Trojaner-Board - exp.pidef.ayk

Hier das Ergebnis:OTL Logfile:

Code:

OTL logfile created on: 11.03.2012 10:42:31 - Run 1

OTL by OldTimer - Version 3.2.36.3     Folder = J:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,94 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 84,61% Memory free

3,79 Gb Paging File | 3,67 Gb Available in Paging File | 96,94% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97,66 Gb Total Space | 73,61 Gb Free Space | 75,38% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 346,17 Gb Free Space | 94,04% Space Free | Partition Type: NTFS

Drive I: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive J: | 1,87 Gb Total Space | 1,87 Gb Free Space | 99,97% Space Free | Partition Type: FAT

 

Computer Name: USER | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - J:\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AppMgmt) --  File not found

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (wlidsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)

SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)

SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()

SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)

SRV - (nSvcLog) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)

SRV - (ForcewareWebInterface) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (Changer) --  File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)

DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)

DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()

DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)

DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)

DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)

DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)

DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)

DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\InCDrec.sys (Nero AG)

DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0F29D49B-BEE4-48F3-82EE-D6662E515B2E}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{0F29D49B-BEE4-48F3-82EE-D6662E515B2E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 32 D2 41 6A FF CC 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0F29D49B-BEE4-48F3-82EE-D6662E515B2E}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.27 17:46:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Programme\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012.01.08 18:43:28 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe ()

O4 - HKLM..\Run: [Corel Photo Downloader] "C:\Programme\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup File not found

O4 - HKLM..\Run: [NPSStartup]  File not found

O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://www.bb-sw.de:999/activex/AMC.cab (AxisMediaControlEmb Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7ED6F78-E8D1-4CB3-90F3-B8A07A7E22DC}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBC7E922-BB51-46B3-A65A-A35D521E5ADF}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF3DD7F1-18CC-46D0-AA84-E3D2CC885E56}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.07.27 10:39:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.11 10:35:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia

[2012.03.11 10:35:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe

[2012.03.11 10:30:37 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE

[2012.03.11 10:30:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent

[2012.03.11 10:29:41 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache

[2012.03.11 10:29:13 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft

[2012.03.11 10:29:13 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten

[2012.03.11 10:29:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies

[2012.03.11 10:29:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen

[2012.03.11 10:29:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung

[2012.03.11 10:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft

[2012.03.11 10:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten

[2012.03.11 10:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop

[2012.03.11 10:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AskToolbar

[2012.03.11 10:29:12 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo

[2012.03.11 10:29:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör

[2012.03.11 10:29:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü

[2012.03.11 10:29:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart

[2012.03.11 10:29:12 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen

[2012.03.11 10:29:12 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung

[2012.02.22 21:33:37 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft CAPICOM 2.1.0.2

[2012.02.22 19:30:59 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2012.02.22 19:30:59 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2012.02.21 12:27:49 | 006,950,552 | ---- | C] (Microsoft Corporation) -- C:\Programme\Silverlight.exe

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.11 10:41:35 | 000,000,262 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit OTL.lnk

[2012.03.11 10:34:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.03.11 10:32:11 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.10 20:29:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.10 19:37:26 | 000,002,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware büro easy.lnk

[2012.03.10 18:50:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.06 15:51:41 | 000,001,786 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2012.02.27 20:26:13 | 000,495,914 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.02.27 20:26:13 | 000,475,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.02.27 20:26:13 | 000,091,822 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.02.27 20:26:13 | 000,076,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.02.27 19:59:38 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit_.INI

[2012.02.26 14:42:01 | 000,333,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.02.24 16:15:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012.02.21 12:27:59 | 006,950,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Silverlight.exe

[2012.02.18 20:13:41 | 000,000,474 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Personal Backup 5.lnk

[2012.02.15 12:35:10 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.11 10:41:35 | 000,000,262 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit OTL.lnk

[2012.03.11 10:29:13 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk

[2012.03.11 10:29:13 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Windows Media Player.lnk

[2012.02.27 14:36:29 | 000,002,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware büro easy.lnk

[2012.02.16 17:39:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.02.16 17:39:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2012.01.13 13:06:06 | 000,016,070 | ---- | C] () -- C:\WINDOWS\German2.ini

