Trojaner-Board - Datum und Uhrzeit falsch, Firewall deaktiviert und Rechner auf einmal total langsam

Hallo Heiko,
danke dass du dich meines Themas annimmst. Ich hoffe, es verursacht gar nicht erst so viel Arbeit.

Danke für deinen Tipp!

Zitat:

Zitat von Aneri (Beitrag 1039127)

Ist dein System immernoch so stark verlangsamt? Wenn ja starte das System einmal im Abgesichterten Modus und versuche hier nochmals einen Quickscan.

Ja, ist es. Es hat jetzt insgesamt zwei Tage gedauert, bis der OTL-Scan fertig war. Nächstes Mal versuche ich es im abgesicherten Modus, da war der OTL Scan dann schon fertig, als ich deinen Tip gelesen habe. Leider habe ich auch die Option "Standard-Ausgabe" gewählt, da ich mich an die Anleitung gehalten hatte, in der Schritt 1 - 3 geschrieben stehen. Da gab es den Hinweis auf "Minimale Ausgabe" nicht. Ich hoffe, das ist jetzt nicht schlimm.

OTL-Log:

Code:

OTL logfile created on: 01.04.2013 09:42:16 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,26% Memory free

3,85 Gb Paging File | 3,12 Gb Available in Paging File | 81,05% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 26,92 Gb Total Space | 0,52 Gb Free Space | 1,92% Space Free | Partition Type: NTFS

Drive D: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive E: | 4,01 Gb Total Space | 3,98 Gb Free Space | 99,40% Space Free | Partition Type: NTFS

Drive F: | 172,67 Gb Total Space | 76,47 Gb Free Space | 44,29% Space Free | Partition Type: NTFS

Drive G: | 29,29 Gb Total Space | 0,27 Gb Free Space | 0,93% Space Free | Partition Type: NTFS

 

Computer Name: ALTERNATE | User Name: xxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.03.31 19:27:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe

PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Dropbox\bin\Dropbox.exe

PRC - [2011.10.28 15:36:53 | 001,506,824 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe

PRC - [2011.10.28 15:36:43 | 001,617,416 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe

PRC - [2011.10.28 15:36:11 | 000,457,536 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe

PRC - [2011.10.28 03:40:14 | 001,554,184 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe

PRC - [2011.08.17 16:00:02 | 001,011,208 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe

PRC - [2011.08.17 16:00:02 | 000,464,392 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe

PRC - [2011.08.10 15:20:30 | 001,613,424 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe

PRC - [2008.06.18 18:01:56 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.10.19 14:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.03.31 22:34:32 | 002,084,864 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\G DATA\AVKScanP\Avast5\defs\13033101\algo.dll

MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2013.03.24 19:46:39 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.12.17 18:31:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011.10.28 15:43:51 | 001,498,616 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)

SRV - [2011.10.28 15:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)

SRV - [2011.10.28 15:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe -- (GDScan)

SRV - [2011.10.28 03:40:14 | 001,554,184 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe -- (AVKWCtl)

SRV - [2011.08.17 16:00:02 | 000,464,392 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe -- (AVKService)

SRV - [2011.08.10 15:20:30 | 001,613,424 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe -- (GDFwSvc)

SRV - [2011.07.28 04:43:48 | 001,070,072 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)

SRV - [2009.07.26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- F:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)

SRV - [2008.09.12 18:45:58 | 000,361,216 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2008.08.29 10:01:22 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R)

SRV - [2008.07.18 15:05:40 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)

SRV - [2006.10.19 14:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.10.15 18:15:46 | 000,069,272 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)

DRV - [2012.10.15 08:55:29 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)

DRV - [2012.10.15 08:55:29 | 000,052,216 | ---- | M] (G Data Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)

DRV - [2012.10.15 08:55:29 | 000,040,568 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)

DRV - [2012.10.15 08:55:29 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)

DRV - [2011.11.26 12:37:15 | 000,030,200 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)

DRV - [2010.08.27 14:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- F:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)

DRV - [2009.12.03 19:37:57 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2009.11.04 18:15:30 | 004,423,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2009.09.30 16:38:56 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2009.09.30 16:38:56 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2008.10.05 20:32:48 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2008.09.23 18:27:41 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2008.06.27 11:24:56 | 004,742,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2008.06.04 08:34:08 | 000,122,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)

