Trojaner-Board - System Care Antivirus hat mich erwischt!

Code:

OTL Extras logfile created on: 06.05.2013 14:18:12 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\*****\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,93 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 60,11% Memory free

3,78 Gb Paging File | 2,52 Gb Available in Paging File | 66,73% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 465,76 Gb Total Space | 410,88 Gb Free Space | 88,22% Space Free | Partition Type: NTFS

 

Computer Name: SN_1009094 | User Name: ***** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_USERS\S-1-5-21-845498254-3989335025-2340709827-1004\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htafile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Programme\IncrediMail\Bin\IncMail.exe" = C:\Programme\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Programme\IncrediMail\Bin\ImApp.exe" = C:\Programme\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Programme\IncrediMail\Bin\ImpCnt.exe" = C:\Programme\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LEVJYENE\SweetImSetup[1].exe" = C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LEVJYENE\SweetImSetup[1].exe:*:Enabled:SweetIM Installer

"C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\VYKO2X7A\SweetIMSetupC[1].exe" = C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temporary Internet Files\Content.IE5\VYKO2X7A\SweetIMSetupC[1].exe:*:Enabled:SweetIM Installer

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\IBA2\DatenbankTools.exe" = C:\IBA2\DatenbankTools.exe:*:Enabled:IBA Version 2.0 - Datenbank-Dienstprogramme -- (Saxonia Systems AG)

"C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking

"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel(R) PRO Network Connections

"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack

"{13CD417D-F1F1-4AC4-945D-FDDEB884756F}" = Microsoft Baseline Security Analyzer 2.2

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{393FE5B0-F35C-4930-A5FE-EC56D4A94372}" = CRRedistSetup

"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{4F928B83-3D8E-402B-8480-5C5C3BCE8040}" = OKI B410 Druckermenü-Einrichtungstool

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package

"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{a571d5a0-d544-404d-9d20-2a327324fc85}" = Nero 9 Essentials

"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2

"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B0F08ACB-6BBA-49A8-8BE9-BBB4C2D8B574}" = G Data AntiVirus 2013

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AI RoboForm" = RoboForm 7-7-9-9 (All Users)

"CCleaner" = CCleaner

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FBDBServer_2_0_is1" = Firebird 2.0.4.13130 (win32)

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"IBAVersion2_is1" = IBA Version 2.0 (1.1.0.9681)

"ie8" = Windows Internet Explorer 8

"IncrediMail" = IncrediMail 2.0

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package

"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator

"PriceGong" = PriceGong 2.5.1

"Sandboxie" = Sandboxie 3.72 (32-bit)

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-845498254-3989335025-2340709827-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 02.05.2013 11:58:09 | Computer Name = SN_1009094 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.

 

Error - 02.05.2013 11:58:10 | Computer Name = SN_1009094 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.

 

Error - 02.05.2013 12:12:07 | Computer Name = SN_1009094 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.

 

Error - 02.05.2013 12:12:07 | Computer Name = SN_1009094 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.

 

Error - 02.05.2013 12:21:25 | Computer Name = SN_1009094 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.

 

Error - 02.05.2013 12:29:17 | Computer Name = SN_1009094 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.

 

Error - 02.05.2013 12:29:18 | Computer Name = SN_1009094 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.

 

Error - 02.05.2013 12:29:18 | Computer Name = SN_1009094 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.

 

Error - 02.05.2013 12:29:18 | Computer Name = SN_1009094 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.

 

Error - 06.05.2013 04:59:16 | Computer Name = SN_1009094 | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

[ System Events ]

Error - 06.05.2013 03:41:49 | Computer Name = SN_1009094 | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Firebird

 Server - DefaultInstance.

 

Error - 06.05.2013 03:41:49 | Computer Name = SN_1009094 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Firebird Server - DefaultInstance" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1053

 

Error - 06.05.2013 03:41:49 | Computer Name = SN_1009094 | Source = Service Control Manager | ID = 7034

Description = Dienst "Firebird Guardian - DefaultInstance" wurde unerwartet beendet.

 Dies ist bereits 1 Mal passiert.

