Trojaner-Board - Fenster links unten in allen Browsern mit lästiger Werbung, teilweise falsche link weiterleitung, UpdatusUser in C:\Dokumente und Einstellu

Danke Leo für deine Gedult,

es war mein Fehler hatte in der Systemsteuerung Sicherheit auf hoch eingestellt gehabt. Jezt bei Standart beomme ich wieder Zugriff auf die neu heruntergeladenen Anwendungen und konnte so die Dateien erstellen. Hinweis für OTL mein Trojaner könnte älter sein als 30 Tage ich habe die Fenster einfach immer wieder geschlossen. Beim Scan war file age 30 Tage eingestellt.

Log von Gmer:GMER Logfile:

Code:

GMER 2.1.18952 - GMER - Rootkit Detector and Remover

Rootkit scan 2013-02-14 18:25:46

Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500620AS rev.HP12 465,76GB

Running: j1d1twbu.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kxtcypod.sys
 
 

---- System - GMER 2.1 ----
 

SSDT            B8741374                                                                                                   ZwClose

SSDT            B874132E                                                                                                   ZwCreateKey

SSDT            B874137E                                                                                                   ZwCreateSection

SSDT            B8741356                                                                                                   ZwCreateSymbolicLinkObject

SSDT            B8741324                                                                                                   ZwCreateThread

SSDT            B8741333                                                                                                   ZwDeleteKey

SSDT            B874133D                                                                                                   ZwDeleteValueKey

SSDT            B874136F                                                                                                   ZwDuplicateObject

SSDT            B874135B                                                                                                   ZwLoadDriver

SSDT            B8741342                                                                                                   ZwLoadKey

SSDT            B8741310                                                                                                   ZwOpenProcess

SSDT            B8741351                                                                                                   ZwOpenSection

SSDT            B8741315                                                                                                   ZwOpenThread

SSDT            B8741397                                                                                                   ZwQueryValueKey

SSDT            B874134C                                                                                                   ZwReplaceKey

SSDT            B8741388                                                                                                   ZwRequestWaitReplyPort

SSDT            B8741347                                                                                                   ZwRestoreKey

SSDT            B8741383                                                                                                   ZwSetContextThread

SSDT            B874138D                                                                                                   ZwSetSecurityObject

SSDT            B8741360                                                                                                   ZwSetSystemInformation

SSDT            B8741338                                                                                                   ZwSetValueKey

SSDT            B8741392                                                                                                   ZwSystemDebugControl

SSDT            \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0xB4C7A640]

SSDT            B874131A                                                                                                   ZwWriteVirtualMemory
 

---- Kernel code sections - GMER 2.1 ----
 

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                   section is writeable [0xB7666360, 0x3441C7, 0xE8000020]

?               C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys                                                 Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch. !
 

---- User code sections - GMER 2.1 ----
 

.text           C:\WINDOWS\system32\SearchIndexer.exe[1672] kernel32.dll!WriteFile                                         7C8112FF 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                   fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- EOF - GMER 2.1 ----

--- --- ---

Log von OTL:OTL Logfile:

Code:

OTL logfile created on: 14.02.2013 18:34:59 - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 63,84% Memory free

3,85 Gb Paging File | 3,10 Gb Available in Paging File | 80,50% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97,66 Gb Total Space | 33,84 Gb Free Space | 34,65% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 128,92 Gb Free Space | 35,02% Space Free | Partition Type: NTFS

Drive E: | 155,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 1,90 Gb Total Space | 1,33 Gb Free Space | 70,13% Space Free | Partition Type: FAT

 

Computer Name: PC-OFFICE | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL(1).exe (OldTimer Tools)

PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)

PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

PRC - C:\Programme\MAGIX\PC_Check_Tuning_2010\MxTray.exe ()

PRC - C:\Programme\MultiScreen\MultiScreen.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()

MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()

MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MxTray.exe ()

MOD - C:\Programme\MultiScreen\MultiScreen.exe ()

MOD - C:\Programme\MultiScreen\MGResGer.dll ()

MOD - C:\Programme\MultiScreen\SmartMouseDll.dll ()

MOD - C:\Programme\MultiScreen\TitleBar.dll ()

MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MFL_u_VC8.dll ()

MOD - C:\WINDOWS\system32\redmonnt.dll ()

MOD - C:\WINDOWS\system32\DLAAPI_W.DLL ()

MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\PlayRIpl.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe File not found

SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe File not found

SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Fabs) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)

SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)

SRV - (IDriverT) -- C:\Programme\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (XE103Sp50) -- System32\Drivers\XE103Sp50.sys File not found

DRV - (WDICA) --  File not found

DRV - (UsbserFilt) -- system32\DRIVERS\usbser_lowerfltj.sys File not found

DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found

DRV - (PLCND532) -- System32\Drivers\PLCND532.sys File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (nmwcdc) -- system32\drivers\ccdcmbo.sys File not found

DRV - (nmwcd) -- system32\drivers\ccdcmb.sys File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (cpuz132) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys File not found

DRV - (Changer) --  File not found

DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NPF_devolo) -- C:\WINDOWS\system32\drivers\npf_devolo.sys (CACE Technologies)

DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)

DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=crm&q={searchTerms}&locale=de_AT&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=38e7eb38-20f7-4b38-b2d2-c08916eef00e&apn_sauid=7D808DDA-7FA3-4AEA-B816-C15858EF99F2

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\..\SearchScopes\{5F8FAE8B-F1B0-4249-BB0E-97F398CBC45F}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2

FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10263&locale=de_AT&apn_uid=38e7eb38-20f7-4b38-b2d2-c08916eef00e&apn_ptnrs=%5EAGU&apn_sauid=7D808DDA-7FA3-4AEA-B816-C15858EF99F2&apn_dtid=%5EYYYYYY%5EYY%5EAT&&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.05 23:43:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.05 23:43:17 | 000,000,000 | ---D | M]

 

[2009.02.18 20:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2013.02.14 11:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x769mq17.default-1352027038390\extensions

[2012.12.18 10:07:08 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x769mq17.default-1352027038390\extensions\toolbar@ask.com

[2013.02.14 11:35:55 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x769mq17.default-1352027038390\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.12.18 10:07:08 | 000,002,344 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x769mq17.default-1352027038390\searchplugins\askcom.xml

[2013.02.05 23:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.02.05 23:43:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2013.02.05 23:43:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2013.02.05 23:43:24 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.31 15:38:54 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: 

CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\24.0.1312.57\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Programme\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

CHR - Extension: Satellite Online TV = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aniecmkkinhaaeeghhjgohmjlcnlfgcm\1.3.2_0\

CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Maps and Earth = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\hppiciinjfjmpgeofldemcepljbepnda\1.0_0\

CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.07.07 09:50:08 | 000,001,401 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 68.168.222.227 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.

