BKA-Trojaner

Lilli99 · 25.12.2011, 00:13

Hallo Kira,

zu 1.
Das Problem habe ich nicht. Alles wird ordnungsgemäß angezeigt.

zu 2.
Dein Link funktioniert nicht, habe aber eine winsocks.exe runtergeladen und laufen lassen. Zwischendrin kam von Antivir die Meldung :"Zu Ihrer Sicherheit wurde der Zugriff auf die Host-Datei blockiert" (was bedeutet das?).
Winsocks meinte es hätte irgendwelche Probleme bereinigt, ist aber alles wie zuvor.
Das Problem das ich habe ist dass der PC keine IP-Adresse beziehen kann. Habe jetzt den Internet Explorer gelöscht weil ich vermute dass der infiziert ist. Habe ja noch Firefox.

zu 3.
Der Tea Timer von Spybot ist deaktiviert.
Was würdest du denn als Alternative empfehlen? Hatte immer nur Antivir und Spybot auf dem Rechner.

zu 4.
Habe gefixt mit OTL (der wollte gar keinen Neustart diesmal)
Ergebnis:

Code:

ATTFilter

========== OTL ==========
Registry key HKEY_USERS\Alle_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\ not found.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ not found.
Registry key HKEY_USERS\Alle_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_USERS\Alle_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_USERS\Alle_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\USBestCR deleted successfully.
C:\Programme\USIM Editor\iconcs968500.exe moved successfully.
Registry key HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File X:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe -a not found.
Unable to delete ADS C:\WINDOWS\System32\taskmgr.exe:SummaryInformation .
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMPFC5A2B2 .
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1CA73D29 deleted successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.31.0 log created on 12242011_180706

zu 5.
Protokoll von Malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122203

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.12.2011 17:31:16
mbam-log-2011-12-22 (17-31-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 290444
Laufzeit: 3 Stunde(n), 18 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\dokumente und einstellungen\Alle\startmenü\programme\autostart\0.2040873130720443.exe.lnk (Backdoor.Agent) -> Quarantined and deleted successfully.

zu 6.
Scan mit OTL ergab:

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 24.12.2011 18:26:29 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Alle\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,36 Mb Total Physical Memory | 655,27 Mb Available Physical Memory | 64,03% Memory free
2,40 Gb Paging File | 2,07 Gb Available in Paging File | 86,09% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 80,94 Gb Free Space | 54,31% Space Free | Partition Type: NTFS
Drive E: | 3,80 Gb Total Space | 0,72 Gb Free Space | 18,84% Space Free | Partition Type: FAT32
 