 

Error - 06.05.2013 03:41:49 | Computer Name = SN_1009094 | Source = Service Control Manager | ID = 7034

Description = Dienst "IBA Version 2.0 Dienst" wurde unerwartet beendet. Dies ist

 bereits 1 Mal passiert.

 

Error - 06.05.2013 03:41:49 | Computer Name = SN_1009094 | Source = Service Control Manager | ID = 7034

Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 06.05.2013 03:41:49 | Computer Name = SN_1009094 | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.

 

Error - 06.05.2013 03:41:49 | Computer Name = SN_1009094 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 06.05.2013 03:41:50 | Computer Name = SN_1009094 | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.

 

Error - 06.05.2013 03:41:50 | Computer Name = SN_1009094 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 06.05.2013 03:42:21 | Computer Name = SN_1009094 | Source = DCOM | ID = 10010

Description = Der Server "{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}" konnte innerhalb

 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

 

 

< End of report >

Code:

OTL logfile created on: 06.05.2013 14:18:12 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\*****\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,93 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 60,11% Memory free

3,78 Gb Paging File | 2,52 Gb Available in Paging File | 66,73% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 465,76 Gb Total Space | 410,88 Gb Free Space | 88,22% Space Free | Partition Type: NTFS

 

Computer Name: SN_1009094 | User Name: ***** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\*****\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\IBA2\IbaService.exe (Saxonia Systems AG)

PRC - C:\IBA2\OTTO.IBA.OnlineUpdateClient.App.exe (Saxonia Systems AG)

PRC - C:\IBA2\Shell.exe (Saxonia Systems AG)

PRC - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG)

PRC - C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)

PRC - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)

PRC - C:\Programme\Sandboxie\SandboxieCrypto.exe (SANDBOXIE L.T.D)

PRC - C:\Programme\Sandboxie\SandboxieRpcSs.exe (SANDBOXIE L.T.D)

PRC - C:\Programme\Sandboxie\SandboxieDcomLaunch.exe (SANDBOXIE L.T.D)

PRC - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)

PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)

PRC - C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe (G Data Software AG)

PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)

PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)

PRC - C:\Programme\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)

PRC - C:\Programme\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Gemeinsame Dateien\G Data\AVKScanP\Avast5\defs\13050600\algo.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Shell\02677e1ddb84c0c67c7a14fb8a6caa16\Shell.ni.exe ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\OTTO.IBA.Tools.Misc#\988de584eff46c7fd2c1f3e7cb4f7234\OTTO.IBA.Tools.MiscUtils.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\de4c6c9536b8536b9ebfee78cfffb9c3\Infragistics2.Win.UltraWinDataSource.v8.1.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\f9dfe871920fbaa47d9e3b171e7ff57b\Infragistics2.Win.Misc.v8.1.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\ebaa9795b7d77eb963a494f2d348fd8d\Infragistics2.Win.v8.1.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8a0eba3c8f881dd718ab4d1bb5118f15\System.Web.Services.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\e2e0660b4dc909544972c332ac4b6d6c\Infragistics2.Shared.v8.1.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\3e97d2c21e85055e98bfedaf97da1a3c\Infragistics2.Win.UltraWinGrid.v8.1.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\OTTO.IBA.OnlineUpda#\d5d96740b064f6dbddcabfcffee536dc\OTTO.IBA.OnlineUpdate.Datenzugriff.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\OTTO.IBA.Tools.Conf#\5b20683b6c62f51ab36e5d1881d1a810\OTTO.IBA.Tools.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\FirebirdSql.Data.Fi#\68e6e8a807f4b1e0146f99888ffd1585\FirebirdSql.Data.FirebirdClient.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - C:\Programme\Firebird\Firebird_2_0\UDF\FreeAdhocUDF.dll ()

MOD - C:\Programme\Firebird\Firebird_2_0\UDF\UDFLib.dll ()

MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll ()

MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll ()

MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll ()

MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (IbaService) -- C:\IBA2\IbaService.exe (Saxonia Systems AG)

SRV - (AVKWCtl) -- C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG)

SRV - (AVKProxy) -- C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)

SRV - (AVKService) -- C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)

SRV - (GDScan) -- C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe (G Data Software AG)

SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (Nero BackItUp Scheduler 4.0) -- c:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (FirebirdGuardianDefaultInstance) -- C:\Programme\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)