O1 - Hosts: 68.168.222.227 ad-emea.doubleclick.net.

O1 - Hosts: 68.168.222.227 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.

O1 - Hosts: 108.163.215.51 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.

O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.

O1 - Hosts: 108.163.215.51 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-1422273387-519994863-429366401-500\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [HP-Diags] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\HPISPz\hpdom\hpdiags.exe File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\.DEFAULT..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden File not found

O4 - HKU\.DEFAULT..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()

O4 - HKU\S-1-5-18..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden File not found

O4 - HKU\S-1-5-18..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()

O4 - HKU\S-1-5-21-1422273387-519994863-429366401-500..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()

O4 - HKU\S-1-5-21-1422273387-519994863-429366401-500..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Com4Tel [2013.02.08 13:52:31 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1422273387-519994863-429366401-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1422273387-519994863-429366401-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1422273387-519994863-429366401-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)

O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234177490890 (MUWebControl Class)

O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.9

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFB8A2F-2ADD-4D0A-ACF5-55BDAB68EB5C}: DhcpNameServer = 192.168.0.9

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.02.09 09:12:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2012.03.06 14:41:25 | 017,174,552 | R--- | M] (devolo AG) - E:\autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2012.03.06 14:41:01 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{dd38109a-07d4-11de-87be-002185d076ae}\Shell\AutoRun\command - "" = J:\web'n'walk_Helper.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.14 14:43:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL(1).exe

[2013.02.11 21:46:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com

[2013.02.11 21:46:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com

[2013.02.11 21:46:20 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware

[2013.02.11 18:30:56 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2013.02.11 18:30:50 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2013.02.11 18:30:50 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2013.02.11 18:30:50 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2013.02.10 19:41:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2013.02.10 19:41:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2013.02.10 19:41:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\MFAData

[2013.02.10 19:41:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Avg2013

[2013.02.07 21:50:47 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent

[2013.02.07 21:23:24 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2013.02.07 19:40:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DriverCure

[2013.02.07 19:40:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SpeedMaxPc

[2013.02.07 19:40:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedMaxPc

[2013.02.07 17:22:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\McAfee

[2013.02.05 23:43:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox

[2013.02.01 21:14:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2013.02.01 21:13:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2013.02.01 21:13:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2013.02.01 21:13:51 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013.02.01 21:13:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2013.02.01 20:26:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth

[2013.01.26 21:18:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\PIL Login page-Dateien

[2013.01.21 15:42:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\devolo

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.14 18:42:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2013.02.14 18:34:01 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013.02.14 18:31:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013.02.14 18:30:21 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013.02.14 18:30:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\PCCT - MAGIX AG.job

[2013.02.14 18:30:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013.02.14 18:17:10 | 000,001,242 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1422273387-519994863-429366401-500UA.job

[2013.02.14 18:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013.02.14 14:52:46 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable

[2013.02.14 14:45:36 | 000,374,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\j1d1twbu.exe

[2013.02.14 14:44:25 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger(1).exe

[2013.02.14 14:42:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL(1).exe

[2013.02.14 13:47:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 0a0d977d-d4ea-4456-a42b-3188a2ea2c2b.job

[2013.02.14 03:29:02 | 000,372,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013.02.14 03:08:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013.02.14 03:04:34 | 000,477,524 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2013.02.14 03:04:34 | 000,435,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013.02.14 03:04:34 | 000,091,594 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2013.02.14 03:04:34 | 000,068,766 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013.02.14 02:00:16 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 1696affe-5393-465f-a07d-c14216770ca6.job

[2013.02.13 23:17:01 | 000,001,190 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1422273387-519994863-429366401-500Core.job

[2013.02.13 14:54:11 | 000,045,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.02.12 08:07:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013.02.11 21:46:23 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013.02.11 18:30:40 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll

[2013.02.11 18:30:40 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2013.02.11 18:30:40 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2013.02.11 18:30:40 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2013.02.11 18:30:40 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2013.02.11 18:30:40 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2013.02.11 18:30:39 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2013.02.08 18:16:32 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013.02.08 18:16:31 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013.02.06 10:40:19 | 000,000,009 | ---- | M] () -- C:\WINDOWS\tasks\apc.cache

[2013.02.01 21:13:53 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013.01.31 16:19:26 | 000,002,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Google Chrome.lnk

[2013.01.29 22:55:49 | 000,001,019 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini

[2013.01.26 21:18:57 | 000,007,573 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\PIL Login page.htm

[2013.01.26 04:55:37 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll

[2013.01.22 23:33:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013.01.21 15:42:50 | 000,001,751 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dLAN AVpro manager.lnk

[2013.01.18 22:38:03 | 003,619,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.02.14 14:52:46 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable

[2013.02.14 14:45:48 | 000,374,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\j1d1twbu.exe

[2013.02.14 14:44:39 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger(1).exe

[2013.02.11 21:47:16 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 1696affe-5393-465f-a07d-c14216770ca6.job

[2013.02.11 21:47:16 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 0a0d977d-d4ea-4456-a42b-3188a2ea2c2b.job

[2013.02.11 21:46:23 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013.02.06 10:40:19 | 000,000,009 | ---- | C] () -- C:\WINDOWS\tasks\apc.cache

[2013.02.01 21:13:53 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013.01.26 21:18:55 | 000,007,573 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\PIL Login page.htm

[2013.01.21 15:42:50 | 000,001,751 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dLAN AVpro manager.lnk

[2013.01.20 00:51:23 | 006,144,832 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\avproman.pdf

[2013.01.10 04:10:17 | 000,925,864 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2012.08.19 11:22:40 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI

[2012.07.25 08:15:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.02.15 23:54:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.09.24 12:58:16 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011.09.24 12:58:16 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011.09.24 12:58:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011.09.24 12:58:03 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011.09.11 13:58:32 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2011.08.31 18:03:48 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe

[2011.08.24 16:20:27 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Speed.INI

[2009.10.12 22:11:57 | 000,045,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.26 16:04:49 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\rx_image.Cache

[2009.03.03 15:19:10 | 000,022,641 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft Access.ADR