DRV - [2008.06.04 08:34:08 | 000,115,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt)

DRV - [2008.06.04 08:34:08 | 000,090,408 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus)

DRV - [2008.06.04 08:34:08 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5)

DRV - [2008.06.04 08:34:06 | 000,117,544 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic)

DRV - [2008.06.04 08:34:06 | 000,111,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)

DRV - [2008.06.04 08:34:06 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)

DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic)

DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5)

DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt)

DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus)

DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2007.03.01 10:05:38 | 000,090,496 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007.02.16 04:27:10 | 000,044,928 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)

DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)

DRV - [2006.02.07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)

DRV - [2005.05.27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)

DRV - [2005.05.27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.2

FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: F:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: F:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: F:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: F:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: F:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.12.17 18:31:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.21 20:43:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.01.03 01:36:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2013.02.21 20:43:50 | 000,000,000 | ---D | M]

 

[2008.09.15 18:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions

[2012.12.19 15:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\k21a6ycq.default\extensions

[2010.04.28 07:37:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\k21a6ycq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.09.16 11:55:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\k21a6ycq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.12.19 14:48:35 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\k21a6ycq.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

[2008.09.26 06:52:50 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\k21a6ycq.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009.11.12 21:25:42 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\k21a6ycq.default\extensions\moveplayer@movenetworks.com

[2012.12.19 15:53:20 | 000,533,022 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\k21a6ycq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2012.12.17 12:49:18 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\k21a6ycq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.02.14 14:51:01 | 000,138,614 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\k21a6ycq.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

[2012.12.24 12:31:43 | 000,001,610 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\k21a6ycq.default\searchplugins\ixquick---deutsch.xml

[2012.12.17 18:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.12.17 18:31:28 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}

[2012.12.17 18:31:28 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

[2012.12.17 18:31:38 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.11.08 21:37:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.11.08 21:37:13 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.11.08 21:37:13 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.11.08 21:37:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.11.08 21:37:13 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.11.08 21:37:13 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\WebFilter\AvkWebIE.dll (G Data Software AG)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\WebFilter\AvkWebIE.dll (G Data Software AG)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)

O4 - Startup: C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\PowerReg Scheduler.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - F:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.09.11 23:25:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007.07.25 17:09:28 | 000,000,049 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O32 - AutoRun File - [1980.01.03 04:44:30 | 000,000,225 | RH-- | M] () - L:\AUTORUN.INF -- [ FAT32 ]

O33 - MountPoints2\{045646a4-bf12-11dd-ae76-001a4d49ff3e}\Shell - "" = AutoRun

O33 - MountPoints2\{045646a4-bf12-11dd-ae76-001a4d49ff3e}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{045646a4-bf12-11dd-ae76-001a4d49ff3e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe

O33 - MountPoints2\{a2be9d6c-5f45-11df-b2bc-001a4d49ff3e}\Shell\AutoRun\command - "" = J:\EmDesk.exe

O33 - MountPoints2\{a2be9d6c-5f45-11df-b2bc-001a4d49ff3e}\Shell\EmDesk\command - "" = J:\EmDesk.exe

O33 - MountPoints2\{f357633a-2fe7-11e0-b476-001a4d49ff3e}\Shell\AutoRun\command - "" = J:\EmDesk.exe

O33 - MountPoints2\{f357633a-2fe7-11e0-b476-001a4d49ff3e}\Shell\EmDesk\command - "" = J:\EmDesk.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.03.31 19:27:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe

[2013.03.31 19:14:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.02 02:16:35 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013.04.02 02:00:10 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2013.04.02 01:46:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013.04.01 16:16:07 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013.04.01 06:48:39 | 000,661,474 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\StudiAusweis.JPG

[2013.04.01 06:40:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013.04.01 06:40:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013.04.01 00:13:47 | 001,028,738 | ---- | M] () -- C:\WINDOWS\System32\sig.bin