SRV - (FirebirdServerDefaultInstance) -- C:\Programme\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys File not found

DRV - (Changer) --  File not found

DRV - (GDTdiInterceptor) -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys (G Data Software AG)

DRV - (GDMnIcpt) -- C:\WINDOWS\system32\drivers\MiniIcpt.sys (G Data Software AG)

DRV - (HookCentre) -- C:\WINDOWS\system32\drivers\HookCentre.sys (G Data Software AG)

DRV - (GDBehave) -- C:\WINDOWS\system32\drivers\GDBehave.sys (G Data Software AG)

DRV - (GRD) -- C:\WINDOWS\system32\drivers\GRD.sys (G Data Software)

DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)

DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (viasraid) -- C:\WINDOWS\system32\drivers\viasraid.sys (VIA Technologies inc,.ltd)

DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\fasttx2k.sys (Promise Technology, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 5E 96 26 2C 1C CB 01  [binary data]

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\..\SearchScopes,DefaultScope = {25E0D04E-587E-49B3-8041-BA4F4469D568}

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\..\SearchScopes\{25E0D04E-587E-49B3-8041-BA4F4469D568}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={29673472-CCBA-4A81-AA25-46346E03967D}

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 19 60 81 3C 4A CE 01  [binary data]

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-845498254-3989335025-2340709827-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledAddons: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.10

FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.5.1

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.3.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="

FF - prefs.js..network.proxy.type: 0

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Programme\Siber Systems\AI RoboForm\Firefox [2012.07.26 09:11:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.01 12:16:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.06 09:20:05 | 000,000,000 | ---D | M]

 

[2010.08.23 14:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Extensions

[2013.03.21 12:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\h9ju58nr.default\extensions

[2013.03.21 12:18:52 | 000,000,000 | ---D | M] (PriceGong) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\h9ju58nr.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

[2012.02.08 12:10:57 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\h9ju58nr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2013.01.09 13:06:33 | 000,190,000 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\h9ju58nr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

[2011.10.17 09:41:19 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\h9ju58nr.default\searchplugins\SweetIM Search.xml

[2011.10.17 09:41:08 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\h9ju58nr.default\searchplugins\sweetim.xml

[2012.07.13 10:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.04.03 09:05:03 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}

[2012.11.01 12:16:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKU\S-1-5-21-845498254-3989335025-2340709827-1008\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [IBAinst]  File not found

O4 - HKLM..\Run: [IBAUpdateClient] C:\IBA2\OTTO.IBA.OnlineUpdateClient.App.exe (Saxonia Systems AG)

O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-21-845498254-3989335025-2340709827-1004..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)

O4 - HKU\S-1-5-21-845498254-3989335025-2340709827-1004..\Run: [RoboForm] C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKU\S-1-5-21-845498254-3989335025-2340709827-1004..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)

O4 - HKU\S-1-5-21-845498254-3989335025-2340709827-1008..\Run: [DWQueuedReporting] c:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-21-845498254-3989335025-2340709827-1008..\Run: [RoboForm] C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - Startup: C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O7 - HKU\S-1-5-21-845498254-3989335025-2340709827-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: RF - Formular ausfüllen - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: RF - Formular speichern - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O8 - Extra context menu item: RF - Menü anpassen - C:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found

O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\..Trusted Domains: com-bi.de ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-845498254-3989335025-2340709827-1004\..Trusted Domains: liefert-es.com ([www.combi] http in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340610253312 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277302254328 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCCCCB71-38E1-4EFA-B3C6-887F4EDDC515}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.06.22 13:15:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.05.06 09:25:44 | 000,000,000 | ---D | C] -- C:\e632569cb88818bcef68140a4291a4

[2013.05.06 09:18:37 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe

[2013.05.06 09:18:37 | 000,000,000 | ---D | C] -- C:\Programme\Adobe

[2013.05.03 11:37:50 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group

[2013.05.03 11:37:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard

[2013.05.02 17:11:59 | 000,015,600 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GdPhyMem.sys

[2013.05.02 16:32:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Startmenü\Programme\System Care Antivirus

[2013.05.02 16:25:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0B9D48B10A577B8600000B9D3D1B833C