[2009.02.11 13:52:42 | 000,072,462 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firstlsp.reg.dat

 
 ========== ZeroAccess Check ==========

 

[2009.02.09 12:16:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008.10.16 02:00:25 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 14.02.2013 18:34:59 - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 63,84% Memory free

3,85 Gb Paging File | 3,10 Gb Available in Paging File | 80,50% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97,66 Gb Total Space | 33,84 Gb Free Space | 34,65% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 128,92 Gb Free Space | 35,02% Space Free | Partition Type: NTFS

Drive E: | 155,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 1,90 Gb Total Space | 1,33 Gb Free Space | 70,13% Space Free | Partition Type: FAT

 

Computer Name: PC-OFFICE | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_USERS\S-1-5-21-1422273387-519994863-429366401-500\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML.EDY7DE26IT25WRYYOUTUW4JPP4] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- Reg Error: Value error.

https [open] -- Reg Error: Value error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater

"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process 

"C:\Programme\WS_FTP\WS_FTP95.exe" = C:\Programme\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)

"C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Programme\devolo\dlanavpromanager\avpromanager.exe" = C:\Programme\devolo\dlanavpromanager\avpromanager.exe:*:Enabled:devolo dLAN AVpro manager -- (devolo AG)

"C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe" = C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe:*:Enabled:Samsung AllShare Service

"C:\Programme\Samsung\AllShare\AllShare.exe" = C:\Programme\Samsung\AllShare\AllShare.exe:*:Enabled:Samsung AllShare Player

"C:\Programme\Samsung\AllShare\AllShareAgent.exe" = C:\Programme\Samsung\AllShare\AllShareAgent.exe:*:Enabled:Samsung AllShare Agent

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}" = Brother MFL-Pro Suite MFC-6490CW

"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{040D1A85-B611-9993-AE2C-96416C0C5B0B}" = CCC Help Japanese

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{0C300F30-CD82-930F-3521-C10C98D2CA54}" = CCC Help French

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0EB82BB5-F16A-4906-A001-CE8AFC65BBE5}" = MAGIX Fotos auf DVD 2013 Deluxe

"{0EDB0E51-98BE-A373-286E-949CE9C002C0}" = Catalyst Control Center Localization French

"{0F7FA399-10EF-9215-E532-7E3DF5C6691B}" = CCC Help Russian

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1C1B0C86-FC99-00C2-10E8-17DE3153245A}" = Catalyst Control Center Graphics Full Existing

"{1C52C11F-CABE-0964-CD11-0ABEDC49CC27}" = CCC Help Czech

"{1EB9143F-0B7D-062A-E0F5-591FCDAAD2D1}" = ccc-core-static

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{21626C9C-C23E-5E4F-5413-465619E4B80A}" = Catalyst Control Center Localization Spanish

"{268F703B-1628-F2FA-968A-74934894DBB1}" = CCC Help Norwegian

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37

"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13

"{26A8B301-A93A-59BA-0ACA-C2A997B0EE87}" = Catalyst Control Center Core Implementation

"{28A70C20-7CAB-CC63-0B35-EE8375D33FC5}" = Catalyst Control Center Localization Czech

"{2A3BA296-9E2B-3901-5DFE-21DD97111E85}" = CCC Help Danish

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{305EA29C-2502-39FE-73CE-C578BA496B0D}" = CCC Help Turkish

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{38C9D10F-8A49-09AF-15E5-D47B2FDBEC0C}" = CCC Help Italian

"{450CFD4D-7E60-3839-D0FA-56DB08675447}" = dLAN Cockpit

"{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}" = MAGIX Slideshow Maker 2

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A2607B0-2E92-7664-A3CB-0145E70B3B88}" = CCC Help Chinese Standard

"{4CB7544E-0EB9-86E2-9311-D962042E8D6A}" = Catalyst Control Center Localization Dutch

"{4D134965-B04C-E9A6-EEE2-8266E35B532B}" = CCC Help Swedish

"{4F788AB9-6295-0582-DBD6-F40AC3BB64E6}" = CCC Help Polish

"{578CD35B-D09E-5E7B-F13D-E32403C6B248}" = Skins

"{59A72098-8E27-0331-E760-5F7BED843834}" = Catalyst Control Center Localization Norwegian

"{5A2C499A-B689-4CF4-8441-DD659164B939}" = MAGIX Speed burnR (MSI)

"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR

"{5B565403-C0F9-0841-2A39-F17AC8AD5D73}" = Catalyst Control Center Localization Russian

"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard

"{5FB68A40-3F22-E66A-523E-4BBEEB5AFA36}" = CCC Help Chinese Traditional

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{67176D8E-3563-1BE3-EC3B-4862B2368D0B}" = Catalyst Control Center Graphics Full New

"{6BB9609E-E712-52AE-6600-1959C57F8C33}" = VVT TimeView

"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6E6FF6CD-9CF3-4434-BB5D-24943FD54FFC}" = MAGIX Foto Manager MX Deluxe

"{6EAB5CEE-D92A-050A-1111-FEEAD2289815}" = CCC Help Finnish

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{71972D00-4596-11E2-B6EA-B8AC6F97B88E}" = Google Earth Plug-in

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{760A765D-DE1D-6D8F-DE46-2452EB921F95}" = Catalyst Control Center Localization Thai

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7D80F3EA-A307-046D-9E3D-D55E615E01B4}" = Catalyst Control Center Graphics Light

"{7FAC6A26-7A86-45C5-A8C9-EA0469493751}" = Fotos auf DVD 2013 Deluxe Update

"{81C037CE-E2E6-86B8-4166-AB066E3811AE}" = ccc-core-preinstall

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{8403DCC6-1818-AA0F-C8C0-20BFB58FFA86}" = CCC Help Dutch

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E921590-3B1C-1A44-3A71-929429288D78}" = Catalyst Control Center Localization Portuguese

"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{913E0B2A-33D2-80AF-1950-4B6192ABE788}" = CCC Help Korean

"{923A0208-C81E-2393-6352-9851DDD17F12}" = CCC Help Portuguese

"{98262B6F-341B-30CA-0D01-1C9F5BAC6A3B}" = CCC Help Greek

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3EA0D72-508F-73C0-AE38-AF9C7F1D1D90}" = Catalyst Control Center Localization Polish

"{A41DF9EB-AF70-DFC5-B097-D307C440362C}" = Catalyst Control Center Localization Chinese Traditional

