explorer.exe hat ein problem festgestellt und muss beendet werden xp

Kentala

Hallo,

ich habe gleich mehrere Probleme einmal fährt mein PC nur jedes 2-4 Mal ganz hoch, so dass ich ihn benutzen kann und seid gestern kommt folgende Meldung dau:

explorer.exe hat ein problem festgestellt und muss beendet werden xp

Ich habe schon mal Malwarbyts, OTL und Hjack durchlaufen lassen und folgende Logs bekommen. Hoff dadurch kann mir schneller geholfen werden ( bzw. sparen wir uns die ersten standart Mails Danke schonmal im Vorraus für Eure Mühen


Malwarbyts:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7003

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

02.07.2011 09:39:13
mbam-log-2011-07-02 (09-39-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 176769
Laufzeit: 3 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




Nun OTL 1:

OTL logfile created on: 02.07.2011 09:54:35 - Run 5
OTL by OldTimer - Version 3.2.25.0 Folder = C:\downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 69,81% Memory free
5,09 Gb Paging File | 4,21 Gb Available in Paging File | 82,71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 199,35 Gb Free Space | 42,80% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.02 09:53:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL(2).exe
PRC - [2011.07.02 07:56:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.28 07:26:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.03.18 11:29:50 | 005,140,264 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer.exe
PRC - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.03.10 17:36:38 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.03.17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2008.02.22 00:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.06.11 19:53:44 | 000,455,600 | ---- | M] () -- C:\Programme\Lexmark 6500 Series\lxdfmon.exe
PRC - [2007.06.01 14:06:09 | 000,020,480 | ---- | M] () -- C:\Programme\Lexmark 6500 Series\lxdfamon.exe
PRC - [2007.05.29 12:06:44 | 000,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe
PRC - [2006.06.01 21:06:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.06.01 21:06:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2005.04.02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


========== Modules (SafeList) ==========

MOD - [2011.07.02 09:53:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL(2).exe
MOD - [2010.03.10 17:39:40 | 000,118,784 | ---- | M] (RealPlayer) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2009.08.13 15:55:39 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2006.06.01 21:06:00 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - [2011.07.02 07:56:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.29 20:47:18 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.25 10:03:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.03.17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008.09.05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008.02.22 00:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.05.29 12:06:44 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdfcoms.exe -- (lxdf_device)
SRV - [2007.05.29 12:06:20 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe -- (lxdfCATSCustConnectService)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.06.01 21:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.08.24 03:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2005.04.02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)


========== Driver Services (SafeList) ==========

DRV - [2011.07.02 07:56:45 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.02 07:56:45 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.03 17:51:32 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.02.28 01:04:51 | 000,028,608 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sef3x1.sys -- (sef3x1)
DRV - [2011.02.28 01:03:11 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.02.28 01:03:11 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.07.14 11:04:30 | 000,051,200 | ---- | M] (XECUTER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ck3pro.sys -- (ck3pro)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.05.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.03.17 14:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.03.17 13:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008.09.10 21:08:20 | 000,002,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\JungleFlasher v0.1.78 Beta (183)\portio32.sys -- (PORTIO64)
DRV - [2008.08.25 03:22:40 | 000,014,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.08.06 18:12:10 | 004,755,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.08.01 11:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.08.01 11:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.06.16 10:02:34 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2007.12.11 15:30:08 | 000,030,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.04.16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 06:57:14 | 000,019,472 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2006.11.21 23:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2005.07.20 08:26:00 | 001,390,656 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudaxu.sys -- (cmudau)
DRV - [2005.04.25 11:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b)
DRV - [2005.03.16 08:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2004.04.30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s)
DRV - [2004.02.24 16:42:44 | 000,021,248 | ---- | M] (AIPTEK International Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aiptektp.sys -- (aiptektp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "AlphaMarket Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2922774&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "AlphaMarket Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.tixuma.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c57}:1.0.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..keyword.URL: "hxxp://jixey.com/?id={7FB7ED77-B6D4-4fea-8F56-57F262C1728B}&ver=1.5.4&src=adr&q="
FF - prefs.js..network.proxy.http: "91.205.174.48"
FF - prefs.js..network.proxy.http_port: 80