[2011.12.23 22:59:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011.11.08 21:39:05 | 000,000,031 | ---- | C] () -- C:\WINDOWS\DeskCalc.INI

[2011.11.06 14:59:33 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2011.11.06 14:59:33 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2011.08.09 22:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI

[2011.07.29 08:07:41 | 011,209,752 | ---- | C] () -- C:\Programme\averywizard_4_0_2718_de.exe

[2011.07.28 14:28:57 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe

[2011.07.27 18:01:45 | 000,000,332 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2011.07.27 17:48:09 | 000,000,572 | ---- | C] () -- C:\WINDOWS\hpomdl51.dat.temp

[2011.07.27 17:39:52 | 000,192,743 | ---- | C] () -- C:\WINDOWS\hpoins51.dat

[2011.07.27 17:39:52 | 000,000,572 | ---- | C] () -- C:\WINDOWS\hpomdl51.dat

[2011.07.27 16:05:33 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2011.07.27 13:40:41 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011.07.27 12:49:01 | 000,821,136 | ---- | C] () -- C:\Programme\MB IT Systeme Fernwartung.exe

[2011.07.27 12:02:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011.07.27 11:55:54 | 000,004,853 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2011.07.27 11:55:51 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2011.07.27 11:26:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011.07.27 11:25:22 | 000,333,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.07.27 10:40:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011.07.27 10:37:31 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011.05.13 09:04:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll

[2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll

[2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll

[2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
 

< End of report >

--- --- ---

Hi,
meist Du das hier:OTL Logfile:

Code:

OTL logfile created on: 11.03.2012 10:42:31 - Run 1

OTL by OldTimer - Version 3.2.36.3     Folder = J:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,94 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 84,61% Memory free

3,79 Gb Paging File | 3,67 Gb Available in Paging File | 96,94% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97,66 Gb Total Space | 73,61 Gb Free Space | 75,38% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 346,17 Gb Free Space | 94,04% Space Free | Partition Type: NTFS

Drive I: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive J: | 1,87 Gb Total Space | 1,87 Gb Free Space | 99,97% Space Free | Partition Type: FAT

 

Computer Name: USER | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - J:\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AppMgmt) --  File not found

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (wlidsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)

SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)

SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()

SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)

SRV - (nSvcLog) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)

SRV - (ForcewareWebInterface) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (Changer) --  File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)

DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)

DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()

DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)

DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)

DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)

DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)

DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)

DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\InCDrec.sys (Nero AG)

DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0F29D49B-BEE4-48F3-82EE-D6662E515B2E}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{0F29D49B-BEE4-48F3-82EE-D6662E515B2E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 32 D2 41 6A FF CC 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0F29D49B-BEE4-48F3-82EE-D6662E515B2E}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.27 17:46:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Programme\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012.01.08 18:43:28 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe ()

O4 - HKLM..\Run: [Corel Photo Downloader] "C:\Programme\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup File not found

O4 - HKLM..\Run: [NPSStartup]  File not found

O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://www.bb-sw.de:999/activex/AMC.cab (AxisMediaControlEmb Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7ED6F78-E8D1-4CB3-90F3-B8A07A7E22DC}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBC7E922-BB51-46B3-A65A-A35D521E5ADF}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF3DD7F1-18CC-46D0-AA84-E3D2CC885E56}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.07.27 10:39:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.11 10:35:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia

[2012.03.11 10:35:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe

[2012.03.11 10:30:37 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE

[2012.03.11 10:30:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent

[2012.03.11 10:29:41 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache

[2012.03.11 10:29:13 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft

[2012.03.11 10:29:13 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten

[2012.03.11 10:29:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies

[2012.03.11 10:29:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen

[2012.03.11 10:29:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung

[2012.03.11 10:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft

[2012.03.11 10:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten

[2012.03.11 10:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop

[2012.03.11 10:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AskToolbar

[2012.03.11 10:29:12 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo

[2012.03.11 10:29:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör

[2012.03.11 10:29:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü

[2012.03.11 10:29:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart

[2012.03.11 10:29:12 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen

[2012.03.11 10:29:12 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung

[2012.02.22 21:33:37 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft CAPICOM 2.1.0.2