"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager

"{A8833100-1481-11D4-9731-00C04F8EEB39}" = Macromedia Fireworks 4

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A98FEF3A-0175-0A74-CFF8-022671D19F0C}" = Catalyst Control Center Localization Turkish

"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch

"{ADFDA1A6-DD18-44AA-A4FB-CDE2F00A59D5}" = Catalyst Control Center - Branding

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.94

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B995F1C0-7AAC-4378-AD11-9A0ECF05A4B6}" = MAGIX Online Druck Service

"{BCD45997-059C-73A5-E705-324F28912973}" = Catalyst Control Center Localization Chinese Standard

"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2

"{BE89CC37-B5F6-4AC9-8E5B-1152DCA35AEA}" = MAGIX Foto Premium 10

"{C02D9CE7-99F5-6D2A-4247-1B0F0158F60A}" = CCC Help English

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0FCF981-59C5-0768-AB93-4CB3DDE448D7}" = Catalyst Control Center Localization Greek

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C8578CA1-4171-E217-27D7-9AC9DDD56D72}" = Catalyst Control Center Localization Hungarian

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery

"{CD7F2B92-7FBE-6FFB-0089-34C14871E35C}" = ccc-utility

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D087FF0C-CCBD-AD0F-FC92-F879DFD3365B}" = Catalyst Control Center Localization German

"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0

"{DB2514BB-F044-369F-E8DC-73C49C7F34DE}" = Catalyst Control Center Localization Swedish

"{DBBE5C26-72B7-4E01-950D-86BDE35918ED}" = Embedded Security for HP ProtectTools Driver

"{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution

"{DE87E4F8-FB4F-DE67-F077-7D1565934CC1}" = Catalyst Control Center Localization Finnish

"{E0E1F46C-F369-FFC7-4DDC-FA31716EAE68}" = CCC Help Hungarian

"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen

"{E4D96780-A590-B2EF-293E-94C457D4FD86}" = Catalyst Control Center Localization Japanese

"{E7648534-1301-CD0A-01EA-E45EED36CB2F}" = Catalyst Control Center Localization Danish

"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser

"{EBCAF9DA-F46E-A965-E178-36FBE249C6D7}" = CCC Help German

"{EC30923B-B842-B810-6C14-196FC2E4341E}" = Catalyst Control Center Localization Korean

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0EC1F96-20F7-0B38-AF5B-58E7040065DC}" = CCC Help Spanish

"{F394BEFF-527E-4038-A6D4-A68D795A4E40}" = MAGIX Screenshare

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F4752B11-C032-104B-EB38-BA5EB2391A91}" = CCC Help Thai

"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support

"{F6456914-2174-BE2A-D051-22E56A8E0788}" = Catalyst Control Center Localization Italian

"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = eXPert PDF 6

"{FC53E9D6-DC7F-42B7-90ED-804F4184BD18}" = NETGEAR XAV101v2 and XAV1501 Configuration Utility

"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller

"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira Antivirus Premium

"Com4Tel" = Com4Tel B5

"DeInst_d2vexcrd C:/Programme/Austrian Map Fly" = AMap Fly basierend auf Geogrid®-Viewer Version 3.1

"dlanavmanager" = devolo dLAN AVpro manager

"DXF Editor 1" = DXF Editor 1

"ESET Online Scanner" = ESET Online Scanner v3

"FreePDF_XP" = FreePDF XP (Remove only)

"Geogrid_DPV" = Geogrid® DPV

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{FC53E9D6-DC7F-42B7-90ED-804F4184BD18}" = NETGEAR XAV101v2 and XAV1501-Konfigurationsprogramm

"Invekos-GIS" = Invekos-GIS

"MAGIX PC Check & Tuning 2010 D" = MAGIX PC Check & Tuning 2010 5.0.25.701 (D)

"MAGIX_{0EB82BB5-F16A-4906-A001-CE8AFC65BBE5}" = MAGIX Fotos auf DVD 2013 Deluxe

"MAGIX_{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}" = MAGIX Slideshow Maker 2

"MAGIX_{5A2C499A-B689-4CF4-8441-DD659164B939}" = MAGIX Speed burnR (MSI)

"MAGIX_{6E6FF6CD-9CF3-4434-BB5D-24943FD54FFC}" = MAGIX Foto Manager MX Deluxe

"MAGIX_MSI_Foto_Grafik_Designer_6_FP10" = MAGIX Foto & Grafik Designer 6

"MAGIX_MSI_Foto_Premium_10" = MAGIX Foto Premium 10

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"VLC media player" = VLC media player 2.0.5

"vvt.at.vvtmonitor" = VVT TimeView

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinPcapInst" = WinPcap 4.0.2

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1422273387-519994863-429366401-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

"Google Chrome" = Google Chrome

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 06.02.2013 18:22:38 | Computer Name = PC-OFFICE | Source = Bonjour Service | ID = 100

Description = 

 

Error - 07.02.2013 11:08:55 | Computer Name = PC-OFFICE | Source = Bonjour Service | ID = 100

Description = 

 

Error - 07.02.2013 11:08:55 | Computer Name = PC-OFFICE | Source = Bonjour Service | ID = 100

Description = 

 

Error - 07.02.2013 11:08:55 | Computer Name = PC-OFFICE | Source = Bonjour Service | ID = 100

Description = 

 

Error - 07.02.2013 16:42:43 | Computer Name = PC-OFFICE | Source = SamsungAllShareV2.0 | ID = 0

Description = 

 

Error - 09.02.2013 04:44:13 | Computer Name = PC-OFFICE | Source = Windows Search Service | ID = 3038

Description = Gatherer kann Registrierung DocIdMapFile nicht lesen.  Kontext:  Anwendung,

 SystemIndex Katalog  Details:  Das System kann die angegebene Datei nicht finden.  

 (0x80070002) 

 

Error - 09.02.2013 04:44:21 | Computer Name = PC-OFFICE | Source = Windows Search Service | ID = 3028

Description = Das Gatherer-Objekt kann nicht initialisiert werden.  Kontext: Windows

 Anwendung, SystemIndex Katalog  Details:  Der Registrierungswert kann nicht gelesen

 werden, da die Konfiguration ungültig ist. Erstellen Sie die Inhaltsindexkonfiguration

 erneut, indem Sie den Inhaltsindex entfernen.   (0x80040d03) 

 

Error - 09.02.2013 04:44:21 | Computer Name = PC-OFFICE | Source = Windows Search Service | ID = 3058

Description = Die Anwendung kann nicht initialisiert werden.  Kontext: Windows Anwendung
 

Details:

        Der

 Registrierungswert kann nicht gelesen werden, da die Konfiguration ungültig ist.