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.05.06 18:15:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013.05.06 17:33:37 | 000,001,518 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini

[2013.05.06 17:15:32 | 000,000,029 | ---- | M] () -- C:\WINDOWS\HBUser.ini

[2013.05.06 14:13:34 | 000,012,638 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013.05.06 12:10:59 | 001,064,505 | ---- | M] () -- C:\WINDOWS\System32\sig.bin

[2013.05.06 12:10:59 | 000,054,689 | ---- | M] () -- C:\WINDOWS\System32\nmp.map

[2013.05.06 11:40:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\dfrg.job

[2013.05.06 11:30:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\cleanmgr.job

[2013.05.06 10:58:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013.05.06 10:58:35 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013.05.06 10:56:57 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013.05.06 10:39:30 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{840BF92E-2BF7-46B7-95A0-B01DCE1A4041}.job

[2013.05.06 09:18:54 | 000,001,721 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk

[2013.05.03 11:47:52 | 000,001,053 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\Dropbox.lnk

[2013.05.03 11:42:33 | 000,001,086 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\Verknüpfung mit delphine2.lnk

[2013.05.03 11:42:31 | 000,001,061 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\Dropbox.lnk

[2013.05.02 17:11:59 | 000,015,600 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GdPhyMem.sys

[2013.04.16 08:49:15 | 000,036,352 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.04.11 12:27:55 | 000,449,590 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2013.04.11 12:27:55 | 000,433,242 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013.04.11 12:27:55 | 000,080,670 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2013.04.11 12:27:55 | 000,068,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.05.06 09:18:54 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk

[2013.05.06 09:18:54 | 000,001,721 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk

[2012.08.21 15:00:40 | 000,000,808 | ---- | C] () -- C:\WINDOWS\System32\OKIPAR.DAT

[2012.07.16 09:53:49 | 000,001,518 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini

[2012.06.21 22:14:05 | 001,064,505 | ---- | C] () -- C:\WINDOWS\System32\sig.bin

[2012.06.19 16:41:01 | 000,000,160 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-ardcE24ZUi1nYWr

[2012.06.19 16:41:01 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-ardcE24ZUi1nYW

[2012.06.19 16:40:54 | 000,000,256 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ardcE24ZUi1nYW

[2012.02.15 10:00:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.12.13 16:54:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.10.11 11:13:15 | 000,123,558 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\IMG_1453.JPG

[2010.10.11 11:13:15 | 000,120,306 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\IMG_1449.JPG

[2010.10.11 11:13:15 | 000,118,820 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\IMG_1450.JPG

[2010.10.11 11:13:15 | 000,113,637 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\IMG_1454.JPG

[2010.10.11 11:13:15 | 000,110,421 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\IMG_1452.JPG

[2010.10.11 11:13:15 | 000,090,929 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\IMG_1451.JPG

[2010.07.12 09:09:26 | 000,036,352 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== ZeroAccess Check ==========

 

[2010.06.24 09:15:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 14:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2013.05.02 16:31:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0B9D48B10A577B8600000B9D3D1B833C

[2012.06.13 11:04:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D55F3B21DBEE53006E2B45D151FC4E

[2012.06.21 13:28:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA

[2010.06.24 09:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBA2

[2010.07.03 13:42:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM

[2010.07.03 13:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail

[2010.07.06 15:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OPPU

[2011.05.20 09:04:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Photo Notifier and Animation Creator

[2010.07.03 13:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RoboForm

[2010.07.03 13:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online

[2012.08.17 09:16:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-OnlineT-Online

[2010.06.22 13:26:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp

[2013.05.06 14:13:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Dropbox

[2013.05.06 14:14:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\PriceGong

[2010.07.03 13:34:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\T-Online

[2010.07.29 13:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\TeamViewer

[2013.05.06 09:37:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Service\Anwendungsdaten\PriceGong

[2012.06.25 13:38:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Service\Anwendungsdaten\T-Online

[2013.05.06 11:31:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\PriceGong

[2013.05.06 10:31:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\T-Online

[2013.04.11 09:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vati\Anwendungsdaten\PriceGong

[2011.03.03 14:55:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vati\Anwendungsdaten\T-Online

 
 ========== Purity Check ==========

 

 
 

< End of report >