File_System | Auto] --  -- (avgntflt)

DRV - File not found [Kernel | System] --  -- (avgio)

DRV - [2006/09/12 12:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/08/14 14:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2003/07/17 19:44:24 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto] -- C:\WINDOWS\system32\MLPTDR_N.SYS -- (MLPTDR_N)

DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.winfuture.de

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q = %s

IE - HKU\.DEFAULT\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2014/11/11 14:16:27 | 000,000,000 | ---D | M] (No name found) -- B:\Documents and Settings\Default User\Application Data\Mozilla\Extensions

 

O1 HOSTS File: ([2012/08/13 11:01:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.

O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} -  File not found

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  File not found

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -  File not found

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [avgnt]  File not found

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 1729136739

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 1

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -  File not found

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205481720210 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} -  File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} -  File not found

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -  File not found

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  File not found

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2010/09/29 08:53:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/03/14 02:48:02 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2014/11/11 12:39:45 | 000,000,000 | ---D | C] -- C:\FRST

[2014/11/10 11:18:00 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2014/11/11 07:35:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/11/11 07:34:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2014/11/11 07:34:01 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

[2014/11/11 02:44:00 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2014/11/11 02:40:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/11/10 11:18:00 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp

[2014/11/08 12:36:41 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job

[2014/10/30 06:24:45 | 000,229,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2014/10/28 05:37:41 | 000,459,250 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2014/10/28 05:37:41 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2014/10/28 05:37:41 | 000,084,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2014/10/28 05:37:41 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2014/01/02 11:04:59 | 000,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2012/02/15 07:09:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2010/11/06 02:24:02 | 000,016,629 | ---- | C] () -- C:\WINDOWS\LxFrame.ini

[2010/11/06 01:58:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/09/29 09:37:45 | 000,004,359 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/09/29 09:36:47 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/09/29 09:26:38 | 000,000,233 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2010/09/29 09:21:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll

[2010/09/29 09:19:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2010/09/29 09:19:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/09/29 08:55:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/09/29 08:51:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/08/04 04:37:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter20.dll

[2009/11/17 10:11:26 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll

[2009/11/17 10:09:36 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll

[2009/11/17 10:09:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll

[2009/02/02 14:11:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll

[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 07:00:00 | 000,459,250 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2008/04/14 07:00:00 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 07:00:00 | 000,084,754 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2008/04/14 07:00:00 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/12/12 05:29:50 | 000,017,127 | ---- | C] () -- C:\WINDOWS\MSTMON_N.INI

[2003/06/30 07:13:24 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_N.INI

[2001/12/12 07:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll

[2001/12/12 07:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll

 
 ========== LOP Check ==========

 

[2013/10/04 01:38:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\AVG2014

[2012/08/16 01:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AMMYY

[2013/01/23 02:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG January 2013 Campaign

[2013/02/02 02:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar

[2013/10/04 01:38:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014

[2010/10/21 12:40:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve

[2012/08/15 04:25:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2014/10/15 00:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware

[2014/11/11 02:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2010/10/01 08:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online

[2014/11/11 07:34:01 | 000,000,222 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

[2014/11/08 12:36:41 | 000,000,216 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job

 
 ========== Purity Check ==========

 

 

< End of report >

FRST

fuer C

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014

Ran by SYSTEM on REATOGO on 11-11-2014 14:21:45

Running from B:\Documents and Settings\Default User\Desktop

Platform: Microsoft Windows XP (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Recovery
 

The current controlset is ControlSet002
 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16264192 2006-09-12] (Realtek Semiconductor Corp.)

HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)

HKLM\...\Run: [LexwareInfoService] => C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [339240 2008-11-03] (Lexware GmbH & Co. KG)

HKLM\...\Run: [MSC] => C:\Programme\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [AVG_UI] => C:\Programme\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

BootExecute: autocheck autochk *  /sync /restartC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

AlternateShell: 
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 avgfws; C:\Programme\AVG\AVG2014\avgfws.exe [1417160 2014-08-25] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Programme\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

S2 avgwd; C:\Programme\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

S2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)

S2 MsMpSvc; C:\Programme\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S3 TDslMgrService; C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe [290816 2007-08-01] (T-Systems Enterprise Services GmbH)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)

S3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)

S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)

S1 AVGIDSDriverl; C:\Windows\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)

S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)

S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)

S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)

S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)

S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)

S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)

S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)

S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)

S2 MLPTDR_N; C:\WINDOWS\system32\MLPTDR_N.SYS [18848 2003-07-17] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-24] (Microsoft Corporation)

S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)

S3 PCANDIS5; C:\Programme\Gemeinsame Dateien\T-Com\DSLCheck\Pcandis5.sys [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA))

S3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

S3 TSMPacket; C:\Windows\System32\DRIVERS\tsmpkt.sys [13824 2007-06-26] (T-Systems)

S1 98f4; \??\C:\WINDOWS\system32\drivers\98f4.sys [X]

S4 IntelIde; No ImagePath

S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-11 12:39 - 2014-11-11 13:30 - 00000000 ____D () C:\FRST

2014-11-11 09:45 - 2014-11-11 14:20 - 00039688 _____ () C:\OTL.Txt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-11 07:35 - 2010-09-29 08:56 - 00032564 _____ () C:\Windows\SchedLgU.Txt

2014-11-11 07:35 - 2010-09-29 08:52 - 02096378 _____ () C:\Windows\WindowsUpdate.log

2014-11-11 07:34 - 2008-04-14 07:00 - 00013646 _____ () C:\Windows\System32\wpa.dbl

2014-10-30 06:24 - 2010-09-29 12:41 - 00229000 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2014-10-28 05:37 - 2010-09-29 09:37 - 01071796 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-10-22 03:35 - 2014-01-17 02:36 - 00126428 _____ () C:\Windows\setupapi.log

2014-10-17 00:30 - 2014-01-16 08:08 - 00000000 ____D () C:\Windows\System32\MRT

2014-10-17 00:28 - 2010-09-29 11:51 - 100290944 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe

[2008-04-14 07:00] - [2008-04-14 07:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e     
 

C:\Windows\System32\winlogon.exe

[2008-04-14 07:00] - [2008-04-14 07:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a     
 

C:\Windows\System32\svchost.exe

[2008-04-14 07:00] - [2008-04-14 07:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366     
 

C:\Windows\System32\services.exe

[2008-04-14 07:00] - [2009-02-09 06:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc     
 

C:\Windows\System32\User32.dll

[2008-04-14 07:00] - [2008-04-14 07:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd     
 

C:\Windows\System32\userinit.exe

[2008-04-14 07:00] - [2008-04-14 07:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106     
 

C:\Windows\System32\rpcss.dll

[2008-04-14 07:00] - [2009-02-09 05:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b     
 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\Windows\System32\Drivers\volsnap.sys

[2008-04-14 07:00] - [2008-04-14 07:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d     
 
 

==================== Restore Points (XP) =====================
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 33%

Total physical RAM: 1015.23 MB

Available physical RAM: 675.05 MB

Total Pagefile: 902.79 MB

Available Pagefile: 686.41 MB

Total Virtual: 2047.88 MB

Available Virtual: 2000.68 MB
 

==================== Drives ================================
 

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.01 GB) NTFS

Drive c: () (Fixed) (Total:97.66 GB) (Free:70.28 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: () (Fixed) (Total:135.22 GB) (Free:122.1 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 78757875)

Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=135.2 GB) - (Type=05)
 

==================== End Of Log ============================

--- --- ---

fuer D

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014

Ran by SYSTEM on REATOGO on 11-11-2014 14:23:19

Running from B:\Documents and Settings\Default User\Desktop

Platform: Microsoft Windows XP (X86) OS Language: English (United States)

Internet Explorer Version 6

Boot Mode: Recovery
 

The current controlset is ControlSet003
 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [SkyTel] => C:\Windows\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)

HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [282792 2010-03-02] (Avira GmbH)

HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16264192 2006-09-12] (Realtek Semiconductor Corp.)

HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [86016 2006-07-21] (Realtek Semiconductor Corp.)

HKLM\...\Run: [AlcWzrd] => C:\Windows\ALCWZRD.EXE [2808832 2006-05-04] (RealTek Semicoductor Corp.)

HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)

HKLM\...\Run: [SRFirstRun] => rundll32 srclient.dll,CreateFirstRunRp

HKLM\...\Policies\Explorer: [NoSharedDocuments] 1

HKLM\...\Policies\Explorer: [NoAutoTrayNotify] 1

HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 1
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 AntiVirMailService; C:\Programme\Avira\AntiVir Desktop\avmailc.exe [337064 2010-03-30] (Avira GmbH)

S2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [135336 2010-02-24] (Avira GmbH)

S2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [267432 2010-04-01] (Avira GmbH)

S2 AntiVirWebService; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [405672 2010-04-01] (Avira GmbH)

S2 JavaQuickStarterService; C:\Programme\Java\jre6\bin\jqs.exe [153376 2010-07-26] (Sun Microsystems, Inc.)

S2 MDM; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation)

S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-26] (Microsoft Corporation)

S3 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)

S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)

S2 SLService; C:\Windows\system32\slserv.exe [45056 2001-11-29] ( )

S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [306432 2008-03-14] (TuneUp Software GmbH)

S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)

S2 RemoteSrv; C:\WINDOWS\system32\vhwjti.dll [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S1 avgio; C:\Programme\Avira\AntiVir Desktop\avgio.sys [11608 2009-05-11] (Avira GmbH)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [60936 2010-02-16] (Avira GmbH)

S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [124784 2010-03-01] (Avira GmbH)

S1 Changer; C:\Windows\System32\Drivers\Changer.sys [8192 2008-04-14] (Microsoft Corporation)

S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)

S2 MLPTDR_N; C:\WINDOWS\system32\MLPTDR_N.SYS [18848 2003-07-18] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)

S3 Mtlmnt5; C:\Windows\System32\DRIVERS\Mtlmnt5.sys [172708 2001-11-29] ()

S3 Mtlstrm; C:\Windows\System32\DRIVERS\Mtlstrm.sys [2383460 2001-11-29] ()

S3 NtMtlFax; C:\Windows\System32\DRIVERS\NtMtlFax.sys [607732 2001-11-29] ()

S3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

S3 Slntamr; C:\Windows\System32\DRIVERS\slntamr.sys [220432 2002-01-29] ( )

S3 SlNtHal; C:\Windows\System32\DRIVERS\Slnthal.sys [175160 2001-11-29] ( )

S3 SlWdmSup; C:\Windows\System32\DRIVERS\SlWdmSup.sys [33028 2001-11-29] (Vireo Software)

S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)

S3 SymEvent; C:\Programme\Symantec\SYMEVENT.SYS [123200 2005-04-01] (Symantec Corporation)

S3 USRpdA; C:\Windows\System32\DRIVERS\USRpdA.sys [113762 2001-08-17] (U.S. Robotics Corporation)

S3 V90drv; C:\Windows\System32\DRIVERS\v90drv.sys [1432836 2001-11-29] ( )

S3 EraserUtilDrv10741; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [X]

S4 IntelIde; No ImagePath

S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-11 14:23 - 2014-11-11 14:23 - 00000000 ____D () C:\FRST
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe

[2010-09-30 04:56] - [2008-04-14 07:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e     
 

C:\Windows\System32\winlogon.exe

[2010-09-30 04:59] - [2008-04-14 07:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a     
 

C:\Windows\System32\svchost.exe

[2010-09-30 04:59] - [2008-04-14 07:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366     
 

C:\Windows\System32\services.exe

[2010-09-30 04:59] - [2008-04-14 07:00] - 0109056 ____A (Microsoft Corporation) 4bb6a83640f1d1792ad21ce767b621c6     
 

C:\Windows\System32\User32.dll

[2010-09-30 04:59] - [2008-04-14 07:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd     
 

C:\Windows\System32\userinit.exe

[2010-09-30 04:59] - [2008-04-14 07:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106     
 

C:\Windows\System32\rpcss.dll

[2010-09-30 04:59] - [2008-04-14 07:00] - 0399360 ____A (Microsoft Corporation) e970c2296916bf4a2f958680016fe312     
 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\Windows\System32\Drivers\volsnap.sys

[2010-09-30 05:01] - [2008-04-14 07:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d     
 
 

==================== Restore Points (XP) =====================
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 30%

Total physical RAM: 1015.23 MB

Available physical RAM: 706.75 MB

Total Pagefile: 902.79 MB

Available Pagefile: 708.71 MB

Total Virtual: 2047.88 MB

Available Virtual: 2000.68 MB
 

==================== Drives ================================
 

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.01 GB) NTFS

Drive c: () (Fixed) (Total:135.22 GB) (Free:122.06 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Drive y: () (Fixed) (Total:97.66 GB) (Free:70.28 GB) NTFS ==>[Drive with boot components (Windows XP)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 78757875)

Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=135.2 GB) - (Type=05)
 

==================== End Of Log ============================

--- --- ---

wenn ich bei der Betriebssystemauswahl zweimal nein gewaehlt habe

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014

Ran by SYSTEM on REATOGO on 11-11-2014 14:24:38

Running from B:\Documents and Settings\Default User\Desktop

Platform: Microsoft Windows XP (X86) OS Language: English (United States)

Internet Explorer Version 6

Boot Mode: Recovery
 

The current controlset is ControlSet003
 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [SkyTel] => C:\Windows\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)

HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [282792 2010-03-02] (Avira GmbH)

HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16264192 2006-09-12] (Realtek Semiconductor Corp.)

HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [86016 2006-07-21] (Realtek Semiconductor Corp.)

HKLM\...\Run: [AlcWzrd] => C:\Windows\ALCWZRD.EXE [2808832 2006-05-04] (RealTek Semicoductor Corp.)

HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)

HKLM\...\Run: [SRFirstRun] => rundll32 srclient.dll,CreateFirstRunRp

HKLM\...\Policies\Explorer: [NoSharedDocuments] 1

HKLM\...\Policies\Explorer: [NoAutoTrayNotify] 1

HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 1
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 AntiVirMailService; C:\Programme\Avira\AntiVir Desktop\avmailc.exe [337064 2010-03-30] (Avira GmbH)

S2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [135336 2010-02-24] (Avira GmbH)

S2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [267432 2010-04-01] (Avira GmbH)

S2 AntiVirWebService; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [405672 2010-04-01] (Avira GmbH)

S2 JavaQuickStarterService; C:\Programme\Java\jre6\bin\jqs.exe [153376 2010-07-26] (Sun Microsystems, Inc.)