Computer Name: SN114975160314 | User Name: Alle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Alle\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\WINDOWS\system32\afasrv32.exe ()
PRC - C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
PRC - c:\APPS\HIDSERVICE\HidService.exe ()
PRC - C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\afasrv32.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
MOD - c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll ()
MOD - c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll ()
MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll ()
MOD - c:\APPS\Powercinema\Kernel\HomeNetWorking\CLNetMedia.dll ()
MOD - c:\APPS\HIDSERVICE\HidService.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Pml Driver HPZ12) --  File not found
SRV - (NMIndexingService) --  File not found
SRV - (Net Driver HPZ12) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AfaService) -- C:\WINDOWS\system32\afasrv32.exe ()
SRV - (DBService) -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe (SiSoftware)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (UPnPService) -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (CyberLink Media Library Service) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
SRV - (GenericHidService) -- c:\APPS\HIDSERVICE\HidService.exe ()
SRV - (AOL ACS) -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe (America Online, Inc.)
SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\sandra.sys (SiSoftware)
DRV - (MHIKEY10) -- C:\WINDOWS\system32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (Aldebaran) -- C:\WINDOWS\System32\Drivers\Aldebaran.sys (NewSoft Technology Corporation)
DRV - (Achernar) -- C:\WINDOWS\System32\Drivers\Achernar.sys (NewSoft Technology Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (SI3112r) -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys (Silicon Image, Inc.)
DRV - (ENETHUSB) -- C:\WINDOWS\system32\drivers\enethusb.sys (Siemens Subscriber Networks, Inc.)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Programme\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Programme\RapidSolution\AudialsOne\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009.11.29 14:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.17 00:38:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2011.10.19 01:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Extensions
[2011.12.07 18:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\ui0e5q4f.default\extensions
[2011.12.07 18:41:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\ui0e5q4f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.19 01:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.17 00:38:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2009.10.17 19:53:28 | 000,327,779 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 11212 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Programme\RapidSolution\AudialsOne\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [mspd] C:\WINDOWS\system32\mspd.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Filme_auf_DVD_7\Trayserver.exe (MAGIX AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1226772049304&h=2468ad6c63e77ab64e3824ae37cc9d55/&filename=jinstall-6u10-windows-i586-jc.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D0E3715-837E-489E-BF66-0C3E594F32BF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (fz32.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Alle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Alle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1b648ff8-3bf9-11df-ab9a-0013a33d52fe}\Shell - "" = AutoRun
O33 - MountPoints2\{1b648ff8-3bf9-11df-ab9a-0013a33d52fe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b648ff8-3bf9-11df-ab9a-0013a33d52fe}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1b648ff9-3bf9-11df-ab9a-0013a33d52fe}\Shell - "" = AutoRun
O33 - MountPoints2\{1b648ff9-3bf9-11df-ab9a-0013a33d52fe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b648ff9-3bf9-11df-ab9a-0013a33d52fe}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2eabc9b9-e829-11db-8e51-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2eabc9b9-e829-11db-8e51-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2eabc9b9-e829-11db-8e51-806d6172696f}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- [2005.07.16 22:36:50 | 000,240,128 | R--- | M] ()
O33 - MountPoints2\{b84e5298-3bfb-11df-ab9b-0013a33d52fe}\Shell - "" = AutoRun
O33 - MountPoints2\{b84e5298-3bfb-11df-ab9b-0013a33d52fe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b84e5298-3bfb-11df-ab9b-0013a33d52fe}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.24 18:07:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.22 13:56:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Malwarebytes
[2011.12.22 13:56:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.22 13:56:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.22 13:56:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.21 23:57:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Avira
[2011.12.21 23:50:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.12.21 23:49:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.12.21 23:49:14 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.21 23:49:14 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.12.21 23:49:14 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.12.21 23:48:45 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.12.21 23:48:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.12.21 23:07:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Alle\Recent
[2011.12.21 23:00:01 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.12.17 12:54:41 | 000,000,000 | ---D | C] -- C:\c588964b7966379fa2076be568ad
[2011.12.07 18:41:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\DVDVideoSoft
[2011.12.07 18:41:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.12.07 18:41:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DVDVideoSoft
[2011.12.07 18:41:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[2011.12.07 18:41:20 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2011.12.07 18:41:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alle\Eigene Dateien\DVDVideoSoft
[2011.12.01 21:13:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alle\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2007.10.28 11:04:16 | 000,049,152 | ---- | C] (Newsoft) -- C:\Programme\NSLIC.dll
[2007.10.28 11:04:10 | 000,282,624 | ---- | C] (NewSoft Technology Corporation) -- C:\Programme\VWork6rc.dll
[2007.10.28 11:03:38 | 003,538,112 | ---- | C] (NewSoft Technology Corporation) -- C:\Programme\VWorks6.exe
[2007.10.28 11:03:38 | 000,536,064 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RMBE3260.DLL
[2007.10.28 11:03:38 | 000,386,560 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\PNGU3266.DLL
[2007.10.28 11:03:38 | 000,245,760 | ---- | C] (NewSoft Corp.) -- C:\Programme\VideoCap.dll