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.10 17:39:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: E:\runtergeladene Sachen\java\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.06.28 07:26:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

[2009.11.04 22:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2011.07.02 08:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions
[2011.03.23 10:07:11 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011.06.24 09:19:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.02.19 19:42:05 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011.01.10 19:03:32 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2011.05.07 18:00:06 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011.01.17 17:50:21 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions\SkipScreen@SkipScreen
[2011.05.31 18:57:40 | 000,000,925 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\searchplugins\conduit.xml
[2011.05.05 09:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\PLUGIN@APTURE.COM.XPI
[2011.06.28 07:26:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

Hosts file not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CmUsbSound] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lexmark 6500 Series Fax Server] C:\Programme\Lexmark 6500 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdfamon] C:\Programme\Lexmark 6500 Series\lxdfamon.exe ()
O4 - HKLM..\Run: [lxdfmon.exe] C:\Programme\Lexmark 6500 Series\lxdfmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.04 01:50:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011.07.02 09:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.07.02 09:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop
[2011.06.30 18:24:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Lx_cats
[2011.06.30 18:16:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ABBYY FineReader 6.0 Sprint
[2011.06.30 18:13:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lexmark 6500 Series
[2011.06.24 16:03:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FileZilla FTP Client
[2011.06.24 16:03:51 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2011.06.22 21:00:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kopie von Link_M
[2011.06.21 21:54:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Link_M
[2011.06.15 09:22:06 | 000,000,000 | ---D | C] -- C:\PR-Backlink-Generator
[2011.06.13 20:20:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2011.06.08 17:15:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Application Data
[2011.06.03 22:16:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft
[2011.06.03 17:51:32 | 000,101,376 | ---- | C] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\ACEDRV07.sys
[2011.06.03 17:50:12 | 000,131,584 | ---- | C] (DATA BECKER) -- C:\WINDOWS\DBReg.exe
[2011.06.03 17:50:11 | 000,628,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltocx12n.ocx
[2011.06.03 17:50:11 | 000,626,688 | ---- | C] (DATA BECKER) -- C:\WINDOWS\DBREG.dll
[2011.06.03 17:50:11 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn12n.dll
[2011.06.03 17:50:11 | 000,328,704 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFCMP12n.DLL
[2011.06.03 17:50:11 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\txobj32.dll
[2011.06.03 17:50:11 | 000,323,584 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_word.dll
[2011.06.03 17:50:11 | 000,290,816 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\Tx4ole.ocx
[2011.06.03 17:50:11 | 000,259,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTDIS12n.dll
[2011.06.03 17:50:11 | 000,207,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltefx12n.dll
[2011.06.03 17:50:11 | 000,164,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltimg12n.dll
[2011.06.03 17:50:11 | 000,135,168 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_htm32.dll
[2011.06.03 17:50:11 | 000,131,072 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_rtf32.dll
[2011.06.03 17:50:11 | 000,131,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltfil12n.DLL
[2011.06.03 17:50:11 | 000,081,920 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\txtls32.dll
[2011.06.03 17:50:11 | 000,069,632 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\ic32.dll
[2011.06.03 17:50:11 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wndtls32.dll
[2011.06.03 17:50:11 | 000,045,056 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_tif32.flt
[2011.06.03 17:50:11 | 000,035,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lttwn12n.dll
[2011.06.03 17:50:11 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfgif12n.dll
[2011.06.03 17:50:11 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_wmf32.flt
[2011.06.03 17:50:11 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_bmp32.flt
[2011.06.03 17:50:11 | 000,030,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfbmp12n.dll
[2011.06.03 17:50:10 | 001,050,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll
[2011.06.03 17:50:10 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2011.06.03 17:50:10 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSRD2X35.DLL
[2011.06.03 17:50:10 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSFLXGRD.OCX
[2011.06.03 17:50:10 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2011.06.03 17:50:10 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGDE.DLL
[2011.06.03 17:50:09 | 000,415,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl35.dll
[2011.06.03 17:50:09 | 000,279,800 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\FtpX.DLL
[2011.06.03 17:50:09 | 000,173,304 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\MimeX.dll
[2011.06.03 17:50:09 | 000,152,824 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\EncodeX.dll
[2011.06.03 17:50:09 | 000,148,736 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\FtpX.OCX
[2011.06.03 17:50:09 | 000,148,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJINT35.DLL
[2011.06.03 17:50:09 | 000,144,640 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\PopX.OCX
[2011.06.03 17:50:09 | 000,132,360 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\EncodeX.OCX
[2011.06.03 17:50:09 | 000,132,344 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\PopX.dll
[2011.06.03 17:50:09 | 000,099,576 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\MabryObj.dll
[2011.06.03 17:50:09 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2011.06.03 17:50:09 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCC2DE.DLL
[2011.06.03 17:50:09 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJTER35.DLL
[2011.06.03 17:50:00 | 000,000,000 | ---D | C] -- C:\Programme\DATA BECKER
[2011.06.03 17:20:18 | 000,000,000 | ---D | C] -- C:\Data Becker Web To Date 5
[2011.06.02 21:35:08 | 000,000,000 | ---D | C] -- C:\Programme\NetObjects
[2009.11.05 13:39:56 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfusb1.dll
[2009.11.05 13:39:56 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhcp.dll
[2009.11.05 13:39:56 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfinpa.dll
[2009.11.05 13:39:56 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfiesc.dll
[2009.11.05 13:39:55 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfserv.dll
[2009.11.05 13:39:55 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfpmui.dll
[2009.11.05 13:39:55 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdflmpm.dll
[2009.11.05 13:39:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfprox.dll
[2009.11.05 13:39:54 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfih.exe
[2009.11.05 13:39:53 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhbn3.dll
[2009.11.05 13:39:53 | 000,598,960 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcoms.exe
[2009.11.05 13:39:52 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomc.dll
[2009.11.05 13:39:52 | 000,365,488 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcfg.exe
[2009.11.05 13:39:52 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomm.dll
[2009.11.04 02:04:41 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2009.11.04 02:04:41 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[58 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.07.02 09:34:45 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.02 08:41:33 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.02 08:41:33 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-1606980848-839522115-500.job
[2011.07.02 08:41:31 | 000,207,407 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.07.02 08:41:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.02 07:56:45 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.07.02 07:56:45 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.07.02 07:53:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.06.30 18:17:08 | 000,191,429 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011.06.30 17:40:10 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.29 09:58:22 | 000,000,218 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\meinungsstudie_a.php
[2011.06.28 07:54:11 | 000,001,122 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\lxdf
[2011.06.22 21:00:42 | 000,248,533 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Link_M.rar
[2011.06.20 21:10:25 | 000,071,554 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\hobby-idee_Meinungsstudie_online_Geld_verdienen.jpg
[2011.06.20 08:13:32 | 000,050,743 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\hobby-idee.de_Tixuma_online_geld_verdienen.jpg
[2011.06.17 17:17:39 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.06.17 17:15:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.06.15 09:04:28 | 000,005,611 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\blaue-dampflok-knuth-vb.pdf
[2011.06.15 08:49:02 | 000,019,870 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\blaue-dampflok-knuth-hv.pdf
[2011.06.08 21:55:55 | 002,666,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auktinsidden 91.pdf
[2011.06.08 21:55:06 | 002,269,129 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auktinsidden 92.pdf
