Trojaner-Board - TR/Dldr.Agent

Hier das Combofix-Log:

Code:

ComboFix 13-02-03.03 - user 04.02.2013  17:11:20.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1014.418 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\user\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\user\WINDOWS

c:\programme\xp-AntiSpy

c:\programme\xp-AntiSpy\Uninstall.exe

c:\programme\xp-AntiSpy\xp-AntiSpy.chm

c:\programme\xp-AntiSpy\xp-AntiSpy.exe

c:\programme\xp-AntiSpy\xp-AntiSpy.url

c:\windows\system32\pthreadVC.dll

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-01-04 bis 2013-02-04  ))))))))))))))))))))))))))))))

.

.

2013-02-04 15:09 . 2013-02-04 15:12        --------        d-----w-        c:\windows\LastGood.Tmp

2013-02-01 13:30 . 2013-02-01 13:30        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2013-01-31 15:21 . 2013-01-31 15:21        602112        ----a-w-        c:\programme\OTL.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-17 12:37 . 2012-05-18 12:05        697864        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-01-17 12:37 . 2011-08-20 11:37        74248        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-01 13:23 . 2013-01-01 13:23        5384321        ----a-w-        c:\programme\FastStoneViewerSetup46.exe

2011-12-16 19:49 . 2011-12-16 19:49        14597312        ----a-w-        c:\programme\Firefox_Setup_8.0.1final.exe

2011-02-07 09:12 . 2011-02-07 09:12        20364702        ----a-w-        c:\programme\VLC Installationsdatei vlc-1.1.7-win32.exe

2010-02-24 17:19 . 2010-02-24 17:18        18499623        ----a-w-        c:\programme\vlc-1.0.5-win32.exe

2010-01-08 08:20 . 2010-01-08 08:19        2571864        ----a-w-        c:\programme\OrbitDownloaderSetup.exe

2009-10-24 10:42 . 2009-10-24 10:41        23510720        ----a-w-        c:\programme\dotnetfx.exe

2009-10-24 10:39 . 2009-10-24 10:39        312085        ----a-w-        c:\programme\mausarm.exe

2009-08-11 15:04 . 2009-08-11 14:59        100822524        ----a-w-        c:\programme\OOo_3.1.0_Win32Intel_install_de.exe

2009-07-11 21:56 . 2009-07-11 21:53        13596880        ----a-w-        c:\programme\AVSAudioRecorder.exe

2009-07-07 12:10 . 2009-07-07 12:10        32467048        ----a-w-        c:\programme\avira_antivir_personal403_de.exe

2009-06-10 17:30 . 2009-07-03 12:43        884736        ----a-w-        c:\programme\vkaraoke.exe

2008-10-22 09:23 . 2009-07-03 12:43        14054920        ----a-w-        c:\programme\RealPlayer10-5GOLD_de.exe

2008-06-27 19:18 . 2009-07-03 12:43        17950304        ----a-w-        c:\programme\gimp-2.4.6-i686-setup.exe

2008-05-25 12:04 . 2009-07-03 12:43        133197120        ----a-w-        c:\programme\OOo_2.4.0_Win32Intel_install_wJRE_en-US.exe

2008-04-12 15:16 . 2009-07-03 12:43        26840960        ----a-w-        c:\programme\SUPERsetup30.exe

2008-04-11 21:02 . 2009-07-03 12:43        23700784        ----a-w-        c:\programme\QuickTimeInstaller.exe

2008-04-09 10:19 . 2009-07-03 12:43        8990072        ----a-w-        c:\programme\winamp553_full_emusic-7plus_en-us.exe

2008-01-12 15:15 . 2009-07-03 12:43        9063520        ----a-w-        c:\programme\trillian-v3.1.9.0.exe

2007-10-26 20:36 . 2009-07-03 12:43        9679815        ----a-w-        c:\programme\vlc-0.8.6c-win32.exe

2012-09-11 10:00 . 2012-09-11 10:00        266720        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-07-03 . 451D0981F4CCA5697307AF90D799BDC3 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-03 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-03 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-03 138008]

"SynTPStart"="c:\programme\Synaptics\SynTP\SynTPStart.exe" [2009-07-03 102400]

"RTHDCPL"="RTHDCPL.EXE" [2009-07-03 16132608]

"WinampAgent"="c:\programme\Winamp\winampa.exe" [2009-07-01 37888]

"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]

"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

"SetDefPrt"="c:\programme\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]

"ControlCenter2.0"="c:\programme\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\user\Startmenü\Programme\Autostart\