[2007.10.28 11:03:38 | 000,241,664 | ---- | C] (NewSoft) -- C:\Programme\mp3filter.dll
[2007.10.28 11:03:38 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Programme\Pcdlib32.dll
[2007.10.28 11:03:38 | 000,172,032 | ---- | C] (newsoftinc) -- C:\Programme\Ucig3432.dll
[2007.10.28 11:03:38 | 000,172,032 | ---- | C] (NewSoft Technology Corporation) -- C:\Programme\ShowStream.dll
[2007.10.28 11:03:38 | 000,151,552 | ---- | C] (newsoftinc) -- C:\Programme\Ucijpg32.dll
[2007.10.28 11:03:38 | 000,049,152 | ---- | C] (Newsoft) -- C:\Programme\Single2.dll
[2007.10.28 11:03:38 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\Programme\Shfolder.dll
[2007.10.28 11:03:37 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Programme\Mfc42.dll
[2007.10.28 11:03:37 | 000,688,195 | ---- | C] (newsoftinc) -- C:\Programme\Fiotif32.dll
[2007.10.28 11:03:37 | 000,688,128 | ---- | C] (NewSoft Technology Corporation) -- C:\Programme\AviToMpeg2.dll
[2007.10.28 11:03:37 | 000,307,200 | ---- | C] (Newsoft) -- C:\Programme\MpegEdit.dll
[2007.10.28 11:03:37 | 000,290,869 | ---- | C] (Microsoft Corporation) -- C:\Programme\Msvcrt.dll
[2007.10.28 11:03:37 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Programme\PNCRT.DLL
[2007.10.28 11:03:37 | 000,167,936 | ---- | C] (NewSoft Technology Corporation) -- C:\Programme\AudioData.dll
[2007.10.28 11:03:37 | 000,143,360 | ---- | C] (newsoftinc) -- C:\Programme\Fiotga32.dll
[2007.10.28 11:03:37 | 000,139,264 | ---- | C] (newsoftinc) -- C:\Programme\Fiojpg32.dll
[2007.10.28 11:03:37 | 000,135,256 | ---- | C] (newsoftinc) -- C:\Programme\Fiopof32.dll
[2007.10.28 11:03:37 | 000,135,168 | ---- | C] (newsoftinc) -- C:\Programme\Fiopcd32.dll
[2007.10.28 11:03:37 | 000,131,072 | ---- | C] (NewSoft Technology Corporation) -- C:\Programme\NsRender.dll
[2007.10.28 11:03:37 | 000,114,688 | ---- | C] (newsoftinc) -- C:\Programme\Fioall32.dll
[2007.10.28 11:03:37 | 000,100,352 | ---- | C] (An Chen Computer Co., Ltd.) -- C:\Programme\CMAspi2K.dll
[2007.10.28 11:03:37 | 000,086,016 | ---- | C] (NewSoft Technology Corporation) -- C:\Programme\NSCDVD.dll
[2007.10.28 11:03:37 | 000,077,878 | ---- | C] (Microsoft Corporation) -- C:\Programme\Msvcirt.dll
[2007.10.28 11:03:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Programme\Msvcrt40.dll
[2007.10.28 11:03:37 | 000,057,344 | ---- | C] (NewSoft) -- C:\Programme\AudioCap.dll
[2007.10.28 11:03:37 | 000,053,248 | ---- | C] (Newsoft Tech. Co.) -- C:\Programme\NsDeviceDB.dll
[2007.10.28 11:03:37 | 000,049,152 | ---- | C] (newsoftinc) -- C:\Programme\Fiobmp32.dll
[2007.10.28 11:03:37 | 000,036,864 | ---- | C] (newsoftinc) -- C:\Programme\Fiopct32.dll
[2007.10.28 11:03:37 | 000,032,768 | ---- | C] (newsoftinc) -- C:\Programme\Fiopcx32.dll
[2007.10.28 11:03:37 | 000,032,768 | ---- | C] (NewSoft) -- C:\Programme\Av2Rm.dll
[2007.10.28 11:03:37 | 000,028,672 | ---- | C] (newsoftinc) -- C:\Programme\Fiowmf32.dll
[2007.10.28 11:03:36 | 000,216,576 | ---- | C] (An Chen Computer Co., Ltd.) -- C:\Programme\Achernar.dll
[2007.10.28 11:03:36 | 000,155,648 | ---- | C] (NewSoft) -- C:\Programme\Acp.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.24 18:17:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.24 18:17:22 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.24 18:17:19 | 004,911,335 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2011.12.24 17:59:59 | 000,000,294 | RHS- | M] () -- C:\BOOT.INI
[2011.12.24 17:59:42 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FE41880B-3FEA-4E03-8DA1-C761E35DDE72}.job
[2011.12.24 17:58:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.22 13:56:07 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.21 23:50:04 | 000,001,674 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2011.12.21 23:08:45 | 000,187,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Alle\Eigene Dateien\cc_20111221_230823.reg
[2011.12.21 23:03:15 | 000,001,883 | ---- | M] () -- C:\Dokumente und Einstellungen\Alle\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2011.12.21 23:03:15 | 000,001,812 | ---- | M] () -- C:\Dokumente und Einstellungen\Alle\Desktop\Avira DE-Cleaner.lnk
[2011.12.21 23:00:02 | 000,000,657 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011.12.21 22:22:56 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\taskmgr.job
[2011.12.21 22:17:33 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskmgr.exe
[2011.12.21 21:03:20 | 000,462,652 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.21 21:03:20 | 000,444,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.21 21:03:20 | 000,085,542 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.21 21:03:20 | 000,072,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.12.15 11:32:18 | 000,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.13 13:22:46 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Alle\Desktop\Word 2007.lnk
[2011.12.07 18:41:38 | 000,001,026 | ---- | M] () -- C:\Dokumente und Einstellungen\Alle\Desktop\Free YouTube to MP3 Converter.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.24 17:59:55 | 000,000,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Alle\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2011.12.22 13:56:07 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.21 23:50:04 | 000,001,674 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2011.12.21 23:08:33 | 000,187,016 | ---- | C] () -- C:\Dokumente und Einstellungen\Alle\Eigene Dateien\cc_20111221_230823.reg
[2011.12.21 23:03:15 | 000,001,883 | ---- | C] () -- C:\Dokumente und Einstellungen\Alle\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2011.12.21 23:03:15 | 000,001,812 | ---- | C] () -- C:\Dokumente und Einstellungen\Alle\Desktop\Avira DE-Cleaner.lnk
[2011.12.21 23:00:02 | 000,000,657 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011.12.21 22:22:55 | 000,000,256 | ---- | C] () -- C:\WINDOWS\tasks\taskmgr.job
[2011.12.07 18:41:38 | 000,001,026 | ---- | C] () -- C:\Dokumente und Einstellungen\Alle\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.12 16:49:46 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2010.12.02 16:08:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\afasrv32.exe
[2010.10.13 19:49:05 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.04.21 09:52:16 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Goya.INI
[2010.03.08 14:31:21 | 000,389,632 | ---- | C] () -- C:\WINDOWS\System32\mspd.exe
[2010.03.08 14:19:44 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010.03.08 14:18:38 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.12.01 02:25:42 | 000,113,603 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2009.12.01 02:25:41 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2009.12.01 02:21:53 | 000,071,565 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2009.12.01 02:19:34 | 000,071,955 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009.11.30 22:17:04 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.09.11 14:02:46 | 000,000,022 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