S2 MDM; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation)

S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-26] (Microsoft Corporation)

S3 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)

S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)

S2 SLService; C:\Windows\system32\slserv.exe [45056 2001-11-29] ( )

S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [306432 2008-03-14] (TuneUp Software GmbH)

S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)

S2 RemoteSrv; C:\WINDOWS\system32\vhwjti.dll [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S1 avgio; C:\Programme\Avira\AntiVir Desktop\avgio.sys [11608 2009-05-11] (Avira GmbH)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [60936 2010-02-16] (Avira GmbH)

S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [124784 2010-03-01] (Avira GmbH)

S1 Changer; C:\Windows\System32\Drivers\Changer.sys [8192 2008-04-14] (Microsoft Corporation)

S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)

S2 MLPTDR_N; C:\WINDOWS\system32\MLPTDR_N.SYS [18848 2003-07-18] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)

S3 Mtlmnt5; C:\Windows\System32\DRIVERS\Mtlmnt5.sys [172708 2001-11-29] ()

S3 Mtlstrm; C:\Windows\System32\DRIVERS\Mtlstrm.sys [2383460 2001-11-29] ()

S3 NtMtlFax; C:\Windows\System32\DRIVERS\NtMtlFax.sys [607732 2001-11-29] ()

S3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

S3 Slntamr; C:\Windows\System32\DRIVERS\slntamr.sys [220432 2002-01-29] ( )

S3 SlNtHal; C:\Windows\System32\DRIVERS\Slnthal.sys [175160 2001-11-29] ( )

S3 SlWdmSup; C:\Windows\System32\DRIVERS\SlWdmSup.sys [33028 2001-11-29] (Vireo Software)

S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)

S3 SymEvent; C:\Programme\Symantec\SYMEVENT.SYS [123200 2005-04-01] (Symantec Corporation)

S3 USRpdA; C:\Windows\System32\DRIVERS\USRpdA.sys [113762 2001-08-17] (U.S. Robotics Corporation)

S3 V90drv; C:\Windows\System32\DRIVERS\v90drv.sys [1432836 2001-11-29] ( )

S3 EraserUtilDrv10741; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [X]

S4 IntelIde; No ImagePath

S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-11 14:23 - 2014-11-11 14:24 - 00000000 ____D () C:\FRST
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe

[2010-09-30 04:56] - [2008-04-14 07:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e     
 

C:\Windows\System32\winlogon.exe

[2010-09-30 04:59] - [2008-04-14 07:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a     
 

C:\Windows\System32\svchost.exe

[2010-09-30 04:59] - [2008-04-14 07:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366     
 

C:\Windows\System32\services.exe

[2010-09-30 04:59] - [2008-04-14 07:00] - 0109056 ____A (Microsoft Corporation) 4bb6a83640f1d1792ad21ce767b621c6     
 

C:\Windows\System32\User32.dll

[2010-09-30 04:59] - [2008-04-14 07:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd     
 

C:\Windows\System32\userinit.exe

[2010-09-30 04:59] - [2008-04-14 07:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106     
 

C:\Windows\System32\rpcss.dll

[2010-09-30 04:59] - [2008-04-14 07:00] - 0399360 ____A (Microsoft Corporation) e970c2296916bf4a2f958680016fe312     
 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\Windows\System32\Drivers\volsnap.sys

[2010-09-30 05:01] - [2008-04-14 07:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d     
 
 

==================== Restore Points (XP) =====================
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 30%

Total physical RAM: 1015.23 MB

Available physical RAM: 706.5 MB

Total Pagefile: 902.79 MB

Available Pagefile: 708.44 MB

Total Virtual: 2047.88 MB

Available Virtual: 2000.68 MB
 

==================== Drives ================================
 

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.01 GB) NTFS

Drive c: () (Fixed) (Total:135.22 GB) (Free:122.06 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Drive y: () (Fixed) (Total:97.66 GB) (Free:70.28 GB) NTFS ==>[Drive with boot components (Windows XP)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 78757875)

Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=135.2 GB) - (Type=05)
 

==================== End Of Log ============================

--- --- ---

Ich hoffe du findest etwas. Danke Dir

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

cmd: type C:\WINDOWS\wininit.ini

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Hier das Log file

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014

Ran by SYSTEM at 2014-11-11 16:08:54 Run:1

Running from B:\Documents and Settings\Default User\Desktop

Boot Mode: Recovery
 

==============================================
 

Content of fixlist:

*****************

cmd: type C:\WINDOWS\wininit.ini

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp
 

*****************
 
 

=========  type C:\WINDOWS\wininit.ini =========
 

The system cannot find the file specified.
 

========= End of CMD: =========
 

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp" => File/Directory not found.
 

==== End of Fixlog ====

Komisch, beide Dateien sind im Log gelistet aber scheinbar nicht da.

Hat sich irgendwas geändert ?
Du warst weiterhin im OTLPE System ?

Ich bin und war im OTLPE System. Ich habe es seid den letzten erstellten Logfiles nicht verändert. (einfach laufen gelassen, nicht mal neu gestartet).

Nochmal Logfiles erstellen?

Verstehe nicht, wieso im Log die Dateien waren aber der Fix nichts gefunden hat.

Das ist jetzt nicht so professionell, aber kannst du im OTLPE unter "My Computer" schauen, ob du dort manuell die Datei C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E9011BAD.cpp finden kannst ?

Falls ja, versuch mal zu löschen.

Habe die Datei unter dem Pfad geloescht.

Vielleicht liess sich die Datei deshalb nicht loeschen, weil im uebergeordneten Ordner (C:\Dokumente und Einstellungen\All Users) der Ordner Anwendungsdaten als Application Data bezeichnet wird.

Danach habe ich OTL nochmal laufen lassen.

Code:

OTL logfile created on: 11/11/2014 5:18:44 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,015.00 Mb Total Physical Memory | 717.00 Mb Available Physical Memory | 71.00% Memory free

903.00 Mb Paging File | 737.00 Mb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97.66 Gb Total Space | 70.27 Gb Free Space | 71.96% Space Free | Partition Type: NTFS

Drive D: | 135.22 Gb Total Space | 122.06 Gb Free Space | 90.27% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2014/09/24 23:40:25 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/08/25 04:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2014/08/25 04:41:34 | 001,417,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2014\avgfws.exe -- (avgfws)

SRV - [2014/08/25 04:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2014\avgwdsvc.exe -- (avgwd)

SRV - [2014/04/14 13:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2014/03/11 03:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2007/08/01 08:36:58 | 000,290,816 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand] -- C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand] --  -- (UIUSys)

DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)

DRV - File not found [Kernel | System] --  -- (PCIDump)

DRV - File not found [Kernel | System] --  -- (lbrtfdc)

DRV - File not found [Kernel | System] --  -- (i2omgmt)

DRV - File not found [Kernel | System] --  -- (Changer)

DRV - File not found [Kernel | System] --  -- (98f4)

DRV - [2014/08/06 03:49:48 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2014/07/21 14:03:50 | 000,191,256 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgidsdriverlx.sys -- (AVGIDSDriverl)

DRV - [2014/06/30 05:43:12 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)

DRV - [2014/06/17 09:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2014/06/17 09:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)

DRV - [2014/06/17 09:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2014/05/13 07:17:22 | 000,210,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2014/05/13 07:17:20 | 000,149,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)

DRV - [2014/05/13 07:04:34 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)

DRV - [2012/01/12 12:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2012/01/12 12:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2008/04/14 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2007/06/26 05:53:54 | 000,013,824 | ---- | M] (T-Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tsmpkt.sys -- (TSMPacket)

DRV - [2006/09/12 12:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/08/14 14:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2003/07/17 19:44:24 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto] -- C:\WINDOWS\system32\MLPTDR_N.SYS -- (MLPTDR_N)

DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

DRV - [2000/10/15 11:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\T-Com\DSLCheck\Pcandis5.sys -- (PCANDIS5)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Buero_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

IE - HKU\Buero_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\Buero_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\Buero_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Programme\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

O1 HOSTS File: ([2012/08/13 11:01:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\Buero_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\Buero_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG_UI] C:\Programme\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)

O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)

O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Buero_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285770613933 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 10.55.2)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 10.55.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/29 08:53:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/03/14 02:48:02 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{1f512880-3a51-11e1-aae7-001966581b36}\Shell - "" = AutoRun

O33 - MountPoints2\{1f512880-3a51-11e1-aae7-001966581b36}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1f512880-3a51-11e1-aae7-001966581b36}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (/sync /restart) -  File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2014/11/11 12:39:45 | 000,000,000 | ---D | C] -- C:\FRST

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2014/11/11 11:01:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2014/11/11 11:01:02 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

[2014/11/11 11:00:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/11/11 02:44:00 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2014/11/11 02:40:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/11/10 11:18:00 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk

[2014/11/08 12:36:41 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job

[2014/10/30 06:24:45 | 000,229,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2014/10/28 05:37:41 | 000,459,250 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2014/10/28 05:37:41 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2014/10/28 05:37:41 | 000,084,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2014/10/28 05:37:41 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2014/10/22 03:46:53 | 137,377,631 | ---- | M] () -- C:\Dokumente und Einstellungen\Buero\Eigene Dateien\LxOffice20141022_103452.zip

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2014/11/10 11:18:00 | 000,000,575 | ---- | C] () -- C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk

[2014/10/22 03:46:19 | 137,377,631 | ---- | C] () -- C:\Dokumente und Einstellungen\Buero\Eigene Dateien\LxOffice20141022_103452.zip

[2014/01/02 11:04:59 | 000,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2012/02/15 07:09:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2010/11/06 02:24:02 | 000,016,629 | ---- | C] () -- C:\WINDOWS\LxFrame.ini

[2010/11/06 01:58:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/10/01 08:56:32 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010/09/30 04:18:26 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/29 09:37:45 | 000,004,359 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/09/29 09:36:47 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/09/29 09:26:38 | 000,000,233 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2010/09/29 09:21:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll

[2010/09/29 09:19:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2010/09/29 09:19:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/09/29 08:55:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/09/29 08:51:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/08/04 04:37:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter20.dll

[2009/11/17 10:11:26 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll

[2009/11/17 10:09:36 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll

[2009/11/17 10:09:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll

[2009/02/02 14:11:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll

[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 07:00:00 | 000,459,250 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2008/04/14 07:00:00 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 07:00:00 | 000,084,754 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2008/04/14 07:00:00 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/12/12 05:29:50 | 000,017,127 | ---- | C] () -- C:\WINDOWS\MSTMON_N.INI

[2003/06/30 07:13:24 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_N.INI

[2001/12/12 07:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll

[2001/12/12 07:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll

 
 ========== LOP Check ==========

 

[2013/10/04 01:38:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\AVG2014

[2013/10/04 01:40:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\AVG2014

[2010/10/21 12:40:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\Lexware

[2010/10/27 13:38:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\OpenOffice.org

[2011/05/01 03:49:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\T-Online

[2012/08/13 10:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\TeamViewer

[2012/12/11 10:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Buero\Anwendungsdaten\TuneUp Software

[2012/08/16 01:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AMMYY

[2013/01/23 02:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG January 2013 Campaign

[2013/02/02 02:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar

[2013/10/04 01:38:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014

[2010/10/21 12:40:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve

[2012/08/15 04:25:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2014/10/15 00:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware

[2014/11/11 02:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2010/10/01 08:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online

[2014/11/11 11:01:02 | 000,000,222 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

[2014/11/08 12:36:41 | 000,000,216 | ---- | M] () -- C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job

 
 ========== Purity Check ==========

 

 

< End of report >

Werde den Rechner jetzt Neustarten und schauen ob sich was getan hat.

Sehr gut. :singsing:

Rechner ließ sich wieder im normalen Modus starten ohne das dieses Fenster erschien.

Es erschien ein Fenster (Name: RUNDLL)

Fehler beim Laden von C:\Dokume~\alluse~1\anwend~1\E9011BAD.cpp

Das angegebene Modul wurde nicht gefunden

Soll ich dieses Fenster mit ok bestätigen?

Ich vermute das jetzt wieder FRST.exe heruntergeladen werden soll?

First.txt im normalen Modus

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014

Ran by Buero (administrator) on BUERO-90A3578F1 on 11-11-2014 17:35:01

Running from C:\Dokumente und Einstellungen\Buero\Desktop

Loaded Profile: Buero (Available profiles: Buero)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgcsrvx.exe

(Microsoft Corporation) C:\Programme\Microsoft Security Client\MsMpEng.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe

(Microsoft Corporation) C:\Programme\Microsoft Security Client\msseces.exe

(AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgui.exe

(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe

(AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgwdsvc.exe

(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe

(AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgcsrvx.exe

(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe

(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe

(Microsoft Corporation) C:\Programme\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16264192 2006-09-12] (Realtek Semiconductor Corp.)

HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)

HKLM\...\Run: [LexwareInfoService] => C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [339240 2008-11-03] (Lexware GmbH & Co. KG)

HKLM\...\Run: [MSC] => C:\Programme\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [AVG_UI] => C:\Programme\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKU\S-1-5-21-682003330-1482476501-1417001333-1003\...\MountPoints2: {1f512880-3a51-11e1-aae7-001966581b36} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html

HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)

Startup: C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk

ShortcutTarget: program.lnk -> C:\DOKUME~1\ALLUSE~1\ANWEND~1\E9011BAD.cpp (No File)

Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> C:\Programme\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

BootExecute: autocheck autochk *  /sync /restartC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

AlternateShell: 
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285770613933

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-06]
 

Chrome: 

=======
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avgfws; C:\Programme\AVG\AVG2014\avgfws.exe [1417160 2014-08-25] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Programme\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Programme\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)

R2 MsMpSvc; C:\Programme\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S3 TDslMgrService; C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe [290816 2007-08-01] (T-Systems Enterprise Services GmbH) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)

R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)

S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)

R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)

R2 MLPTDR_N; C:\WINDOWS\system32\MLPTDR_N.SYS [18848 2003-07-18] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)

R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)

S3 PCANDIS5; C:\Programme\Gemeinsame Dateien\T-Com\DSLCheck\Pcandis5.sys [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

R3 TSMPacket; C:\WINDOWS\System32\DRIVERS\tsmpkt.sys [13824 2007-06-26] (T-Systems) [File not signed]

S1 98f4; \??\C:\WINDOWS\system32\drivers\98f4.sys [X]

S4 IntelIde; No ImagePath

S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-11 18:39 - 2014-11-11 17:35 - 00000000 ____D () C:\FRST

2014-11-11 17:35 - 2014-11-11 17:35 - 00010868 _____ () C:\Dokumente und Einstellungen\Buero\Desktop\FRST.txt

2014-11-11 17:34 - 2014-11-11 17:34 - 01107968 _____ (Farbar) C:\Dokumente und Einstellungen\Buero\Desktop\FRST.exe

2014-11-11 15:45 - 2014-11-11 23:20 - 00043346 _____ () C:\OTL.Txt

2014-10-22 09:46 - 2014-10-22 09:46 - 137377631 _____ () C:\Dokumente und Einstellungen\Buero\Eigene Dateien\LxOffice20141022_103452.zip
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-11 17:35 - 2012-08-16 08:27 - 00000000 ____D () C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp

2014-11-11 17:34 - 2014-04-04 06:14 - 00000386 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

2014-11-11 17:34 - 2010-09-29 14:56 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temp

2014-11-11 17:34 - 2010-09-29 14:52 - 01067101 _____ () C:\WINDOWS\WindowsUpdate.log

2014-11-11 17:32 - 2012-08-15 10:25 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

2014-11-11 17:24 - 2014-03-28 06:50 - 00000222 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

2014-11-11 17:24 - 2010-09-29 14:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-11-11 17:24 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl

2014-11-11 13:35 - 2010-09-29 14:56 - 00032564 _____ () C:\WINDOWS\SchedLgU.Txt

2014-11-11 13:35 - 2010-09-29 14:56 - 00000190 ___SH () C:\Dokumente und Einstellungen\Buero\ntuser.ini

2014-11-11 13:35 - 2010-09-29 14:56 - 00000000 ____D () C:\Dokumente und Einstellungen\Buero

2014-11-11 08:40 - 2014-01-12 16:58 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-11-10 17:18 - 2010-09-29 14:56 - 00000000 ___RD () C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart

2014-11-08 18:36 - 2014-03-28 06:50 - 00000216 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job

2014-10-30 12:24 - 2010-09-29 18:41 - 00229000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2014-10-28 11:37 - 2010-09-29 15:37 - 01071796 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-10-22 09:35 - 2014-01-17 08:36 - 00126428 _____ () C:\WINDOWS\setupapi.log

2014-10-17 06:30 - 2014-01-16 14:08 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-10-17 06:28 - 2010-09-29 17:51 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-10-15 06:16 - 2010-10-21 18:26 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
 

Some content of TEMP:

====================

C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp\cjUj.dll

C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp\jre-7u45-windows-i586-iftw.exe

C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp\jre-7u55-windows-i586-iftw.exe

C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp\speedupmypc.exe

C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp\_isB.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014

Ran by Buero at 2014-11-11 17:35:53

Running from C:\Dokumente und Einstellungen\Buero\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader X (10.1.3) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)

AVG 2014 (Version: 14.0.4189 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden

Datenaktualisierung (Version: 1.00.00.0004 - Haufe-Lexware GmbH & Co. KG) Hidden

DSL-Manager (HKLM\...\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}) (Version:  - )

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )

Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)

Java(TM) 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)

KONICA MINOLTA PagePro 1300W (HKLM\...\KONICA MINOLTA PagePro 1300W) (Version:  - )

Lexware Elster (HKLM\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG)

Lexware financial office pro 2009 (HKLM\...\{64B5EEC8-A7DF-46AE-9EF2-7B4B9A82E523}) (Version: 9.00.00.0040 - Lexware)

Lexware financial office pro 2009 (Version: 9.00.00.0040 - Lexware) Hidden

Lexware financial office pro Aktualisierung Mai 2009, Version 9.50 (HKLM\...\{C3210264-F6CF-4755-A51A-F5B885331CEC}) (Version: 9.30.00.0009 - Lexware)

Lexware financial office pro Aktualisierung Mai 2009, Version 9.50 (Version: 9.30.00.0009 - Lexware) Hidden

Lexware Info Service (HKLM\...\{59624372-3B85-47f4-9B04-4911E551DF1E}) (Version: 2.61.00.0033 - Lexware GmbH & Co. KG)

Lexware lohn+gehalt pro Aktualisierung Juli 2009 (HKLM\...\{D010EDE5-D78E-48B6-A67B-89FDA022B3C7}) (Version: 9.60.00.0028 - Lexware)

Lexware lohn+gehalt pro Aktualisierung Juli 2009 (Version: 9.60.00.0028 - Lexware) Hidden

Lexware online banking (HKLM\...\{B71CD243-6DC4-4579-BB0B-EC91926E1B75}) (Version: 7.00.00.0043 - Lexware GmbH & Co. KG)

Lexware Sepa Check (Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden

Lexware warenwirtschaft pro Servicepack Systemdatum 2009 (HKLM\...\{2E290305-56EB-4F91-A7A4-8EB9C6AAA0C3}) (Version: 9.21.00.0004 - Lexware)

Lexware warenwirtschaft pro Servicepack Systemdatum 2009 (Version: 9.21.00.0004 - Lexware) Hidden

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)

Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

OpenOffice.org 3.2 (HKLM\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)

REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.00.0000 - Realtek)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5296 - Realtek Semiconductor Corp.)

Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden

Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461) (HKLM\...\KB2183461-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131) (HKLM\...\KB2360131-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400) (HKLM\...\KB2416400-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017) (HKLM\...\KB2482017-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640) (HKLM\...\KB2497640-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548) (HKLM\...\KB2530548-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2559049) (HKLM\...\KB2559049-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2586448) (HKLM\...\KB2586448-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2647516) (HKLM\...\KB2647516-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2675157) (HKLM\...\KB2675157-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2699988) (HKLM\...\KB2699988-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2722913) (HKLM\...\KB2722913-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2761465) (HKLM\...\KB2761465-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2792100) (HKLM\...\KB2792100-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2797052) (HKLM\...\KB2797052-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2799329) (HKLM\...\KB2799329-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2809289) (HKLM\...\KB2809289-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2817183) (HKLM\...\KB2817183-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) (HKLM\...\KB971961-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB981332) (HKLM\...\KB981332-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version:  - Microsoft Corporation)

TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.1.9385  - TeamViewer GmbH)

Update für Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)

Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2008-04-14 13:00 - 2012-08-13 17:01 - 00000761 _RASH C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost
 

==================== Scheduled Tasks (whitelisted) =============
 
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Programme\Microsoft Security Client\MpCmdRun.exe
 

==================== Loaded Modules (whitelisted) =============
 

2012-04-04 06:53 - 2012-04-04 06:53 - 00301056 _____ () C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-682003330-1482476501-1417001333-500 - Administrator - Enabled)

ASPNET (S-1-5-21-682003330-1482476501-1417001333-1004 - Limited - Enabled)

Buero (S-1-5-21-682003330-1482476501-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Buero

Gast (S-1-5-21-682003330-1482476501-1417001333-501 - Limited - Disabled)

Hilfeassistent (S-1-5-21-682003330-1482476501-1417001333-1000 - Limited - Disabled)

SUPPORT_388945a0 (S-1-5-21-682003330-1482476501-1417001333-1002 - Limited - Disabled)
 

==================== Faulty Device Manager Devices =============
 

Name: PCI-Modem

Description: PCI-Modem

Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (10/29/2014 03:33:19 PM) (Source: PerfNet) (EventID: 2005) (User: )

Description: Die Leistungsinformationen vom Serverdienst konnten nicht gelesen werden.

Es werden keine Server-Leistungsinformationen zurückgegeben.

Der zurückgegebene Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und

die IOSB.Information ist DWORD 2.
 

Error: (10/26/2014 03:22:26 PM) (Source: PerfNet) (EventID: 2005) (User: )

Description: Die Leistungsinformationen vom Serverdienst konnten nicht gelesen werden.

Es werden keine Server-Leistungsinformationen zurückgegeben.

Der zurückgegebene Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und

die IOSB.Information ist DWORD 2.
 

Error: (10/11/2014 11:08:26 AM) (Source: PerfNet) (EventID: 2005) (User: )

Description: Die Leistungsinformationen vom Serverdienst konnten nicht gelesen werden.