Mausarm.lnk - c:\programme\Mausarm\Mausarm.exe [2009-10-24 89088]

OpenOffice.org 2.4.lnk - c:\programme\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

Status Monitor.lnk - c:\programme\Brother\Brmfcmon\BrMfcWnd.exe [2009-8-7 802816]

Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 16:03        152872        ----a-w-        c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 12:57        153136        ----a-w-        c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Trillian\\trillian.exe"=

"c:\\Programme\\Opera 10.50 Beta\\opera.exe"=

"c:\\Programme\\Messenger\\msmsgs.exe"=

"c:\\Programme\\Opera 10.01 neu\\opera.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11.11.2011 12:05 36000]

R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [11.11.2011 12:05 86224]

R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [24.10.2011 08:53 2565632]

S3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [16.09.2010 16:02 35040]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 12:37]

.

2013-02-04 c:\windows\Tasks\User_Feed_Synchronization-{B9DFA558-229F-42F5-B9D4-8338F08D0ABB}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.facebook.de/

Trusted Zone: facebook.de\www

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

FF - ProfilePath - c:\dokumente und einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\t9jvhqvs.default\

FF - prefs.js: browser.startup.homepage - www.gmx.net

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-dm Fotowelt - c:\programme\dm\dm Fotowelt\uninstall.exe

AddRemove-Opera - c:\progra~1\OPERA1~3.01N\uninst\unwise.exe

AddRemove-Ulead iPhoto Express 1.0 - c:\windows\unin0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2013-02-04 17:35

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'explorer.exe'(3248)

c:\windows\system32\webcheck.dll

c:\windows\system32\msls31.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\brss01a.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\programme\Synaptics\SynTP\SynTPEnh.exe

c:\programme\OpenOffice.org 2.4\program\soffice.exe

c:\programme\OpenOffice.org 2.4\program\soffice.BIN

c:\dokume~1\user\LOKALE~1\Temp\RtkBtMnt.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\SearchIndexer.exe

c:\programme\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

c:\programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-02-04  17:39:37 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-02-04 16:39

.

Vor Suchlauf: 22 Verzeichnis(se), 42.145.841.152 Bytes frei

Nach Suchlauf: 23 Verzeichnis(se), 42.177.601.536 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 5C20B2B137889E8A46EA996D4877FF13

Warum ich Installationsdateien da speichere, wo ich sie speichere, kann ich nicht genau beantworten. Wahrscheinlich, weil ich sie da am besten wiederfinde (der Desktop wird mir schnell zu voll, deshalb speichere ich da nur selten irgendwas. Verstehe ich Deine Empfehlung richtig, dass ich nach der Installation grundsätzlich die Installationsdateien löschen sollte? :dummguck:

Hier der log von adwcleaner:

Code:

# AdwCleaner v2.110 - Datei am 05/02/2013 um 11:25:32 erstellt

# Aktualisiert am 03/02/2013 von Xplode

# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)

# Benutzer : user - ***

# Bootmodus : Normal

# Ausgeführt unter : C:\Dokumente und Einstellungen\user\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon

Ordner Gelöscht : C:\Dokumente und Einstellungen\user\Anwendungsdaten\Babylon

Ordner Gelöscht : C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Babylon

Ordner Gelöscht : C:\Programme\Conduit
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKLM\Software\Babylon

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v8.0.6001.18702
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v15.0.1 (de)
 

Datei : C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\t9jvhqvs.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[S1].txt - [1264 octets] - [05/02/2013 11:25:32]
 

########## EOF - C:\AdwCleaner[S1].txt - [1324 octets] ##########

OTL-Logs:

Code:

OTL logfile created on: 05.02.2013 11:40:16 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Programme

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: *** | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014,36 Mb Total Physical Memory | 406,45 Mb Available Physical Memory | 40,07% Memory free

2,38 Gb Paging File | 1,81 Gb Available in Paging File | 75,86% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 71,29 Gb Total Space | 37,38 Gb Free Space | 52,44% Space Free | Partition Type: NTFS

Drive E: | 71,90 Gb Total Space | 11,79 Gb Free Space | 16,39% Space Free | Partition Type: NTFS

 

Computer Name: *** | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\user\Lokale Einstellungen\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Programme\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)

PRC - C:\Programme\Winamp\winampa.exe ()

PRC - C:\Programme\Mausarm\Mausarm.exe (hxxp://www.repetitive-strain-injury.de)

PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\33ff7d73f01be8329a95c6e03f1dd555\System.Web.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll ()

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()