[2013.04.01 00:13:47 | 000,053,580 | ---- | M] () -- C:\WINDOWS\System32\nmp.map

[2013.03.31 19:35:11 | 000,459,588 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2013.03.31 19:35:11 | 000,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013.03.31 19:35:11 | 000,084,960 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2013.03.31 19:35:11 | 000,071,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013.03.31 19:31:06 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable

[2013.03.31 19:28:55 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Defogger.exe

[2013.03.31 19:28:39 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\gmer_2.1.19155.exe

[2013.03.31 19:27:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe

[2013.03.31 19:17:10 | 000,001,031 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\Dropbox.lnk

[2013.03.31 19:16:24 | 000,001,021 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Dropbox.lnk

[2013.03.31 19:14:03 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk

[2013.03.30 17:05:36 | 000,002,395 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Microsoft Office Word 2003.lnk

[2013.03.29 20:14:33 | 000,021,490 | ---- | M] () -- C:\WINDOWS\System32\TuneUpDefragService_20130329-181433.dmp

[2013.03.25 00:48:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013.03.24 23:41:29 | 000,788,239 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Zulassungsbescheid Potsdam.PDF

[2013.03.24 23:35:08 | 000,010,593 | ---- | M] () -- C:\WINDOWS\CSTBox.INI

[2013.03.24 23:28:31 | 000,358,057 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Bescheinigung BA Prüfung0001.PDF

[2013.03.24 23:26:32 | 000,472,938 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Bescheinigung BA Prüfung.JPG

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.04.01 06:48:38 | 000,661,474 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\StudiAusweis.JPG

[2013.03.31 19:30:51 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable

[2013.03.31 19:29:02 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Defogger.exe

[2013.03.31 19:28:42 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\gmer_2.1.19155.exe

[2013.03.31 19:14:03 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk

[2013.03.29 20:14:33 | 000,021,490 | ---- | C] () -- C:\WINDOWS\System32\TuneUpDefragService_20130329-181433.dmp

[2013.03.24 23:41:27 | 000,788,239 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Zulassungsbescheid Potsdam.PDF

[2013.03.24 23:28:29 | 000,358,057 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Bescheinigung BA Prüfung0001.PDF

[2013.03.24 23:26:32 | 000,472,938 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Bescheinigung BA Prüfung.JPG

[2012.02.17 12:39:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.11.30 17:14:03 | 001,028,738 | ---- | C] () -- C:\WINDOWS\System32\sig.bin

[2011.11.01 19:37:58 | 000,194,650 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\.recently-used.xbel

[2010.08.22 21:37:17 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\fritz.box

[2010.07.24 21:36:44 | 019,473,201 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vlc-1.1.1-win32.exe

[2010.03.23 13:51:03 | 000,000,009 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mdb.bin

[2010.01.13 15:30:08 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\PnkBstrK.sys

[2009.11.22 23:02:52 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\C

[2009.05.28 12:17:48 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib

[2009.05.14 21:26:12 | 016,742,799 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vlc-0.9.9-win32.exe

[2009.03.30 21:56:51 | 000,000,810 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\default.pls

[2008.12.11 09:52:02 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak

[2008.12.11 09:52:02 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak

[2008.12.11 09:52:02 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak

[2008.11.11 19:54:25 | 014,618,605 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vlc-0.9.6-win32.exe

[2008.09.17 14:54:30 | 000,195,072 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.09.12 17:16:46 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

 
 ========== ZeroAccess Check ==========

 

[2012.11.10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\k21a6ycq.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png

[2008.09.12 17:16:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2009.09.02 18:01:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy

[2008.09.18 18:58:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Advanced Chemistry Development

[2009.12.03 23:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare

[2009.12.03 19:37:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2009.08.03 20:08:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts

[2011.11.26 12:42:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA

[2011.11.09 21:46:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software

[2008.09.13 23:16:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft

[2008.09.12 17:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online

[2009.09.05 15:49:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2008.09.12 18:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2010.04.09 20:43:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Atari

[2011.05.22 20:19:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Bioshock

[2008.09.14 21:18:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon

[2009.12.03 21:18:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\concept design

[2009.01.14 20:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DAEMON Tools

[2009.12.03 19:44:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DAEMON Tools Lite

[2009.02.08 21:22:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DAEMON Tools Pro