[2011.06.05 10:01:24 | 000,005,599 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\xeon-scheinwerfer-vb.pdf
[2011.06.05 10:01:01 | 000,019,848 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\xeon-scheinwerfer-hv.pdf
[2011.06.03 22:16:31 | 003,823,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.06.03 17:51:32 | 000,101,376 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\ACEDRV07.sys
[58 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.07.02 09:34:45 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.29 09:28:32 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\meinungsstudie_a.php
[2011.06.22 21:00:42 | 000,248,533 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Link_M.rar
[2011.06.20 21:10:25 | 000,071,554 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\hobby-idee_Meinungsstudie_online_Geld_verdienen.jpg
[2011.06.20 08:13:32 | 000,050,743 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\hobby-idee.de_Tixuma_online_geld_verdienen.jpg
[2011.06.15 09:04:28 | 000,005,611 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\blaue-dampflok-knuth-vb.pdf
[2011.06.15 08:49:02 | 000,019,870 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\blaue-dampflok-knuth-hv.pdf
[2011.06.08 21:55:55 | 002,666,243 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auktinsidden 91.pdf
[2011.06.08 21:55:06 | 002,269,129 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auktinsidden 92.pdf
[2011.06.05 10:01:24 | 000,005,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\xeon-scheinwerfer-vb.pdf
[2011.06.05 10:01:01 | 000,019,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\xeon-scheinwerfer-hv.pdf
[2011.06.04 12:57:09 | 000,001,122 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\lxdf
[2011.06.03 17:50:12 | 000,016,070 | ---- | C] () -- C:\WINDOWS\German2.ini
[2011.06.03 17:50:11 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2011.06.03 17:50:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2011.01.16 19:13:42 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2011.01.13 21:55:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.07 14:27:54 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc
[2010.04.07 14:17:05 | 000,641,872 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.03.04 16:52:08 | 000,001,545 | ---- | C] () -- C:\WINDOWS\cssslang.ini
[2010.03.04 16:52:08 | 000,000,669 | ---- | C] () -- C:\WINDOWS\Id007.ini
[2010.03.04 16:52:08 | 000,000,062 | ---- | C] () -- C:\WINDOWS\csss.ini
[2010.03.04 16:08:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\tblmouse.exe
[2010.03.04 16:08:23 | 000,073,728 | ---- | C] () -- C:\WINDOWS\RmTablet.exe
[2010.03.04 16:08:23 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Funckey.dll
[2010.03.04 16:08:23 | 000,003,544 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2010.01.28 13:39:42 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010.01.28 13:35:28 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010.01.27 20:34:27 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.exe
[2010.01.27 20:34:27 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2010.01.27 20:34:21 | 000,040,960 | R--- | C] () -- C:\WINDOWS\CmiUSB2Uninstall.exe
[2010.01.27 20:34:09 | 000,005,690 | R--- | C] () -- C:\WINDOWS\Cmudau.ini
[2010.01.15 12:52:49 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010.01.06 14:04:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2009.12.03 12:48:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.11.25 14:00:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\mlcrs0ft.dll
[2009.11.23 11:37:54 | 000,000,166 | ---- | C] () -- C:\WINDOWS\EasyCT.INI
[2009.11.17 13:37:44 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll
[2009.11.08 14:28:48 | 000,054,404 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.11.07 12:16:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.07 11:25:14 | 000,004,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\QuickZip45.ini
[2009.11.06 11:50:25 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2009.11.05 13:42:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdfvs.dll
[2009.11.05 13:42:30 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfcoin.dll
[2009.11.05 13:42:07 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdfdrs.dll
[2009.11.05 13:42:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfcnv4.dll
[2009.11.05 13:42:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdfcaps.dll
[2009.11.05 13:41:51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfoem.dll
[2009.11.05 13:41:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDFPMON.DLL
[2009.11.05 13:41:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDFFXPU.DLL
[2009.11.05 13:40:09 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdfrwrd.ini
[2009.11.05 13:39:56 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfinst.dll
[2009.11.05 13:39:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdfgrd.dll