 Erstellen Sie die Inhaltsindexkonfiguration erneut, indem Sie den Inhaltsindex 

entfernen.   (0x80040d03) 

 

Error - 11.02.2013 13:18:36 | Computer Name = PC-OFFICE | Source = Userenv | ID = 1512

Description = Die Registrierungsdatei konnte nicht entladen werden. Der für die 

Registrierung verwendete Arbeitsspeicher wurde nicht freigegeben. Dies wird oft 

durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen

 Sie die Dienste entweder unter dem Konto "LocalService" oder "NetworkService" auszuführen.

 Wenden Sie sich an den Netzwerkadministrator, wenn das Problem weiterhin besteht.

       Details - Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

 

 

Error - 13.02.2013 22:11:43 | Computer Name = PC-OFFICE | Source = .NET Runtime Optimization Service | ID = 1101

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Failed to compile: System.Web.DynamicData, Version=3.5.0.0, Culture=neutral, 

PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020  

 

[ Application Events ]

Error - 06.02.2013 18:22:38 | Computer Name = PC-OFFICE | Source = Bonjour Service | ID = 100

Description = 

 

Error - 07.02.2013 11:08:55 | Computer Name = PC-OFFICE | Source = Bonjour Service | ID = 100

Description = 

 

Error - 07.02.2013 11:08:55 | Computer Name = PC-OFFICE | Source = Bonjour Service | ID = 100

Description = 

 

Error - 07.02.2013 11:08:55 | Computer Name = PC-OFFICE | Source = Bonjour Service | ID = 100

Description = 

 

Error - 07.02.2013 16:42:43 | Computer Name = PC-OFFICE | Source = SamsungAllShareV2.0 | ID = 0

Description = 

 

Error - 09.02.2013 04:44:13 | Computer Name = PC-OFFICE | Source = Windows Search Service | ID = 3038

Description = Gatherer kann Registrierung DocIdMapFile nicht lesen.  Kontext:  Anwendung,

 SystemIndex Katalog  Details:  Das System kann die angegebene Datei nicht finden.  

 (0x80070002) 

 

Error - 09.02.2013 04:44:21 | Computer Name = PC-OFFICE | Source = Windows Search Service | ID = 3028

Description = Das Gatherer-Objekt kann nicht initialisiert werden.  Kontext: Windows

 Anwendung, SystemIndex Katalog  Details:  Der Registrierungswert kann nicht gelesen

 werden, da die Konfiguration ungültig ist. Erstellen Sie die Inhaltsindexkonfiguration

 erneut, indem Sie den Inhaltsindex entfernen.   (0x80040d03) 

 

Error - 09.02.2013 04:44:21 | Computer Name = PC-OFFICE | Source = Windows Search Service | ID = 3058

Description = Die Anwendung kann nicht initialisiert werden.  Kontext: Windows Anwendung
 

Details:

        Der

 Registrierungswert kann nicht gelesen werden, da die Konfiguration ungültig ist.

 Erstellen Sie die Inhaltsindexkonfiguration erneut, indem Sie den Inhaltsindex 

entfernen.   (0x80040d03) 

 

Error - 11.02.2013 13:18:36 | Computer Name = PC-OFFICE | Source = Userenv | ID = 1512

Description = Die Registrierungsdatei konnte nicht entladen werden. Der für die 

Registrierung verwendete Arbeitsspeicher wurde nicht freigegeben. Dies wird oft 

durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen

 Sie die Dienste entweder unter dem Konto "LocalService" oder "NetworkService" auszuführen.

 Wenden Sie sich an den Netzwerkadministrator, wenn das Problem weiterhin besteht.

       Details - Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

 

 

Error - 13.02.2013 22:11:43 | Computer Name = PC-OFFICE | Source = .NET Runtime Optimization Service | ID = 1101

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Failed to compile: System.Web.DynamicData, Version=3.5.0.0, Culture=neutral, 

PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020  

 

[ System Events ]

Error - 07.02.2013 16:37:23 | Computer Name = PC-OFFICE | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst ServiceLayer.

 

Error - 07.02.2013 16:37:23 | Computer Name = PC-OFFICE | Source = Service Control Manager | ID = 7000

Description = Der Dienst "ServiceLayer" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1053

 

Error - 07.02.2013 16:37:26 | Computer Name = PC-OFFICE | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "ServiceLayer"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {ACF50018-41F8-476D-85FD-CD953DAE4A49}

 

Error - 07.02.2013 16:37:26 | Computer Name = PC-OFFICE | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst ServiceLayer.

 

Error - 07.02.2013 16:37:26 | Computer Name = PC-OFFICE | Source = Service Control Manager | ID = 7000

Description = Der Dienst "ServiceLayer" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1053

 

Error - 09.02.2013 04:44:24 | Computer Name = PC-OFFICE | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem

 Fehler beendet: 2147749155 (0x80040D23).

 

Error - 09.02.2013 04:45:03 | Computer Name = PC-OFFICE | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "WSearch"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

Error - 09.02.2013 04:45:03 | Computer Name = PC-OFFICE | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows

 Search.

 

Error - 09.02.2013 04:45:03 | Computer Name = PC-OFFICE | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

Error - 11.02.2013 13:24:51 | Computer Name = PC-OFFICE | Source = Service Control Manager | ID = 7034

Description = Dienst "Kaspersky Security Scan Service" wurde unerwartet beendet.

 Dies ist bereits 1 Mal passiert.

 

 

< End of report >

--- --- ---

Hallo Leo,

danke für die schnelle antwort. Hier die gewünschten logs:

# AdwCleaner v2.112 - Datei am 14/02/2013 um 21:28:59 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Administrator - PC-OFFICE
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner0.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x769mq17.default-1352027038390\searchplugins\Askcom.xml
Datei Gelöscht : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AskToolbar
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x769mq17.default-1352027038390\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AskToolbar
Ordner Gelöscht : C:\Programme\Ask.com
Ordner Gelöscht : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.17117

Combofix Logfile:

Code:

ComboFix 13-02-13.02 - Administrator 14.02.2013  21:45:30.1.4 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.43.1031.18.2047.1347 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\Administrator\WINDOWS

c:\dokumente und einstellungen\All Users\Anwendungsdaten\DragToDiscUserNameE.txt

c:\windows\IsUn0407.exe

D:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-01-14 bis 2013-02-14  ))))))))))))))))))))))))))))))

.