[2013.04.01 06:52:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Dropbox

[2010.09.16 11:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DVDVideoSoftIEHelpers

[2011.02.18 12:23:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\gtk-2.0

[2009.12.25 18:57:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\id Software

[2010.04.09 20:22:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Leadertech

[2009.10.11 21:38:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mumble

[2009.02.18 21:13:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\NewSoft

[2009.05.17 22:27:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenArena

[2008.10.21 12:10:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org

[2008.09.14 18:25:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Opera

[2009.11.22 23:08:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\PDFEditorSDK

[2008.09.13 23:16:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ScanSoft

[2008.09.18 01:29:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SoundSpectrum

[2008.09.12 17:15:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\T-Online

[2013.04.01 06:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\The Bat!

[2008.09.14 17:23:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thinstall

[2008.09.12 06:54:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thunderbird

[2011.02.26 22:28:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TS3Client

[2008.09.12 18:45:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TuneUp Software

[2009.09.30 16:41:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Ubisoft

 
 ========== Purity Check ==========

 

 

 
 ========== Files - Unicode (All) ==========

[2010.01.17 15:02:05 | 000,031,744 | ---- | M] ()(C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Darkshine ???sa sagt.doc) -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Darkshine Μοῦσα sagt.doc

[2010.01.17 15:02:05 | 000,031,744 | ---- | C] ()(C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Darkshine ???sa sagt.doc) -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Darkshine Μοῦσα sagt.doc

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:60EE55628FC3CDF6

@Alternate Data Stream - 111 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:50DD4118
 

< End of report >

OTL-Log Extras:

Code:

OTL Extras logfile created on: 01.04.2013 09:42:16 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,26% Memory free

3,85 Gb Paging File | 3,12 Gb Available in Paging File | 81,05% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 26,92 Gb Total Space | 0,52 Gb Free Space | 1,92% Space Free | Partition Type: NTFS

Drive D: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive E: | 4,01 Gb Total Space | 3,98 Gb Free Space | 99,40% Space Free | Partition Type: NTFS

Drive F: | 172,67 Gb Total Space | 76,47 Gb Free Space | 44,29% Space Free | Partition Type: NTFS

Drive G: | 29,29 Gb Total Space | 0,27 Gb Free Space | 0,93% Space Free | Partition Type: NTFS

 

Computer Name: ALTERNATE | User Name: xxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "F:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "F:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- F:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- F:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

"F:\Programme\Ubisoft\Prince of Persia\Prince of Persia.exe" = F:\Programme\Ubisoft\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx -- (Ubisoft)

"F:\Programme\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe" = F:\Programme\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update -- (Ubisoft)

"C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe

"F:\Programme\Activision\Call of Duty - World at War\CoDWaWmp.exe" = F:\Programme\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)

"F:\Programme\Activision\Call of Duty - World at War\CoDWaW.exe" = F:\Programme\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)

"F:\Programme\Dragon Age\bin_ship\daorigins.exe" = F:\Programme\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins -Spiel -- (BioWare)

"F:\Programme\Dragon Age\DAOriginsLauncher.exe" = F:\Programme\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins -Launcher -- (BioWare)

"F:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe" = F:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins -Inhaltsupdater -- (BioWare)

"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA

"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB

"F:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = F:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)

"F:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = F:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)

"C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\7zS1DD.tmp\setup\HPZnui01.exe" = C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\7zS1DD.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe

"C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\7zS1DD.tmp\setup\hponicifs01.exe" = C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\7zS1DD.tmp\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe

"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"F:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = F:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe

"F:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = F:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe

"F:\Programme\HP\Digital Imaging\bin\hposid01.exe" = F:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe

"F:\Programme\Unreal Tournament 3 (LG)\Binaries\UT3.exe" = F:\Programme\Unreal Tournament 3 (LG)\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()

"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)

"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status

"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0

"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404

"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F

"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer

"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer

"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809

"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008

"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable

"{5E8F619C-7CE2-4F47-906A-21B3A0C284E6}" = The Bat! Professional v4.0.28.3

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware

"{6A3F98BA-338E-49a1-9D79-D786A83E6621}" = HP Officejet Pro 8000 A809 Series

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia

"{7E5CDECB-726B-4581-BA8C-5B11148C3FA5}" = G Data TotalCare 2012

"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs

"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help

"{874761BC-CACD-459B-ABD0-64014FA70297}" = PDF-XChange Viewer

"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist

"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant

"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU

"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox

"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch

"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini

"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)