Es werden keine Server-Leistungsinformationen zurückgegeben.

Der zurückgegebene Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und

die IOSB.Information ist DWORD 2.
 

Error: (10/03/2014 07:05:22 AM) (Source: PerfNet) (EventID: 2004) (User: )

Description: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 

Error: (09/21/2014 06:07:54 AM) (Source: PerfNet) (EventID: 2004) (User: )

Description: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 

Error: (08/28/2014 02:48:28 PM) (Source: PerfNet) (EventID: 2004) (User: )

Description: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 

Error: (08/17/2014 10:22:32 AM) (Source: PerfNet) (EventID: 2005) (User: )

Description: Die Leistungsinformationen vom Serverdienst konnten nicht gelesen werden.

Es werden keine Server-Leistungsinformationen zurückgegeben.

Der zurückgegebene Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und

die IOSB.Information ist DWORD 2.
 

Error: (07/27/2014 08:33:41 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 

Error: (07/15/2014 03:47:53 PM) (Source: crypt32) (EventID: 11) (User: )

Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.
 

Error: (07/15/2014 03:47:53 PM) (Source: crypt32) (EventID: 11) (User: )

Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.
 
 

System errors:

=============

Error: (11/11/2014 05:34:37 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 

Error: (11/11/2014 05:34:32 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 

Error: (11/11/2014 05:29:29 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: Der Dienst "AVGIDSAgent" ist von folgendem, nicht vorhandenem Dienst abhängig: AVGIDSDriver
 

Error: (11/11/2014 05:24:48 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: Der Dienst "AVGIDSAgent" ist von folgendem, nicht vorhandenem Dienst abhängig: AVGIDSDriver
 

Error: (11/11/2014 05:24:35 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 

Error: (11/11/2014 05:01:30 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: Der Dienst "AVGIDSAgent" ist von folgendem, nicht vorhandenem Dienst abhängig: AVGIDSDriver
 

Error: (11/11/2014 05:01:05 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 

Error: (11/11/2014 01:34:37 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: Der Dienst "AVGIDSAgent" ist von folgendem, nicht vorhandenem Dienst abhängig: AVGIDSDriver
 

Error: (11/11/2014 01:34:04 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 

Error: (11/11/2014 08:52:11 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)

Description: Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 

Microsoft Office Sessions:

=========================

Error: (10/29/2014 03:33:19 PM) (Source: PerfNet) (EventID: 2005) (User: )

Description: 
 

Error: (10/26/2014 03:22:26 PM) (Source: PerfNet) (EventID: 2005) (User: )

Description: 
 

Error: (10/11/2014 11:08:26 AM) (Source: PerfNet) (EventID: 2005) (User: )

Description: 
 

Error: (10/03/2014 07:05:22 AM) (Source: PerfNet) (EventID: 2004) (User: )

Description: 
 

Error: (09/21/2014 06:07:54 AM) (Source: PerfNet) (EventID: 2004) (User: )

Description: 
 

Error: (08/28/2014 02:48:28 PM) (Source: PerfNet) (EventID: 2004) (User: )

Description: 
 

Error: (08/17/2014 10:22:32 AM) (Source: PerfNet) (EventID: 2005) (User: )

Description: 
 

Error: (07/27/2014 08:33:41 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 

Error: (07/15/2014 03:47:53 PM) (Source: crypt32) (EventID: 11) (User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 

Error: (07/15/2014 03:47:53 PM) (Source: crypt32) (EventID: 11) (User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz

Percentage of memory in use: 78%

Total physical RAM: 1015.23 MB

Available physical RAM: 221.89 MB

Total Pagefile: 2443.89 MB

Available Pagefile: 1648.32 MB

Total Virtual: 2047.88 MB

Available Virtual: 1916.05 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:97.66 GB) (Free:70.28 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: () (Fixed) (Total:135.22 GB) (Free:122.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 78757875)

Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=135.2 GB) - (Type=05)
 

==================== End Of Log ============================

Jo, sieht doch schon mal besser aus.
Mit dem Fix verschwindet auch die Meldung:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

Startup: C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk

ShortcutTarget: program.lnk -> C:\DOKUME~1\ALLUSE~1\ANWEND~1\E9011BAD.cpp (No File)

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Ok hier die Log files:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014

Ran by Buero at 2014-11-11 18:31:40 Run:3

Running from C:\Dokumente und Einstellungen\Buero\Desktop

Loaded Profile: Buero (Available profiles: Buero)

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

Startup: C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk

ShortcutTarget: program.lnk -> C:\DOKUME~1\ALLUSE~1\ANWEND~1\E9011BAD.cpp (No File)
 

*****************
 

C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart\program.lnk => Moved successfully.

C:\DOKUME~1\ALLUSE~1\ANWEND~1\E9011BAD.cpp not found.
 

==== End of Fixlog ====

Code:

# AdwCleaner v4.101 - Bericht erstellt am 11/11/2014 um 18:42:17

# Aktualisiert 09/11/2014 von Xplode

# Database : 2014-11-07.1 [Local]

# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)

# Benutzername : Buero - BUERO-90A3578F1

# Gestartet von : D:\Downloads\AdwCleaner_4.101.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar

Ordner Gelöscht : C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Anwendungsdaten\PackageAware
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Zubehör\Systemprogramme\Internet Explorer (ohne Add-Ons).lnk
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Schlüssel Gelöscht : HKCU\Software\AVG Nation toolbar

Schlüssel Gelöscht : HKCU\Software\systweak

Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Nation toolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Security Toolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM

Schlüssel Gelöscht : HKLM\SOFTWARE\systweak

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lollipop

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
 

***** [ Browser ] *****
 

-\\ Internet Explorer v8.0.6001.18702
 
 

*************************
 

AdwCleaner[R0].txt - [2893 octets] - [11/11/2014 18:37:44]

AdwCleaner[S0].txt - [3067 octets] - [11/11/2014 18:42:17]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3127 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.7 (11.08.2014:1)

OS: Microsoft Windows XP x86

Ran by Buero on 11.11.2014 at 18:47:52,57

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"
 