.

2013-02-11 20:46 . 2013-02-11 20:46        --------        dc----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com

2013-02-11 20:46 . 2013-02-14 17:31        --------        d-----w-        c:\programme\SUPERAntiSpyware

2013-02-11 20:46 . 2013-02-11 20:46        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com

2013-02-11 17:30 . 2013-02-11 17:30        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

2013-02-10 18:41 . 2013-02-10 19:52        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData

2013-02-10 18:41 . 2013-02-10 18:41        --------        d--h--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files

2013-02-10 18:41 . 2013-02-10 18:41        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\MFAData

2013-02-10 18:41 . 2013-02-10 18:41        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Avg2013

2013-02-07 20:23 . 2013-02-07 20:23        --------        d-----w-        c:\programme\ESET

2013-02-07 18:40 . 2013-02-07 18:40        --------        dc----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DriverCure

2013-02-07 18:40 . 2013-02-07 18:40        --------        dc----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SpeedMaxPc

2013-02-07 18:40 . 2013-02-11 16:24        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SpeedMaxPc

2013-02-07 16:22 . 2013-02-07 16:22        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\McAfee

2013-02-01 20:14 . 2013-02-01 20:14        --------        dc----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes

2013-02-01 20:13 . 2013-02-01 20:13        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2013-02-01 20:13 . 2013-02-01 20:13        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2013-02-01 20:13 . 2012-12-14 15:49        21104        ----a-w-        c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-11 17:30 . 2012-07-09 20:07        861088        ----a-w-        c:\windows\system32\npdeployJava1.dll

2013-02-11 17:30 . 2012-07-09 20:07        143872        ----a-w-        c:\windows\system32\javacpl.cpl

2013-02-11 17:30 . 2011-03-03 14:56        782240        ----a-w-        c:\windows\system32\deployJava1.dll

2013-02-08 17:16 . 2012-04-06 08:06        697712        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-02-08 17:16 . 2011-05-21 09:00        74096        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-26 03:55 . 2008-04-14 06:52        552448        --sh--w-        c:\windows\system32\oleaut32.dll

2013-01-07 07:24 . 2008-04-14 06:29        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-01-07 07:24 . 2008-04-14 07:30        2030080        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2013-01-04 10:09 . 2008-04-14 06:23        1867392        ----a-w-        c:\windows\system32\win32k.sys

2013-01-02 06:49 . 2008-04-14 06:53        148992        ----a-w-        c:\windows\system32\mpg2splt.ax

2013-01-02 06:49 . 2008-04-14 06:52        1297920        ----a-w-        c:\windows\system32\quartz.dll

2012-12-26 20:37 . 2008-04-14 06:52        832512        ----a-w-        c:\windows\system32\wininet.dll

2012-12-26 20:37 . 2008-04-14 06:53        1830912        ------w-        c:\windows\system32\inetcpl.cpl

2012-12-26 20:37 . 2008-04-14 06:52        78336        ----a-w-        c:\windows\system32\ieencode.dll

2012-12-26 20:37 . 2008-04-14 06:52        17408        ----a-w-        c:\windows\system32\corpol.dll

2012-12-18 08:57 . 2012-12-18 09:06        36552        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-12-18 08:57 . 2012-12-18 09:06        83944        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-12-18 08:57 . 2012-12-18 09:06        134336        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-12-16 12:23 . 2008-04-14 06:50        290560        ----a-w-        c:\windows\system32\atmfd.dll

2012-11-20 13:55 . 2012-11-20 13:55        81920        ----a-w-        c:\windows\system32\devolopacket.dll

2012-11-20 13:55 . 2012-11-20 13:55        35840        ----a-w-        c:\windows\system32\drivers\npf_devolo.sys

2012-11-20 13:55 . 2012-11-20 13:55        221184        ----a-w-        c:\windows\system32\devolopcap.dll

2013-02-05 22:43 . 2013-02-05 22:43        262552        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

2011-02-08 13:33        978944        --sha-w-        c:\windows\system32\mfc42.dll

2008-04-14 06:52        57344        --sh--w-        c:\windows\system32\msvcirt.dll

2008-04-14 06:52        413696        --sh--w-        c:\windows\system32\msvcp60.dll

2008-04-14 06:52        343040        --sh--w-        c:\windows\system32\msvcrt.dll

2008-04-14 06:52        84992        --sh--w-        c:\windows\system32\olepro32.dll

2008-04-14 06:53        12288        --sh--w-        c:\windows\system32\regsvr32.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MultiScreen"="c:\programme\MultiScreen\MultiScreen.exe" [2009-08-11 303104]

"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]

"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]

"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]

"NvMediaCenter"="NvMCTray.dll" [2007-11-06 81920]

"nwiz"="nwiz.exe" [2007-11-06 1626112]

"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2012-10-25 421888]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2013-02-07 385248]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MultiScreen"="c:\programme\MultiScreen\MultiScreen.exe" [2009-08-11 303104]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Com4Tel

Com4Tel Hilfethemen.lnk - c:\windows\Help\Com4tel.hlp [2009-2-18 570693]

Com4Tel.lnk - c:\programme\Tenovis\Com4Tel\com4tel.exe [2009-2-18 278528]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\WS_FTP\\WS_FTP95.exe"=

"c:\\Programme\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Programme\\devolo\\dlanavpromanager\\avpromanager.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [18.12.2012 10:06 36552]

R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 17:27 12880]

R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 22:55 67664]

R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [11.07.2012 19:54 116608]

R2 AntiVirMailService;Avira Email Schutz;c:\programme\Avira\AntiVir Desktop\avmailc.exe [18.12.2012 10:06 400608]

R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.12.2012 10:06 86752]

R2 AntiVirWebService;Avira Browser-Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [18.12.2012 10:06 565472]

R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [24.05.2011 09:33 1840128]

R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [01.02.2013 21:13 398184]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [20.11.2012 14:55 35840]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.07.2008 11:31 44800]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01.02.2013 21:13 21104]

S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [01.02.2013 21:13 682344]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [26.04.2011 12:54 2702848]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06.11.2007 21:22 34064]

S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCND532.sys --> c:\windows\system32\Drivers\PLCND532.sys [?]

S3 XE103Sp50;XE103Sp50 NDIS Protocol Driver;c:\windows\system32\Drivers\XE103Sp50.sys --> c:\windows\system32\Drivers\XE103Sp50.sys [?]

.

Inhalt des "geplante Tasks" Ordners

.