"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1E544E5-EF3C-4103-A57B-3A499FD91031}" = Nero 7 Essentials

"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0

"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14

"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)

"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1

"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock

"{E4D7D64B-95E3-4BE7-97CD-5A8FE5CD37D5}" = The Bat! International Pack v4.0.34

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2

"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery

"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"ACDLabs in F__Programme_ACDFREE11_" = ACD/Labs Software in F:\Programme\ACDFREE11\

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"ATI Display Driver" = ATI Display Driver

"Audacity_is1" = Audacity 1.2.6

"Audiograbber" = Audiograbber 1.83 SE 

"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0

"CloneCD" = CloneCD

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition

"EADM" = EA Download Manager

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324

"G-Force" = G-Force

"HP Imaging Device Functions" = HP Imaging Device Functions 12.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0

"HPExtendedCapabilities" = HP Customer Participation Program 12.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)

"KeyCraft" = KeyCraft

"Messer_is1" = Messer v0.992

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OpenAL" = OpenAL

"QcDrv" = Logitech® Camera-Treiber

"RealPlayer 12.0" = RealPlayer

"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3

"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition

"UT2004" = Unreal Tournament 2004

"VLC media player" = VLC media player 0.9.2

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.4.7

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)

"Warcraft III" = Warcraft III

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 23.11.2012 06:14:23 | Computer Name = ALTERNATE | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung AVKProxy.exe, Version 1.5.11301.183, fehlgeschlagenes

 Modul AvkHttp.dll, Version 22.0.11216.174, Fehleradresse 0x0010cac4.

 

Error - 05.02.2013 16:27:18 | Computer Name = ALTERNATE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung thebat.exe, Version 4.0.28.3, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 24.03.2013 15:35:42 | Computer Name = ALTERNATE | Source = MSDTC | ID = 4120

Description = Das Benutzeroberflächen-Namensobjekt von MS DTC konnte nicht geladen

 werde

 

Error - 24.03.2013 15:35:42 | Computer Name = ALTERNATE | Source = MSDTC | ID = 4117

Description = Das Benutzeroberflächen-Serverobjekt von MS DTC konnte nicht initialisiert

 werde

 

Error - 24.03.2013 15:35:43 | Computer Name = ALTERNATE | Source = COM+ | ID = 135763

Description = Transaktionen, die zur Unterstützung von Transaktionskomponenten erforderlich

 sind, konnten von der Laufzeitumgebung nicht initialisiert werden. Stellen Sie 

sicher, dass MS DTC ausgeführt wird.(DtcGetTransactionManagerEx(): hr = 0x8004d01

 

Error - 29.03.2013 14:14:36 | Computer Name = ALTERNATE | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung TuneUpDefragService.exe, Version 1.1.0.19,

 fehlgeschlagenes Modul TuneUpDefragService.exe, Version 1.1.0.19, Fehleradresse

 0x00015724.

 

Error - 31.03.2013 13:13:32 | Computer Name = ALTERNATE | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung thebat.exe, Version 4.0.28.3, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x00012fd3.

 

Error - 31.03.2013 13:17:18 | Computer Name = ALTERNATE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung thebat.exe, Version 4.0.28.3, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 31.03.2013 14:18:30 | Computer Name = ALTERNATE | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung AVKProxy.exe, Version 1.5.11301.183, fehlgeschlagenes

 Modul BehaviourService.dll, Version 22.0.11301.189, Fehleradresse 0x0014037f.

 

Error - 31.03.2013 18:27:00 | Computer Name = ALTERNATE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OTL.exe, Version 3.2.69.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 16.11.2012 18:05:13 | Computer Name = ALTERNATE | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "ZAP23B.tmp" auf Volume "HarddiskVolume1"

 ist im Wiederherstellungsfilter der unerwartete Fehler "0xC000007F" aufgetreten.