[2009.11.05 12:34:08 | 000,110,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.04 22:53:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.11.04 19:25:38 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009.11.04 02:07:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.11.04 02:04:50 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.11.04 01:55:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.11.04 01:48:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.11.04 01:44:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.11.04 01:43:39 | 003,823,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.01.16 04:42:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.01.16 04:42:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.01.16 04:42:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.01.16 04:42:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009.01.16 04:42:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.01.16 04:42:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.01.16 04:42:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.01.16 04:42:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006.06.01 21:06:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.06.01 21:06:00 | 001,868,868 | ---- | C] () -- C:\WINDOWS\System32\RSA32_16.DLL
[2006.06.01 21:06:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.06.01 21:06:00 | 000,452,304 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.06.01 21:06:00 | 000,435,396 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.06.01 21:06:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.06.01 21:06:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.06.01 21:06:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.06.01 21:06:00 | 000,081,136 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.06.01 21:06:00 | 000,068,292 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.06.01 21:06:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.06.01 21:06:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.06.01 21:06:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.06.01 21:06:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2006.06.01 21:06:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.06.01 21:06:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.06.01 21:06:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006.06.01 21:06:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010.08.11 13:15:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\6500 Series
[2011.06.16 23:37:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BOM
[2010.05.17 21:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BSplayer
[2010.01.15 12:52:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DonationCoder
[2011.02.24 21:18:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EurekaLog
[2011.06.29 10:06:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FileZilla
[2010.03.01 14:11:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FireShot
[2011.01.27 19:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FVZilla
[2011.04.30 15:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GetRightToGo
[2010.01.15 12:45:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GrabPro
[2010.12.18 15:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2010.11.21 18:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HamsterSoft
[2009.11.30 11:49:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\inkscape
[2011.06.30 18:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lexmark Productivity Studio
[2011.03.11 21:25:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MAGIX
[2009.11.07 14:04:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera
[2010.01.16 00:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Orbit
[2011.01.13 17:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PanoramaStudio2Pro
[2010.04.11 12:40:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2011.05.03 08:00:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2011.03.12 23:11:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\VideoPPT
[2009.11.05 13:41:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6500 Series
[2010.08.23 12:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2009.11.16 23:07:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2010.01.15 12:52:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DonationCoder
[2011.03.11 21:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011.05.15 16:46:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2010.05.13 13:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SITEguard
[2010.05.13 13:46:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla!
[2010.03.10 17:23:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\System Restore
[2009.11.07 14:41:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.12.04 20:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2011.05.04 19:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.05.03 07:59:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2009.11.07 15:03:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011.06.17 17:17:39 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7E95B6FD