 
 

~~~ Folders
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 11.11.2014 at 18:50:14,50

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 11.11.2014

Suchlauf-Zeit: 18:51:29

Logdatei: mbam00.txt

Administrator: Ja
 

Version: 2.00.3.1025

Malware Datenbank: v2014.11.11.06

Rootkit Datenbank: v2014.11.10.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows XP Service Pack 3

CPU: x86

Dateisystem: NTFS

Benutzer: Buero
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 288305

Verstrichene Zeit: 6 Min, 16 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Warnen

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente erkannt)
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 0

(Keine schädliche Elemente erkannt)
 

Dateien: 2

Trojan.FakeMS.ED, C:\RECYCLER\S-1-5-18\Dc1.cpp, In Quarantäne, [612157e32b512f0757faeaf7a958b14f], 

Trojan.FakeMS.ED, C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp\cjUj.dll, In Quarantäne, [1c66a199017b92a4262b5190768bd42c], 
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014

Ran by Buero (administrator) on BUERO-90A3578F1 on 11-11-2014 20:13:12

Running from C:\Dokumente und Einstellungen\Buero\Desktop

Loaded Profile: Buero (Available profiles: Buero)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgcsrvx.exe

(Microsoft Corporation) C:\Programme\Microsoft Security Client\MsMpEng.exe

(AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgwdsvc.exe

(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe

(Microsoft Corporation) C:\Programme\Microsoft Security Client\msseces.exe

(AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgui.exe

(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

(AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgcsrvx.exe

(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16264192 2006-09-12] (Realtek Semiconductor Corp.)

HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)

HKLM\...\Run: [LexwareInfoService] => C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [339240 2008-11-03] (Lexware GmbH & Co. KG)

HKLM\...\Run: [MSC] => C:\Programme\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [AVG_UI] => C:\Programme\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKU\S-1-5-21-682003330-1482476501-1417001333-1003\...\MountPoints2: {1f512880-3a51-11e1-aae7-001966581b36} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html

HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)

Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> C:\Programme\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

BootExecute: autocheck autochk *  /sync /restartC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

AlternateShell: 
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285770613933

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-06]
 

Chrome: 

=======
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avgfws; C:\Programme\AVG\AVG2014\avgfws.exe [1417160 2014-08-25] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Programme\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Programme\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)

R2 MsMpSvc; C:\Programme\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S3 TDslMgrService; C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe [290816 2007-08-01] (T-Systems Enterprise Services GmbH) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)

R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)

S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)

R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)

R2 MLPTDR_N; C:\WINDOWS\system32\MLPTDR_N.SYS [18848 2003-07-18] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)

R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)

S3 PCANDIS5; C:\Programme\Gemeinsame Dateien\T-Com\DSLCheck\Pcandis5.sys [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

R3 TSMPacket; C:\WINDOWS\System32\DRIVERS\tsmpkt.sys [13824 2007-06-26] (T-Systems) [File not signed]

S1 98f4; \??\C:\WINDOWS\system32\drivers\98f4.sys [X]

S4 IntelIde; No ImagePath

S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-11 20:13 - 2014-11-11 20:13 - 00010619 _____ () C:\Dokumente und Einstellungen\Buero\Desktop\FRST.txt

2014-11-11 18:50 - 2014-11-11 18:50 - 00000956 _____ () C:\Dokumente und Einstellungen\Buero\Desktop\JRT.txt

2014-11-11 18:47 - 2014-11-11 18:47 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-11-11 18:44 - 2014-11-11 18:44 - 00003207 _____ () C:\Dokumente und Einstellungen\Buero\Desktop\AdwCleaner[S0].txt

2014-11-11 18:39 - 2014-11-11 20:13 - 00000000 ____D () C:\FRST

2014-11-11 18:39 - 2014-11-11 19:29 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-11-11 18:37 - 2014-11-11 18:42 - 00000000 ____D () C:\AdwCleaner

2014-11-11 17:34 - 2014-11-11 17:34 - 01107968 _____ (Farbar) C:\Dokumente und Einstellungen\Buero\Desktop\FRST.exe

2014-11-11 15:45 - 2014-11-11 23:20 - 00043346 _____ () C:\OTL.Txt

2014-10-22 09:46 - 2014-10-22 09:46 - 137377631 _____ () C:\Dokumente und Einstellungen\Buero\Eigene Dateien\LxOffice20141022_103452.zip
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-11 20:13 - 2012-08-16 08:27 - 00000000 ____D () C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp

2014-11-11 19:41 - 2012-08-15 10:25 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

2014-11-11 19:40 - 2014-01-12 16:58 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-11-11 19:34 - 2014-04-04 06:14 - 00000386 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

2014-11-11 19:25 - 2010-09-29 14:52 - 01095111 _____ () C:\WINDOWS\WindowsUpdate.log

2014-11-11 19:25 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl

2014-11-11 19:24 - 2014-03-28 06:50 - 00000222 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

2014-11-11 19:24 - 2010-09-29 15:24 - 00000000 ____D () C:\WINDOWS\OPTIONS

2014-11-11 19:24 - 2010-09-29 14:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-11-11 19:23 - 2010-09-29 14:56 - 00032564 _____ () C:\WINDOWS\SchedLgU.Txt

2014-11-11 19:23 - 2010-09-29 14:56 - 00000190 ___SH () C:\Dokumente und Einstellungen\Buero\ntuser.ini

2014-11-11 19:23 - 2010-09-29 14:56 - 00000000 ____D () C:\Dokumente und Einstellungen\Buero

2014-11-11 18:42 - 2010-09-29 14:56 - 00000735 _____ () C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Internet Explorer.lnk

2014-11-11 18:42 - 2010-09-29 14:56 - 00000000 ___RD () C:\Dokumente und Einstellungen\Buero\Startmenü\Programme

2014-11-11 18:41 - 2014-08-01 10:12 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware

2014-11-11 18:41 - 2014-08-01 10:12 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware

2014-11-11 18:31 - 2010-09-29 14:56 - 00000000 ___RD () C:\Dokumente und Einstellungen\Buero\Startmenü\Programme\Autostart

2014-11-11 17:38 - 2010-09-29 14:56 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temp

2014-11-08 18:36 - 2014-03-28 06:50 - 00000216 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job

2014-10-30 12:24 - 2010-09-29 18:41 - 00229000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2014-10-28 11:37 - 2010-09-29 15:37 - 01071796 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-10-22 09:35 - 2014-01-17 08:36 - 00126428 _____ () C:\WINDOWS\setupapi.log

2014-10-17 06:30 - 2014-01-16 14:08 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-10-17 06:28 - 2010-09-29 17:51 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-10-15 06:16 - 2010-10-21 18:26 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
 

Some content of TEMP:

====================

C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp\jre-7u45-windows-i586-iftw.exe

C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp\jre-7u55-windows-i586-iftw.exe

C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp\Quarantine.exe

C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp\speedupmypc.exe

C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp\sqlite3.dll

C:\Dokumente und Einstellungen\Buero\Lokale Einstellungen\Temp\_isB.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014

Ran by Buero at 2014-11-11 20:13:57

Running from C:\Dokumente und Einstellungen\Buero\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader X (10.1.3) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)

AVG 2014 (Version: 14.0.4189 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden

Datenaktualisierung (Version: 1.00.00.0004 - Haufe-Lexware GmbH & Co. KG) Hidden

DSL-Manager (HKLM\...\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}) (Version:  - )

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )

Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)

Java(TM) 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)

KONICA MINOLTA PagePro 1300W (HKLM\...\KONICA MINOLTA PagePro 1300W) (Version:  - )

Lexware Elster (HKLM\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG)

Lexware financial office pro 2009 (HKLM\...\{64B5EEC8-A7DF-46AE-9EF2-7B4B9A82E523}) (Version: 9.00.00.0040 - Lexware)

Lexware financial office pro 2009 (Version: 9.00.00.0040 - Lexware) Hidden

Lexware financial office pro Aktualisierung Mai 2009, Version 9.50 (HKLM\...\{C3210264-F6CF-4755-A51A-F5B885331CEC}) (Version: 9.30.00.0009 - Lexware)

Lexware financial office pro Aktualisierung Mai 2009, Version 9.50 (Version: 9.30.00.0009 - Lexware) Hidden