[2009.08.27 16:18:10 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\downloads.m3u
[2009.08.21 08:52:51 | 000,000,265 | ---- | C] () -- C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\default.rss
[2009.06.27 11:17:35 | 007,925,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2009.06.10 05:03:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009.04.04 12:52:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.09.07 16:49:49 | 000,000,424 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.09.07 16:16:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008.06.18 20:12:54 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.01.13 14:15:20 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007.11.26 15:19:51 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007.11.06 21:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007.10.28 11:38:46 | 000,182,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Alle\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.28 11:11:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007.10.28 11:04:32 | 000,000,177 | R--- | C] () -- C:\Programme\Execute.ini
[2007.10.28 11:04:32 | 000,000,175 | ---- | C] () -- C:\Programme\LUTRAY.ini
[2007.10.28 11:04:10 | 000,001,324 | ---- | C] () -- C:\Programme\VW6_set.ini
[2007.10.28 11:04:10 | 000,000,170 | ---- | C] () -- C:\Programme\LUTRAYMSG.ini
[2007.10.28 11:04:08 | 000,000,389 | ---- | C] () -- C:\Programme\VWorks6.ini
[2007.10.28 11:03:38 | 000,024,576 | ---- | C] () -- C:\Programme\ResInfo.dll
[2007.10.28 11:03:38 | 000,003,742 | ---- | C] () -- C:\Programme\VideoCap.ini
[2007.10.28 11:03:38 | 000,002,888 | ---- | C] () -- C:\Programme\Pamovie.reg
[2007.10.28 11:03:38 | 000,000,739 | R--- | C] () -- C:\Programme\importavi.ini
[2007.10.28 11:03:38 | 000,000,008 | ---- | C] () -- C:\Programme\pm20.ini
[2007.10.28 11:03:37 | 000,421,888 | ---- | C] () -- C:\Programme\LiveUpdateTray.exe
[2007.10.28 11:03:37 | 000,143,360 | ---- | C] () -- C:\Programme\LiveUpdate.dll
[2007.10.28 11:03:37 | 000,131,072 | ---- | C] () -- C:\Programme\DvInfoParser.dll
[2007.10.28 11:03:37 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2007.10.28 11:03:37 | 000,086,016 | ---- | C] () -- C:\Programme\Jpeglib.dll
[2007.10.28 11:03:37 | 000,036,864 | ---- | C] () -- C:\Programme\PALETTE.MAP
[2007.10.28 11:03:37 | 000,028,672 | ---- | C] () -- C:\Programme\GetPhotoPath.dll
[2007.10.28 11:03:37 | 000,024,576 | ---- | C] () -- C:\Programme\Eraser.exe
[2007.10.28 11:03:37 | 000,019,280 | ---- | C] () -- C:\Programme\DeviceDBInf.tdi
[2007.10.28 11:03:37 | 000,005,056 | ---- | C] () -- C:\Programme\PMMAIL.EXE
[2007.10.28 11:03:37 | 000,000,180 | ---- | C] () -- C:\Programme\FIOALL.INI
[2007.10.28 11:03:37 | 000,000,037 | ---- | C] () -- C:\Programme\Eraser.ini
[2007.10.28 11:03:36 | 000,077,824 | ---- | C] () -- C:\Programme\AVFile.dll
[2007.10.28 10:49:41 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\infcpy.dll
[2007.10.06 16:22:49 | 000,000,172 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.08.06 16:36:59 | 004,215,160 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007.06.26 19:32:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\TwainUI.INI
[2007.06.05 17:43:29 | 000,001,946 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2007.06.05 17:18:58 | 000,000,073 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2007.04.15 16:20:51 | 000,000,263 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007.04.11 14:31:41 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Alle\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.04.11 13:35:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.04.11 13:30:03 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007.04.11 13:29:36 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.04.11 13:22:16 | 000,000,410 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2007.04.11 13:15:45 | 000,007,615 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2007.04.11 13:14:19 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007.04.11 13:06:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007.04.11 13:06:48 | 000,001,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2007.04.11 13:06:24 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007.04.11 13:06:20 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.10.21 14:28:56 | 000,005,968 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.08.02 15:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005.08.02 15:35:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005.08.02 15:35:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005.08.02 15:35:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005.08.02 15:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005.08.02 15:35:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.08.02 15:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005.08.02 15:35:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005.08.02 15:35:00 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005.08.02 15:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004.08.11 18:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.11 18:10:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.08.11 18:03:37 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.11 17:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.11 17:56:16 | 000,349,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.11 17:48:09 | 000,462,652 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.11 17:48:09 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.11 17:48:09 | 000,085,542 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.11 17:48:09 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.11 17:47:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.11 17:47:46 | 000,444,164 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.11 17:47:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.11 17:47:46 | 000,072,040 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.11 17:47:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.11 17:47:45 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.11 17:47:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.11 17:47:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.08.11 17:47:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.11 17:47:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.11 17:47:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.11 17:47:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.06.23 13:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.07.06 14:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1997.06.14 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\taskmgr.exe:SummaryInformation
@Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