 Die Volumeüberwachung wurde angehalten.

 

Error - 23.11.2012 06:19:25 | Computer Name = ALTERNATE | Source = Service Control Manager | ID = 7031

Description = Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies

 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Starten Sie den Dienst neu..

 

Error - 27.01.2013 14:18:17 | Computer Name = ALTERNATE | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "peverify.dll" auf Volume "HarddiskVolume1"

 ist im Wiederherstellungsfilter der unerwartete Fehler "0xC000007F" aufgetreten.

 Die Volumeüberwachung wurde angehalten.

 

Error - 24.03.2013 15:35:42 | Computer Name = ALTERNATE | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Distributed Transaction Coordinator" wurde mit folgendem

 dienstspezifischem Fehler beendet: 3221229627 (0xC000103B).

 

Error - 29.03.2013 14:19:39 | Computer Name = ALTERNATE | Source = Service Control Manager | ID = 7034

Description = Dienst "TuneUp Drive Defrag-Dienst" wurde unerwartet beendet. Dies

 ist bereits 1 Mal passiert.

 

 

< End of report >

Und noch das GMER-Log:

Code:

GMER 2.1.19155 - hxxp://www.gmer.net

Rootkit scan 2013-04-02 05:31:54

Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500JS-08NCB1 rev.10.02E01 232,88GB

Running: gmer_2.1.19155.exe; Driver: C:\DOKUME~1\xxx\LOKALE~1\Temp\kxroapow.sys
 
 

---- System - GMER 2.1 ----
 

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys                                                                       ZwCreateKey [0xB82CA382]

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys                                                                       ZwDeleteKey [0xB82CA606]

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys                                                                       ZwDeleteValueKey [0xB82CA628]

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys                                                                       ZwOpenKey [0xB82CA4C4]

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys                                                                       ZwOpenProcess [0xB82CA23E]

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys                                                                       ZwSetValueKey [0xB82CA5D8]
 

---- Kernel code sections - GMER 2.1 ----
 

.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                             section is writeable [0xB78F4000, 0x2131D7, 0xE8000020]

.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                               section is writeable [0xA7DE3300, 0x3B6D8, 0xE8000020]

.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                               section is writeable [0xB8388300, 0x1BEE, 0xE8000020]
 

---- Devices - GMER 2.1 ----
 

Device          \Driver\Tcpip \Device\Ip                                                                                             GDTdiIcpt.sys

Device          \Driver\Tcpip \Device\Tcp                                                                                            GDTdiIcpt.sys

Device          \Driver\Tcpip \Device\Udp                                                                                            GDTdiIcpt.sys

Device          \Driver\Tcpip \Device\RawIp                                                                                          GDTdiIcpt.sys

Device          \Driver\Tcpip \Device\IPMULTICAST                                                                                    GDTdiIcpt.sys
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                             fltmgr.sys
 

---- Registry - GMER 2.1 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                     

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                  F:\Programme\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                  0xD4 0xC3 0x97 0x02 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                               0xBA 0xF2 0x04 0x70 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                            

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                         0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                      0xE4 0x2E 0xD5 0xD1 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                       

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                 0x43 0x94 0xB5 0xE2 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                       

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                 0x2C 0x7A 0x8A 0x5D ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xD0 0x0E 0xDD 0xFC ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x72 0x1E 0x06 0xB3 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x44 0xFF 0xC5 0xB2 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0xE2 0xBB 0xAA 0xAA ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                0xCE 0x09 0x28 0x1B ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                      F:\Programme\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                      0xD4 0xC3 0x97 0x02 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      1

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                   0xBA 0xF2 0x04 0x70 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                          0xE4 0x2E 0xD5 0xD1 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)   

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                     0x43 0x94 0xB5 0xE2 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)   

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                     0x2C 0x7A 0x8A 0x5D ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xD0 0x0E 0xDD 0xFC ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x72 0x1E 0x06 0xB3 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x44 0xFF 0xC5 0xB2 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xE2 0xBB 0xAA 0xAA ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0xCE 0x09 0x28 0x1B ...
 

---- EOF - GMER 2.1 ----

Liebe Grüße und danke für eure Hilfe,
Darkshine