[2012.02.22 19:30:59 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2012.02.22 19:30:59 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2012.02.21 12:27:49 | 006,950,552 | ---- | C] (Microsoft Corporation) -- C:\Programme\Silverlight.exe

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.11 10:41:35 | 000,000,262 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit OTL.lnk

[2012.03.11 10:34:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.03.11 10:32:11 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.10 20:29:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.10 19:37:26 | 000,002,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware büro easy.lnk

[2012.03.10 18:50:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.06 15:51:41 | 000,001,786 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2012.02.27 20:26:13 | 000,495,914 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.02.27 20:26:13 | 000,475,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.02.27 20:26:13 | 000,091,822 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.02.27 20:26:13 | 000,076,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.02.27 19:59:38 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit_.INI

[2012.02.26 14:42:01 | 000,333,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.02.24 16:15:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012.02.21 12:27:59 | 006,950,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Silverlight.exe

[2012.02.18 20:13:41 | 000,000,474 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Personal Backup 5.lnk

[2012.02.15 12:35:10 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.11 10:41:35 | 000,000,262 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit OTL.lnk

[2012.03.11 10:29:13 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk

[2012.03.11 10:29:13 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Windows Media Player.lnk

[2012.02.27 14:36:29 | 000,002,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware büro easy.lnk

[2012.02.16 17:39:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.02.16 17:39:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2012.01.13 13:06:06 | 000,016,070 | ---- | C] () -- C:\WINDOWS\German2.ini

[2011.12.23 22:59:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011.11.08 21:39:05 | 000,000,031 | ---- | C] () -- C:\WINDOWS\DeskCalc.INI

[2011.11.06 14:59:33 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2011.11.06 14:59:33 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2011.08.09 22:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI

[2011.07.29 08:07:41 | 011,209,752 | ---- | C] () -- C:\Programme\averywizard_4_0_2718_de.exe

[2011.07.28 14:28:57 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe

[2011.07.27 18:01:45 | 000,000,332 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2011.07.27 17:48:09 | 000,000,572 | ---- | C] () -- C:\WINDOWS\hpomdl51.dat.temp

[2011.07.27 17:39:52 | 000,192,743 | ---- | C] () -- C:\WINDOWS\hpoins51.dat

[2011.07.27 17:39:52 | 000,000,572 | ---- | C] () -- C:\WINDOWS\hpomdl51.dat

[2011.07.27 16:05:33 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2011.07.27 13:40:41 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011.07.27 12:49:01 | 000,821,136 | ---- | C] () -- C:\Programme\MB IT Systeme Fernwartung.exe

[2011.07.27 12:02:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011.07.27 11:55:54 | 000,004,853 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2011.07.27 11:55:51 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2011.07.27 11:26:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011.07.27 11:25:22 | 000,333,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.07.27 10:40:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011.07.27 10:37:31 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011.05.13 09:04:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll

[2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll

[2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll

[2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 11.03.2012 10:42:31 - Run 1

OTL by OldTimer - Version 3.2.36.3     Folder = J:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,94 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 84,61% Memory free

3,79 Gb Paging File | 3,67 Gb Available in Paging File | 96,94% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97,66 Gb Total Space | 73,61 Gb Free Space | 75,38% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 346,17 Gb Free Space | 94,04% Space Free | Partition Type: NTFS

Drive I: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive J: | 1,87 Gb Total Space | 1,87 Gb Free Space | 99,97% Space Free | Partition Type: FAT

 

Computer Name: USER | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - J:\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AppMgmt) --  File not found

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (wlidsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)

SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)

SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()

SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)

SRV - (nSvcLog) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)

SRV - (ForcewareWebInterface) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (Changer) --  File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)

DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)

DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()

DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)

DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)

DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)

DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)

DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)

DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\InCDrec.sys (Nero AG)

DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0F29D49B-BEE4-48F3-82EE-D6662E515B2E}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{0F29D49B-BEE4-48F3-82EE-D6662E515B2E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 32 D2 41 6A FF CC 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0F29D49B-BEE4-48F3-82EE-D6662E515B2E}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.27 17:46:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Programme\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012.01.08 18:43:28 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe ()

O4 - HKLM..\Run: [Corel Photo Downloader] "C:\Programme\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup File not found