< End of report >

und Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 24.12.2011 18:26:29 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Alle\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,36 Mb Total Physical Memory | 655,27 Mb Available Physical Memory | 64,03% Memory free
2,40 Gb Paging File | 2,07 Gb Available in Paging File | 86,09% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 80,94 Gb Free Space | 54,31% Space Free | Partition Type: NTFS
Drive E: | 3,80 Gb Total Space | 0,72 Gb Free Space | 18,84% Space Free | Partition Type: FAT32
 
Computer Name: SN114975160314 | User Name: Alle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Programme\Nero\Nero 9\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 9\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Disabled:Packard Bell - Skype
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe:*:Disabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe:*:Disabled:SiSoftware Sandra Agent Service -- (SiSoftware)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07e9abf9-d9b9-4a02-bea4-dcd6a9663be5}" = Nero 9
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio UDF Reader
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A0B8239-664B-434A-99D8-C50793513249}" = Audials TV
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{21AFF51C-9353-49A9-BA58-5BEA5630BA15}" = Radiotracker
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{2BB90164-91B9-4567-9A3C-88652BA1DA49}" = Tunebite
"{2C9241DC-E141-4BB9-99F2-0BC54D81862F}" = Smart Start UP
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3C516E56-0B4B-4BDE-88A2-035B4D170A26}" = Dual Mode Digital Camera 5.0M
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision Help
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{956AB2F3-CE39-4078-82DC-B2B7F1BEEEC5}" = Tagrunner
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}" = Presto! VideoWorks 6
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{b86754dd-2ddb-4ac0-9015-cb487277254e}" = InCD Help
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}" = Presto! Mr. Photo 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CF49A5C4-E09A-4A22-BE7B-E42C687952BC}" = O&O Defrag Professional
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E78FC917-C21B-11D2-99FE-00105A98B681}" = Microsoft Picture It! 2000
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcSoft PhotoImpression 2000" = ArcSoft PhotoImpression 2000
"AudialsOne_is1" = AudialsOne 3.0.5006.600
"AudioCon" = AudioCon
"Avira AntiVir Desktop" = Avira Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.25.0
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"EfntSSDSL" = Siemens Subscriber Networks SpeedStream DSL
"EOS Utility" = Canon Utilities EOS Utility
"ExpressRip" = Express Rip
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"HD Tach_is1" = HD Tach version 3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"MAGIX Filme auf DVD 7 D" = MAGIX Filme auf DVD 7 7.0.3.3 (D)
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.2.0.176 (D)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.54 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 2006 2007 silver D" = MAGIX Video deluxe 2006 2007 silver 6.0.5.3 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MPEG2 Video Encoder_is1" = DATA BECKER MPEG2 Video Encoder
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Pixillion" = Pixillion Image Converter
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Stream Catcher 2_is1" = DATA BECKER Stream Catcher 2
"Switch" = Switch Sound File Converter
"VLC media player" = VLC media player 0.9.8a
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.12.2011 22:22:57 | Computer Name = SN114975160314 | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{2eabc9b9-e829-11db-8e51-806d6172696f},0xc0000000,0x00000003,...)".
 hr = 0x80070005.
 