2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:16]

.

2013-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-09 15:38]

.

2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-09 15:38]

.

2013-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422273387-519994863-429366401-500Core.job

- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-12-27 22:07]

.

2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422273387-519994863-429366401-500UA.job

- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-12-27 22:07]

.

2013-02-14 c:\windows\Tasks\PCCT - MAGIX AG.job

- c:\progra~1\MAGIX\PC_CHE~1\MxTray.exe [2010-01-21 07:13]

.

2013-02-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0a0d977d-d4ea-4456-a42b-3188a2ea2c2b.job

- c:\programme\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2013-02-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1696affe-5393-465f-a07d-c14216770ca6.job

- c:\programme\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://google.de/

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.0.9

FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x769mq17.default-1352027038390\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - ExtSQL: 2012-12-18 10:07; toolbar@ask.com; c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x769mq17.default-1352027038390\extensions\toolbar@ask.com

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKU-Default-Run-LightScribe Control Panel - c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe

AddRemove-Com4Tel - c:\windows\IsUn0407.exe

AddRemove-Austrian Map Fly - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-02-14 21:50

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@DACL=(02 0010)

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

@DACL=(02 0010)

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@DACL=(02 0010)

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@DACL=(02 0010)

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@DACL=(02 0010)

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@DACL=(02 0010)

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@DACL=(02 0010)

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(744)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'lsass.exe'(800)

c:\programme\Avira\AntiVir Desktop\avsda.dll

.

Zeit der Fertigstellung: 2013-02-14  21:52:38

ComboFix-quarantined-files.txt  2013-02-14 20:52

.

Vor Suchlauf: 8 Verzeichnis(se), 36.200.349.696 Bytes frei

Nach Suchlauf: 10 Verzeichnis(se), 36.796.440.576 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - 2B7E83A0AFBAE9AED1F6F57A385E9A04OTL Logfile:

--- --- ---

Code:

OTL logfile created on: 14.02.2013 21:57:18 - Run 5

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,54% Memory free

3,85 Gb Paging File | 3,35 Gb Available in Paging File | 87,03% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 97,66 Gb Total Space | 34,27 Gb Free Space | 35,09% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 128,91 Gb Free Space | 35,02% Space Free | Partition Type: NTFS

Drive E: | 155,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 1,90 Gb Total Space | 1,33 Gb Free Space | 70,13% Space Free | Partition Type: FAT

 

Computer Name: PC-OFFICE | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL(1).exe (OldTimer Tools)

PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\update.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\updrgui.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()

MOD - C:\Programme\Avira\AntiVir Desktop\scewxmlw.dll ()

MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\WINDOWS\system32\redmonnt.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe File not found

SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe File not found

SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Fabs) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)

SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)

SRV - (IDriverT) -- C:\Programme\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (XE103Sp50) -- System32\Drivers\XE103Sp50.sys File not found

DRV - (WDICA) --  File not found

DRV - (UsbserFilt) -- system32\DRIVERS\usbser_lowerfltj.sys File not found

DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found

DRV - (PLCND532) -- System32\Drivers\PLCND532.sys File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (nmwcdc) -- system32\drivers\ccdcmbo.sys File not found

DRV - (nmwcd) -- system32\drivers\ccdcmb.sys File not found

DRV - (mbr) -- C:\ComboFix\mbr.sys File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (Changer) --  File not found

DRV - (catchme) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys File not found

DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NPF_devolo) -- C:\WINDOWS\system32\drivers\npf_devolo.sys (CACE Technologies)

DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)

DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\@5\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1422273387-519994863-429366401-1007\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\..\SearchScopes\{5F8FAE8B-F1B0-4249-BB0E-97F398CBC45F}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1422273387-519994863-429366401-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.05 23:43:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.05 23:43:17 | 000,000,000 | ---D | M]

 

[2009.02.18 20:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2013.02.14 21:29:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x769mq17.default-1352027038390\extensions

[2013.02.14 11:35:55 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\x769mq17.default-1352027038390\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.02.05 23:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.02.05 23:43:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2013.02.05 23:43:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2013.02.05 23:43:24 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.31 15:38:54 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: 

CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\24.0.1312.57\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Programme\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

CHR - Extension: Satellite Online TV = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aniecmkkinhaaeeghhjgohmjlcnlfgcm\1.3.2_0\

CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Maps and Earth = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\hppiciinjfjmpgeofldemcepljbepnda\1.0_0\

CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2013.02.14 21:50:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\.DEFAULT..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()

O4 - HKU\@4..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden File not found

O4 - HKU\@5..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden File not found

O4 - HKU\S-1-5-18..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()

O4 - HKU\S-1-5-21-1422273387-519994863-429366401-500..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()

O4 - HKU\S-1-5-21-1422273387-519994863-429366401-500..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Com4Tel [2013.02.08 13:52:31 | 000,000,000 | ---D | M]

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\@4\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\@4\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\@5\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\@5\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1422273387-519994863-429366401-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1422273387-519994863-429366401-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1422273387-519994863-429366401-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1422273387-519994863-429366401-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1422273387-519994863-429366401-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863

O7 - HKU\S-1-5-21-1422273387-519994863-429366401-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)

O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234177490890 (MUWebControl Class)

O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.9

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFB8A2F-2ADD-4D0A-ACF5-55BDAB68EB5C}: DhcpNameServer = 192.168.0.9

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.02.09 09:12:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2012.03.06 14:41:25 | 017,174,552 | R--- | M] (devolo AG) - E:\autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2012.03.06 14:41:01 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.02.14 21:43:40 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013.02.14 21:41:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013.02.14 21:41:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013.02.14 21:41:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013.02.14 21:41:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013.02.14 21:40:52 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.02.14 21:40:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013.02.14 21:37:52 | 005,032,798 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe

[2013.02.14 14:43:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL(1).exe

[2013.02.11 21:46:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com

[2013.02.11 21:46:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com

[2013.02.11 21:46:20 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware

[2013.02.10 19:41:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2013.02.10 19:41:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2013.02.10 19:41:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\MFAData

[2013.02.10 19:41:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Avg2013

[2013.02.07 21:50:47 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent

[2013.02.07 21:23:24 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2013.02.07 19:40:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DriverCure

[2013.02.07 19:40:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SpeedMaxPc

[2013.02.07 19:40:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedMaxPc

[2013.02.07 17:22:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\McAfee

[2013.02.05 23:43:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox

[2013.02.01 21:14:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2013.02.01 21:13:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2013.02.01 21:13:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2013.02.01 21:13:51 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013.02.01 21:13:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2013.02.01 20:26:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth

[2013.01.26 21:18:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\PIL Login page-Dateien

[2013.01.21 15:42:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\devolo

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.02.14 21:50:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013.02.14 21:43:44 | 000,000,339 | RHS- | M] () -- C:\boot.ini

[2013.02.14 21:39:13 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\PCCT - MAGIX AG.job

[2013.02.14 21:37:30 | 005,032,798 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe

[2013.02.14 21:34:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013.02.14 21:34:01 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013.02.14 21:33:37 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013.02.14 21:33:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013.02.14 21:24:33 | 000,587,671 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner0.exe

[2013.02.14 21:17:00 | 000,001,242 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1422273387-519994863-429366401-500UA.job

[2013.02.14 21:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013.02.14 14:52:46 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable

[2013.02.14 14:45:36 | 000,374,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\j1d1twbu.exe

[2013.02.14 14:44:25 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger(1).exe

[2013.02.14 14:42:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL(1).exe

[2013.02.14 13:47:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 0a0d977d-d4ea-4456-a42b-3188a2ea2c2b.job

[2013.02.14 03:29:02 | 000,372,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013.02.14 03:08:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013.02.14 03:04:34 | 000,477,524 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2013.02.14 03:04:34 | 000,435,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013.02.14 03:04:34 | 000,091,594 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2013.02.14 03:04:34 | 000,068,766 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013.02.14 02:00:16 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 1696affe-5393-465f-a07d-c14216770ca6.job

[2013.02.13 23:17:01 | 000,001,190 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1422273387-519994863-429366401-500Core.job

[2013.02.13 14:54:11 | 000,045,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.02.12 08:07:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013.02.11 21:46:23 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013.02.06 10:40:19 | 000,000,009 | ---- | M] () -- C:\WINDOWS\tasks\apc.cache

[2013.02.01 21:13:53 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013.01.31 16:19:26 | 000,002,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Google Chrome.lnk

[2013.01.29 22:55:49 | 000,001,019 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini

[2013.01.26 21:18:57 | 000,007,573 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\PIL Login page.htm

[2013.01.22 23:33:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013.01.21 15:42:50 | 000,001,751 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dLAN AVpro manager.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.02.14 21:43:44 | 000,000,223 | ---- | C] () -- C:\Boot.bak

[2013.02.14 21:43:42 | 000,262,448 | RHS- | C] () -- C:\cmldr

[2013.02.14 21:41:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013.02.14 21:41:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013.02.14 21:41:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013.02.14 21:41:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013.02.14 21:41:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013.02.14 21:24:53 | 000,587,671 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner0.exe

[2013.02.14 14:52:46 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable

[2013.02.14 14:45:48 | 000,374,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\j1d1twbu.exe

[2013.02.14 14:44:39 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger(1).exe

[2013.02.11 21:47:16 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 1696affe-5393-465f-a07d-c14216770ca6.job

[2013.02.11 21:47:16 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 0a0d977d-d4ea-4456-a42b-3188a2ea2c2b.job

[2013.02.11 21:46:23 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013.02.06 10:40:19 | 000,000,009 | ---- | C] () -- C:\WINDOWS\tasks\apc.cache

[2013.02.01 21:13:53 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013.01.26 21:18:55 | 000,007,573 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\PIL Login page.htm

[2013.01.21 15:42:50 | 000,001,751 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dLAN AVpro manager.lnk

[2013.01.20 00:51:23 | 006,144,832 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\avproman.pdf

[2013.01.10 04:10:17 | 000,925,864 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2012.08.19 11:22:40 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI

[2012.07.25 08:15:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.02.15 23:54:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.09.24 12:58:16 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011.09.24 12:58:16 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011.09.24 12:58:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011.09.24 12:58:03 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011.09.11 13:58:32 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2011.08.31 18:03:48 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe

[2011.08.24 16:20:27 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Speed.INI

[2009.10.12 22:11:57 | 000,045,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.26 16:04:49 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\rx_image.Cache

[2009.03.03 15:19:10 | 000,022,641 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft Access.ADR

[2009.02.11 13:52:42 | 000,072,462 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firstlsp.reg.dat

 
 ========== ZeroAccess Check ==========

 

[2009.02.09 12:16:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008.10.16 02:00:25 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2013.01.02 21:26:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CallingID

[2013.01.01 19:00:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\devolo

[2013.02.07 19:40:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DriverCure

[2011.03.02 16:57:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EurekaLog

[2012.09.01 14:20:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\eXPert PDF 6

[2012.09.24 20:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MAGIX

[2010.06.10 13:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia

[2010.01.25 11:57:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ntr

[2009.10.23 17:56:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ordner HP Share-to-Web

[2010.07.21 19:16:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite

[2011.01.20 18:03:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC-FAX TX

[2013.02.11 17:27:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung

[2011.12.19 13:29:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ScanSoft

[2012.09.24 17:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\simplitec

[2013.02.07 19:40:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SpeedMaxPc

[2011.09.26 10:52:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer

[2009.07.15 22:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems

[2012.11.30 14:41:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vvt.at.vvtmonitor

[2009.02.09 12:14:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search

[2009.02.10 09:08:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Search

[2011.12.19 13:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Zeon

[2009.11.19 17:34:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software

[2013.02.10 19:41:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2009.10.31 10:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF 6

[2009.11.19 17:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF Jobs

[2010.06.10 09:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations

[2010.02.16 19:11:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe

[2012.09.24 13:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX

[2013.02.10 20:52:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2009.03.20 12:04:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir

[2009.08.09 13:10:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia

[2010.06.10 13:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache

[2009.03.03 11:03:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

[2011.01.13 18:01:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft

[2012.09.24 12:22:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\simplitec

[2013.02.11 17:24:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedMaxPc

[2009.03.20 12:04:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir

[2011.09.26 02:35:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems

[2009.11.19 17:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Visage Software

[2011.12.19 13:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zeon

[2012.01.21 21:26:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012.01.22 18:58:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Samsung

[2012.01.23 10:33:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\UpdatusUser\Anwendungsdaten\Samsung

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

Herzlichen Dank senior

Hallo Leo,

bei mindestens 30 Links und Fenstern keine Werbe Bobups und die Geschwindigkeit ist auch höher als vorher. http://www.trojaner-board.de/images/smilies/knuddel.gif Sind wir etwa schon fertig?