MOD - C:\Programme\Winamp\winampa.exe ()

MOD - C:\Programme\OpenOffice.org 2.4\program\libxml2.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)

SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)

SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)

SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (Changer) --  File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)

DRV - (TelekomNM3) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)

DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\SearchScopes\{137F981F-36C0-4817-901E-6AEF999D8230}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\SearchScopes\{7749550D-A745-4727-B66D-6C84059E528A}: "URL" = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\SearchScopes\{792B55A7-6274-4DD9-B28C-24E239B217C7}: "URL" = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\SearchScopes\{847FEB7C-DDA1-4D50-8779-B196F7D36082}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\SearchScopes\{8CE6181B-6C48-4580-A500-0F83A2A1FC20}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-9414-51/4?satitle={searchTerms}

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\SearchScopes\{AB91DC12-154C-4041-8E4C-65B5AA71C691}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\SearchScopes\{B14BF1F6-6348-4126-A432-3FEE44920DC0}: "URL" = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\SearchScopes\{B41DCA84-7346-4E1B-BB5A-2197524290D4}: "URL" = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\SearchScopes\{F521631B-AEC4-4F70-8610-DA7FE49E56AE}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8

IE - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "www.gmx.net"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.11 11:00:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2011.12.16 20:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions

[2012.12.18 21:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\t9jvhqvs.default\extensions

[2012.12.18 21:35:54 | 000,000,000 | ---D | M] (Telekom Toolbar 3.0) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\t9jvhqvs.default\extensions\totbff01@telekom.de

[2012.11.15 11:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.06.25 15:36:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012.09.02 12:58:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012.11.15 11:12:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2012.09.11 11:00:45 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.09.11 11:00:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.11 11:00:37 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.09.11 11:00:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.09.11 11:00:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.09.11 11:00:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.09.11 11:00:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2013.02.04 17:34:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\Toolbar\WebBrowser: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)

O3 - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\Mausarm.lnk = C:\Programme\Mausarm\Mausarm.exe (hxxp://www.repetitive-strain-injury.de)

O4 - Startup: C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)

O15 - HKU\S-1-5-21-436374069-1078081533-1644491937-1003\..Trusted Domains: facebook.de ([www] https in Vertrauenswürdige Sites)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246630530969 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B787724-3E80-46FF-BE1E-C21958EA9825}: DhcpNameServer = 192.168.2.1 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user\Anwendungsdaten\FastStone\FSIV\FSViewerWallPaper.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user\Anwendungsdaten\FastStone\FSIV\FSViewerWallPaper.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.07.03 13:29:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.05 11:38:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013.02.05 00:35:41 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0

[2013.02.05 00:33:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013.02.04 17:06:08 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013.02.04 17:03:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013.02.04 17:03:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013.02.04 17:03:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013.02.04 17:03:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013.02.04 17:03:17 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.02.04 17:03:13 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\user\Startmenü\Programme\Verwaltung

[2013.02.04 17:03:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013.02.04 17:01:03 | 005,029,686 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\user\Desktop\ComboFix NICHT OHNE professionelle HILFE ausführen.exe

[2013.02.04 16:20:01 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe

[2013.02.04 16:13:03 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll

[2013.02.04 16:13:01 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2013.02.04 16:13:00 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2013.02.04 16:13:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2013.02.04 15:30:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\user\Desktop\tdsskiller.exe

[2013.02.04 14:43:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\user\Desktop\aswMBR.exe

[2013.02.01 14:30:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2013.02.01 14:29:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Malwarebytes Anti-Rootkit Beta_mbar-1.01.0.1017

[2013.01.31 16:21:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Programme\OTL.exe

[2011.12.16 20:49:41 | 014,597,312 | ---- | C] (Mozilla) -- C:\Programme\Firefox_Setup_8.0.1final.exe

[2010.01.08 09:19:50 | 002,571,864 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Programme\OrbitDownloaderSetup.exe

[2009.10.24 11:41:47 | 023,510,720 | ---- | C] (Microsoft Corporation) -- C:\Programme\dotnetfx.exe

[2009.10.24 11:39:31 | 000,312,085 | ---- | C] (Clemens Conrad                                              ) -- C:\Programme\mausarm.exe

[2009.07.11 22:53:58 | 013,596,880 | ---- | C] (Online Media Technologies Ltd.                              ) -- C:\Programme\AVSAudioRecorder.exe

[2009.07.03 13:43:58 | 008,990,072 | ---- | C] (Nullsoft, Inc.) -- C:\Programme\winamp553_full_emusic-7plus_en-us.exe