Lexware Info Service (HKLM\...\{59624372-3B85-47f4-9B04-4911E551DF1E}) (Version: 2.61.00.0033 - Lexware GmbH & Co. KG)

Lexware lohn+gehalt pro Aktualisierung Juli 2009 (HKLM\...\{D010EDE5-D78E-48B6-A67B-89FDA022B3C7}) (Version: 9.60.00.0028 - Lexware)

Lexware lohn+gehalt pro Aktualisierung Juli 2009 (Version: 9.60.00.0028 - Lexware) Hidden

Lexware online banking (HKLM\...\{B71CD243-6DC4-4579-BB0B-EC91926E1B75}) (Version: 7.00.00.0043 - Lexware GmbH & Co. KG)

Lexware Sepa Check (Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden

Lexware warenwirtschaft pro Servicepack Systemdatum 2009 (HKLM\...\{2E290305-56EB-4F91-A7A4-8EB9C6AAA0C3}) (Version: 9.21.00.0004 - Lexware)

Lexware warenwirtschaft pro Servicepack Systemdatum 2009 (Version: 9.21.00.0004 - Lexware) Hidden

Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)

Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

OpenOffice.org 3.2 (HKLM\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)

REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.00.0000 - Realtek)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5296 - Realtek Semiconductor Corp.)

Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden

Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461) (HKLM\...\KB2183461-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131) (HKLM\...\KB2360131-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400) (HKLM\...\KB2416400-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017) (HKLM\...\KB2482017-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640) (HKLM\...\KB2497640-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548) (HKLM\...\KB2530548-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2559049) (HKLM\...\KB2559049-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2586448) (HKLM\...\KB2586448-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2647516) (HKLM\...\KB2647516-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2675157) (HKLM\...\KB2675157-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2699988) (HKLM\...\KB2699988-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2722913) (HKLM\...\KB2722913-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2761465) (HKLM\...\KB2761465-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2792100) (HKLM\...\KB2792100-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2797052) (HKLM\...\KB2797052-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2799329) (HKLM\...\KB2799329-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2809289) (HKLM\...\KB2809289-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2817183) (HKLM\...\KB2817183-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) (HKLM\...\KB971961-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows Internet Explorer 8 (KB981332) (HKLM\...\KB981332-IE8) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)

Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version:  - Microsoft Corporation)

TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.1.9385  - TeamViewer GmbH)

Update für Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)

Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2008-04-14 13:00 - 2012-08-13 17:01 - 00000761 _RASH C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost
 

==================== Scheduled Tasks (whitelisted) =============
 
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Programme\Microsoft Security Client\MpCmdRun.exe
 

==================== Loaded Modules (whitelisted) =============
 

2012-04-04 06:53 - 2012-04-04 06:53 - 00301056 _____ () C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-682003330-1482476501-1417001333-500 - Administrator - Enabled)

ASPNET (S-1-5-21-682003330-1482476501-1417001333-1004 - Limited - Enabled)

Buero (S-1-5-21-682003330-1482476501-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Buero

Gast (S-1-5-21-682003330-1482476501-1417001333-501 - Limited - Disabled)

Hilfeassistent (S-1-5-21-682003330-1482476501-1417001333-1000 - Limited - Disabled)

SUPPORT_388945a0 (S-1-5-21-682003330-1482476501-1417001333-1002 - Limited - Disabled)
 

==================== Faulty Device Manager Devices =============
 

Name: PCI-Modem

Description: PCI-Modem

Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (10/29/2014 03:33:19 PM) (Source: PerfNet) (EventID: 2005) (User: )

Description: Die Leistungsinformationen vom Serverdienst konnten nicht gelesen werden.

Es werden keine Server-Leistungsinformationen zurückgegeben.

Der zurückgegebene Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und

die IOSB.Information ist DWORD 2.
 

Error: (10/26/2014 03:22:26 PM) (Source: PerfNet) (EventID: 2005) (User: )

Description: Die Leistungsinformationen vom Serverdienst konnten nicht gelesen werden.

Es werden keine Server-Leistungsinformationen zurückgegeben.

Der zurückgegebene Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und

die IOSB.Information ist DWORD 2.
 

Error: (10/11/2014 11:08:26 AM) (Source: PerfNet) (EventID: 2005) (User: )

Description: Die Leistungsinformationen vom Serverdienst konnten nicht gelesen werden.

Es werden keine Server-Leistungsinformationen zurückgegeben.

Der zurückgegebene Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und

die IOSB.Information ist DWORD 2.
 

Error: (10/03/2014 07:05:22 AM) (Source: PerfNet) (EventID: 2004) (User: )

Description: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 

Error: (09/21/2014 06:07:54 AM) (Source: PerfNet) (EventID: 2004) (User: )

Description: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 

Error: (08/28/2014 02:48:28 PM) (Source: PerfNet) (EventID: 2004) (User: )

Description: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 

Error: (08/17/2014 10:22:32 AM) (Source: PerfNet) (EventID: 2005) (User: )

Description: Die Leistungsinformationen vom Serverdienst konnten nicht gelesen werden.

Es werden keine Server-Leistungsinformationen zurückgegeben.

Der zurückgegebene Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und

die IOSB.Information ist DWORD 2.
 

Error: (07/27/2014 08:33:41 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 

Error: (07/15/2014 03:47:53 PM) (Source: crypt32) (EventID: 11) (User: )

Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.
 

Error: (07/15/2014 03:47:53 PM) (Source: crypt32) (EventID: 11) (User: )

Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.
 
 

System errors:

=============

Error: (11/11/2014 07:34:52 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 

Error: (11/11/2014 07:25:01 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: Der Dienst "AVGIDSAgent" ist von folgendem, nicht vorhandenem Dienst abhängig: AVGIDSDriver
 

Error: (11/11/2014 07:24:55 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 

Error: (11/11/2014 06:54:18 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 

Error: (11/11/2014 06:44:30 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: Der Dienst "AVGIDSAgent" ist von folgendem, nicht vorhandenem Dienst abhängig: AVGIDSDriver
 

Error: (11/11/2014 06:44:21 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 

Error: (11/11/2014 05:38:37 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 

Error: (11/11/2014 05:38:36 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 

Error: (11/11/2014 05:38:36 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 

Error: (11/11/2014 05:34:37 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )

Description: Der Support für Ihr Betriebssystem wurde beendet. Das Ausführen von %%860 auf einem Betriebssystem ohne Support stellt keine geeignete Lösung zum Schutz gegen Bedrohungen dar.
 
 

Microsoft Office Sessions:

=========================

Error: (10/29/2014 03:33:19 PM) (Source: PerfNet) (EventID: 2005) (User: )

Description: 
 

Error: (10/26/2014 03:22:26 PM) (Source: PerfNet) (EventID: 2005) (User: )

Description: 
 

Error: (10/11/2014 11:08:26 AM) (Source: PerfNet) (EventID: 2005) (User: )

Description: 
 

Error: (10/03/2014 07:05:22 AM) (Source: PerfNet) (EventID: 2004) (User: )

Description: 
 

Error: (09/21/2014 06:07:54 AM) (Source: PerfNet) (EventID: 2004) (User: )

Description: 
 

Error: (08/28/2014 02:48:28 PM) (Source: PerfNet) (EventID: 2004) (User: )

Description: 
 

Error: (08/17/2014 10:22:32 AM) (Source: PerfNet) (EventID: 2005) (User: )

Description: 
 

Error: (07/27/2014 08:33:41 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 

Error: (07/15/2014 03:47:53 PM) (Source: crypt32) (EventID: 11) (User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 

Error: (07/15/2014 03:47:53 PM) (Source: crypt32) (EventID: 11) (User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz

Percentage of memory in use: 81%

Total physical RAM: 1015.23 MB

Available physical RAM: 188.75 MB

Total Pagefile: 2443.84 MB

Available Pagefile: 1698 MB

Total Virtual: 2047.88 MB

Available Virtual: 1920.06 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:97.66 GB) (Free:70.2 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: () (Fixed) (Total:135.22 GB) (Free:122.05 GB) NTFS ==>[Drive with boot components (Windows XP)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 78757875)

Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=135.2 GB) - (Type=05)
 

==================== End Of Log ============================