< End of report >



OTL 2:

OTL Extras logfile created on: 02.07.2011 09:54:35 - Run 5
OTL by OldTimer - Version 3.2.25.0 Folder = C:\downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 69,81% Memory free
5,09 Gb Paging File | 4,21 Gb Available in Paging File | 82,71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 199,35 Gb Free Space | 42,80% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "F:\runtergeladene Sachen\apple safari Browser\Safari.exe" -url "%1"
https [open] -- "F:\runtergeladene Sachen\apple safari Browser\Safari.exe" -url "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "F:\runtergeladene Sachen\Fotobuch sotware\CEWW Kalender-Software\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1"
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "F:\runtergeladene Sachen\Fotobuch sotware\CEWW Kalender-Software\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008
"1043:TCP" = 1043:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\runtergeladene Sachen\Free Video Zilla\FVZilla.exe" = E:\runtergeladene Sachen\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla
"E:\runtergeladene Sachen\Drucker\Lexmark 6500 Series\lxdfmon.exe" = E:\runtergeladene Sachen\Drucker\Lexmark 6500 Series\lxdfmon.exe:*:Enabled:Printer Device Monitor
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"E:\runtergeladene Sachen\java\bin\javaw.exe" = E:\runtergeladene Sachen\java\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28FFFE19-141E-47CF-8E9B-DD75B43C4B06}" = BIOS Update
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2E3C4040-B524-43BD-A665-564D2B5C5C19}" = eHOT Line
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{47F74349-1262-45C4-9546-E405D0C1C39C}" = NetObjects Fusion 9.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8544556F-92C9-478E-9ABC-BC2823E39577}" = MAGIX Speed burnR (MSI)
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{920DF926-D85A-4ED9-8F4D-7D98F0EAF2C6}" = CEWE FOTOBUCH PRO
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0CBFC47-690E-4277-82BB-13BE18CF0C2E}" = CEWE FOTOBUCH PRO Designvorlagen
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAE31374-02C2-452E-88EC-2F16D92731A9}" = MAGIX Screenshare
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5734BB9-56FC-4937-88F2-AB34ABF49821}" = XECUTER CK3 PRO - USB
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0EA5DD0-8D2C-4762-A83E-A9B924FE8531}" = NetObjects Fusion 9.0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"CADIX Signature Screen Saver 2.0" = CADIX Signature Screen Saver 2.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"C-Media USB Sound" = TEAC media systems 5.1 USB
"C-Media USB Sound Driver" = C-Media USB Sound Driver
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.5.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.5
"Free Video Zilla_is1" = Free Video Zilla
"Google Chrome" = Google Chrome
"Hamster Free Video Converter_is1" = HamsterFreeVideoConverter
"HijackThis" = HijackThis 2.0.2
"Inkscape" = Inkscape 0.47
"IsoBuster_is1" = IsoBuster 2.8.5
"Lexmark 6500 Series" = Lexmark 6500 Series
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 15 Premium D" = MAGIX Video deluxe 15 Premium 8.0.0.62 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"NVIDIA Drivers" = NVIDIA Drivers
"PanoramaStudio2Pro" = PanoramaStudio 2.1 Pro (deinstallieren)
"PC Wizard 2009_is1" = PC Wizard 2009.1.91
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RarZilla Free Unrar" = RarZilla Free Unrar
"RealPlayer 12.0" = RealPlayer
"Rmtablet" = HyperPen USB Manager
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"TeamViewer 5" = TeamViewer 5
"Trojancheck_is1" = Trojancheck 6
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"URL Helper_is1" = URL Helper
"URLSnooper 2_is1" = URL Snooper v2.26.01
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"web2date" = DATA BECKER web to date 5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08.06.2011 10:11:08 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fusion.exe, Version 9.0.5000.5013, fehlgeschlagenes
Modul dalib.dll, Version 6.0.0.5013, Fehleradresse 0x00024ce3.

Error - 13.06.2011 14:24:09 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fusion.exe, Version 9.0.5000.5013, fehlgeschlagenes
Modul fusion.exe, Version 9.0.5000.5013, Fehleradresse 0x00057ea0.

Error - 19.06.2011 11:35:19 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pr backlink generator.exe, Version 1.0.0.0,
fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x0018c410.

Error - 30.06.2011 16:50:18 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4.

Error - 01.07.2011 01:13:41 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4.

Error - 01.07.2011 01:27:09 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4.

Error - 01.07.2011 01:45:24 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4.

Error - 02.07.2011 01:54:31 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4.

Error - 02.07.2011 02:09:50 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4.

Error - 02.07.2011 02:42:14 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4.

[ System Events ]
Error - 02.07.2011 01:54:10 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 02.07.2011 02:09:33 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Java Quick Starter" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3

Error - 02.07.2011 02:09:33 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst lxdfCATSCustConnectService.

Error - 02.07.2011 02:09:33 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 02.07.2011 02:20:11 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie
den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056

Error - 02.07.2011 02:30:13 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie
den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056

Error - 02.07.2011 02:41:57 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Java Quick Starter" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3

Error - 02.07.2011 02:41:57 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst lxdfCATSCustConnectService.

Error - 02.07.2011 02:41:57 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 02.07.2011 03:53:26 | Computer Name = HOME-PC | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


< End of report >



Und nun HijacThisk:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:52:56, on 02.07.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Lexmark 6500 Series\lxdfmon.exe
C:\Programme\Lexmark 6500 Series\lxdfamon.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
C:\Programme\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dwwin.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\downloads\HiJackThis204.exe
C:\Programme\Avira\AntiVir Desktop\avwsc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://trojaner-board.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\runtergeladene Sachen\java\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\runtergeladene Sachen\java\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Programme\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Programme\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Programme\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\runtergeladene Sachen\java\bin\jqs.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8197 bytes