[2009.07.03 13:43:56 | 026,840,960 | ---- | C] (eRightSoft   ) -- C:\Programme\SUPERsetup30.exe

[2009.07.03 13:43:56 | 014,054,920 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RealPlayer10-5GOLD_de.exe

[2009.07.03 13:43:55 | 023,700,784 | ---- | C] (Apple Inc.) -- C:\Programme\QuickTimeInstaller.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.05 11:29:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013.02.05 11:27:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013.02.05 11:27:52 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys

[2013.02.05 11:22:34 | 000,582,111 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\adwcleaner.exe

[2013.02.05 11:12:47 | 000,001,503 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Browserwahl.lnk

[2013.02.05 11:12:35 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013.02.05 01:08:26 | 000,474,790 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2013.02.05 01:08:26 | 000,433,332 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013.02.05 01:08:26 | 000,090,628 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2013.02.05 01:08:26 | 000,068,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013.02.05 01:07:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013.02.05 01:06:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013.02.04 17:34:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013.02.04 17:06:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2013.02.04 17:01:29 | 005,029,686 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\user\Desktop\ComboFix NICHT OHNE professionelle HILFE ausführen.exe

[2013.02.04 15:30:34 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\user\Desktop\tdsskiller.exe

[2013.02.04 14:49:52 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\MBR.dat

[2013.02.04 14:44:42 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\user\Desktop\aswMBR.exe

[2013.02.04 14:24:30 | 000,365,568 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\gmer_2.0.18454.exe

[2013.02.04 14:15:51 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B9DFA558-229F-42F5-B9D4-8338F08D0ABB}.job

[2013.02.01 14:28:50 | 013,562,257 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Malwarebytes Anti-Rootkit Beta_mbar-1.01.0.1017.zip

[2013.01.31 16:21:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Programme\OTL.exe

[2013.01.17 13:37:30 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013.01.17 13:37:30 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013.01.16 02:26:12 | 000,001,084 | ---- | M] () -- C:\WINDOWS\Ulead32.ini

[2013.01.14 23:06:35 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2013.01.14 19:55:21 | 000,001,586 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Trillian.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.02.05 11:22:33 | 000,582,111 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\adwcleaner.exe

[2013.02.05 11:12:46 | 000,001,503 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Browserwahl.lnk

[2013.02.04 17:06:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2013.02.04 17:06:09 | 000,262,448 | RHS- | C] () -- C:\cmldr

[2013.02.04 17:03:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013.02.04 17:03:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013.02.04 17:03:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013.02.04 17:03:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013.02.04 17:03:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013.02.04 16:12:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2013.02.04 16:12:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2013.02.04 14:49:52 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\MBR.dat

[2013.02.04 14:24:30 | 000,365,568 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\gmer_2.0.18454.exe

[2013.02.01 14:28:49 | 013,562,257 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Malwarebytes Anti-Rootkit Beta_mbar-1.01.0.1017.zip

[2013.01.01 14:23:24 | 005,384,321 | ---- | C] () -- C:\Programme\FastStoneViewerSetup46.exe

[2012.10.08 17:16:51 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2012.06.13 22:08:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.03.25 22:18:58 | 000,063,426 | ---- | C] () -- C:\Dokumente und Einstellungen\user\.recently-used.xbel

[2011.02.07 10:12:09 | 020,364,702 | ---- | C] () -- C:\Programme\VLC Installationsdatei vlc-1.1.7-win32.exe

[2010.02.24 18:18:14 | 018,499,623 | ---- | C] () -- C:\Programme\vlc-1.0.5-win32.exe

[2009.08.11 15:59:44 | 100,822,524 | ---- | C] () -- C:\Programme\OOo_3.1.0_Win32Intel_install_de.exe

[2009.07.11 23:00:54 | 000,827,746 | ---- | C] () -- C:\Programme\AudioRecorder.zip

[2009.07.09 15:00:00 | 000,183,808 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.07.07 14:01:31 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\user\default.pls

[2009.07.07 13:10:02 | 032,467,048 | ---- | C] () -- C:\Programme\avira_antivir_personal403_de.exe

[2009.07.03 13:43:58 | 009,679,815 | ---- | C] () -- C:\Programme\vlc-0.8.6c-win32.exe

[2009.07.03 13:43:58 | 000,884,736 | ---- | C] () -- C:\Programme\vkaraoke.exe

[2009.07.03 13:43:57 | 009,063,520 | ---- | C] () -- C:\Programme\trillian-v3.1.9.0.exe