O4 - HKLM..\Run: [NPSStartup]  File not found

O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://www.bb-sw.de:999/activex/AMC.cab (AxisMediaControlEmb Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7ED6F78-E8D1-4CB3-90F3-B8A07A7E22DC}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBC7E922-BB51-46B3-A65A-A35D521E5ADF}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF3DD7F1-18CC-46D0-AA84-E3D2CC885E56}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.07.27 10:39:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.11 10:35:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia

[2012.03.11 10:35:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe

[2012.03.11 10:30:37 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE

[2012.03.11 10:30:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent

[2012.03.11 10:29:41 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache

[2012.03.11 10:29:13 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft

[2012.03.11 10:29:13 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten

[2012.03.11 10:29:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies

[2012.03.11 10:29:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen

[2012.03.11 10:29:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung

[2012.03.11 10:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft

[2012.03.11 10:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten

[2012.03.11 10:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop

[2012.03.11 10:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AskToolbar

[2012.03.11 10:29:12 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo

[2012.03.11 10:29:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör

[2012.03.11 10:29:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü

[2012.03.11 10:29:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart

[2012.03.11 10:29:12 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen

[2012.03.11 10:29:12 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung

[2012.02.22 21:33:37 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft CAPICOM 2.1.0.2

[2012.02.22 19:30:59 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2012.02.22 19:30:59 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2012.02.21 12:27:49 | 006,950,552 | ---- | C] (Microsoft Corporation) -- C:\Programme\Silverlight.exe

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.11 10:41:35 | 000,000,262 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit OTL.lnk

[2012.03.11 10:34:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.03.11 10:32:11 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.10 20:29:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.10 19:37:26 | 000,002,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware büro easy.lnk

[2012.03.10 18:50:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.06 15:51:41 | 000,001,786 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2012.02.27 20:26:13 | 000,495,914 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.02.27 20:26:13 | 000,475,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.02.27 20:26:13 | 000,091,822 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.02.27 20:26:13 | 000,076,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.02.27 19:59:38 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit_.INI

[2012.02.26 14:42:01 | 000,333,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.02.24 16:15:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012.02.21 12:27:59 | 006,950,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Silverlight.exe

[2012.02.18 20:13:41 | 000,000,474 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Personal Backup 5.lnk

[2012.02.15 12:35:10 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.11 10:41:35 | 000,000,262 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit OTL.lnk

[2012.03.11 10:29:13 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk

[2012.03.11 10:29:13 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Windows Media Player.lnk

[2012.02.27 14:36:29 | 000,002,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware büro easy.lnk

[2012.02.16 17:39:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.02.16 17:39:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2012.01.13 13:06:06 | 000,016,070 | ---- | C] () -- C:\WINDOWS\German2.ini

[2011.12.23 22:59:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011.11.08 21:39:05 | 000,000,031 | ---- | C] () -- C:\WINDOWS\DeskCalc.INI

[2011.11.06 14:59:33 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2011.11.06 14:59:33 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2011.08.09 22:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI

[2011.07.29 08:07:41 | 011,209,752 | ---- | C] () -- C:\Programme\averywizard_4_0_2718_de.exe

[2011.07.28 14:28:57 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe

[2011.07.27 18:01:45 | 000,000,332 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2011.07.27 17:48:09 | 000,000,572 | ---- | C] () -- C:\WINDOWS\hpomdl51.dat.temp

[2011.07.27 17:39:52 | 000,192,743 | ---- | C] () -- C:\WINDOWS\hpoins51.dat

[2011.07.27 17:39:52 | 000,000,572 | ---- | C] () -- C:\WINDOWS\hpomdl51.dat

[2011.07.27 16:05:33 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2011.07.27 13:40:41 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011.07.27 12:49:01 | 000,821,136 | ---- | C] () -- C:\Programme\MB IT Systeme Fernwartung.exe

[2011.07.27 12:02:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011.07.27 11:55:54 | 000,004,853 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2011.07.27 11:55:51 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2011.07.27 11:26:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011.07.27 11:25:22 | 000,333,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.07.27 10:40:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011.07.27 10:37:31 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011.05.13 09:04:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll

[2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll

[2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll

[2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
 

< End of report >

--- --- ---