[2009.07.03 13:43:49 | 133,197,120 | ---- | C] () -- C:\Programme\OOo_2.4.0_Win32Intel_install_wJRE_en-US.exe

[2009.07.03 13:43:48 | 017,950,304 | ---- | C] (                                                            ) -- C:\Programme\gimp-2.4.6-i686-setup.exe

 
 ========== ZeroAccess Check ==========

 

[2009.10.24 11:43:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2009.04.29 05:33:23 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

Code:

OTL Extras logfile created on: 05.02.2013 11:40:16 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Programme

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: *** | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014,36 Mb Total Physical Memory | 406,45 Mb Available Physical Memory | 40,07% Memory free

2,38 Gb Paging File | 1,81 Gb Available in Paging File | 75,86% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 71,29 Gb Total Space | 37,38 Gb Free Space | 52,44% Space Free | Partition Type: NTFS

Drive E: | 71,90 Gb Total Space | 11,79 Gb Free Space | 16,39% Space Free | Partition Type: NTFS

 

Computer Name: *** | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Opera.HTML] -- C:\Programme\Opera 10.01 STANDARD\opera.exe (Opera Software)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Programme\Opera 10.01 STANDARD\opera.exe" (Opera Software)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VLC 1.0.5.\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with FastStone] -- "C:\Programme\FastStone Image Viewer\FSViewer.exe" "%1" ()

Directory [dm Fotowelt] -- "C:\Programme\dm\dm Fotowelt\dm Fotowelt.exe" "%1"

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VLC 1.0.5.\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)

"C:\Programme\Opera 10.50 Beta\opera.exe" = C:\Programme\Opera 10.50 Beta\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Programme\Opera 10.01 neu\opera.exe" = C:\Programme\Opera 10.01 neu\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional

"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51

"{0819B21B-E958-438C-B06C-5A54C98833E9}" = DSL Connection Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F0AD6E9-83F8-40DB-8ED2-6534DC26B3C0}" = Opera 10.50

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7A690610-D345-4889-98E0-CC2153718A46}_is1" = Mausarm 1.0.1

"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{95A36786-E9A6-4CC8-AE28-29D038DDBDC6}" = Opera 11.52

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite

"{BD49141C-188C-4B75-9F46-C2C42F2D1031}" = Nero 7 Essentials

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD

"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller

"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2

"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Avira AntiVir Desktop" = Avira Free Antivirus

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP

"EPSON PX700W Series" = EPSON PX700W Series Printer Uninstall

"EPSON Scanner" = EPSON Scan

"EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Benutzerhandbuch" = EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Handbuch

"FastStone Image Viewer" = FastStone Image Viewer 4.6

"Fox Magic Audio Recorder_is1" = Fox Magic Audio Recorder 1.0

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"ie8" = Windows Internet Explorer 8

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Netzmanager" = Netzmanager

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Toolbar3_is1" = Toolbar 3.0 der Telekom

"Trillian" = Trillian

"VLC media player" = VLC media player 1.0.5

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"YTdetect" = Yahoo! Detect

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 03.01.2013 19:51:29 | Computer Name = *** | Source = Windows Search Service | ID = 3024

Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf

 die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung

 erneut.  Kontext: Windows Anwendung, SystemIndex Katalog 

 

Error - 16.01.2013 07:46:11 | Computer Name = *** | Source = Windows Search Service | ID = 3013

Description = Eintrag <C:\__E - VERSCHOBENEN DATEIEN\FOTOS & BILDER VON E AUF C\MARILYN\44-45_DAVID

 CONOVER\45-B.SUMMER_DUNGAREES & STRIPED_CONOVER (04C).JPG> in der Hash-Zuordnung

 kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex Katalog  Details:

        Ein

 an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 

 

[ System Events ]

Error - 04.02.2013 12:11:31 | Computer Name = *** | Source = Service Control Manager | ID = 7016

Description = Der Dienst "BrSplService" hat einen ungültigen aktuellen Status gemeldet:

 0

 

Error - 04.02.2013 12:38:31 | Computer Name = *** | Source = Service Control Manager | ID = 7016

Description = Der Dienst "BrSplService" hat einen ungültigen aktuellen Status gemeldet:

 0

 

 

< End of report >

Übrigens sind die Befehle im aktuellen OTL fast alle auf Deutsch (z.B. Minimal-Ausgabe anstatt Minimal Output), nur für dich zur Info. Ich hoffe, mal, ich hab trotzdem die richtigen Buttons gedrückt.