Error - 21.12.2011 22:23:20 | Computer Name = SN114975160314 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
 in 0x800423f3) fehlgeschlagen.
 
Error - 21.12.2011 22:39:46 | Computer Name = SN114975160314 | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{2eabc9b9-e829-11db-8e51-806d6172696f},0xc0000000,0x00000003,...)".
 hr = 0x80070005.
 
Error - 21.12.2011 22:40:09 | Computer Name = SN114975160314 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
 in 0x800423f3) fehlgeschlagen.
 
Error - 22.12.2011 02:52:06 | Computer Name = SN114975160314 | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{2eabc9b9-e829-11db-8e51-806d6172696f},0xc0000000,0x00000003,...)".
 hr = 0x80070005.
 
Error - 22.12.2011 02:52:28 | Computer Name = SN114975160314 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
 in 0x800423f3) fehlgeschlagen.
 
Error - 22.12.2011 02:52:31 | Computer Name = SN114975160314 | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{2eabc9b9-e829-11db-8e51-806d6172696f},0xc0000000,0x00000003,...)".
 hr = 0x80070005.
 
Error - 22.12.2011 02:52:53 | Computer Name = SN114975160314 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
 in 0x800423f3) fehlgeschlagen.
 
Error - 22.12.2011 02:52:55 | Computer Name = SN114975160314 | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{2eabc9b9-e829-11db-8e51-806d6172696f},0xc0000000,0x00000003,...)".
 hr = 0x80070005.
 
Error - 24.12.2011 13:28:43 | Computer Name = SN114975160314 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
 unknown, Version 0.0.0.0, Fehleradresse 0x10005a29.
 
[ System Events ]
Error - 24.12.2011 13:01:26 | Computer Name = SN114975160314 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Net Driver HPZ12" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 24.12.2011 13:01:26 | Computer Name = SN114975160314 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Pml Driver HPZ12" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 24.12.2011 13:01:40 | Computer Name = SN114975160314 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   TfFsMon  TfSysMon
 
Error - 24.12.2011 13:12:31 | Computer Name = SN114975160314 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Net Driver HPZ12" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 24.12.2011 13:12:31 | Computer Name = SN114975160314 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Pml Driver HPZ12" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 24.12.2011 13:12:40 | Computer Name = SN114975160314 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   TfFsMon  TfSysMon
 
Error - 24.12.2011 13:17:32 | Computer Name = SN114975160314 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Net Driver HPZ12" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 24.12.2011 13:17:32 | Computer Name = SN114975160314 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Pml Driver HPZ12" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 24.12.2011 13:17:44 | Computer Name = SN114975160314 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   TfFsMon  TfSysMon
 
Error - 24.12.2011 13:27:59 | Computer Name = SN114975160314 | Source = Service Control Manager | ID = 7034
Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
[ TuneUp Events ]
Error - 22.12.2011 08:56:16 | Computer Name = SN114975160314 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-12-22 13:56:16', '\device\harddiskvolume1\programme\malwarebytes'
 anti-malware\mbam.exe','3628',0)
 
Error - 22.12.2011 08:56:48 | Computer Name = SN114975160314 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-12-22 13:56:48', '\device\harddiskvolume1\programme\malwarebytes'
 anti-malware\mbam.exe','3780',0)
 
 
< End of report >

zu 7.
Programme von Ccleaner:

Code:

ATTFilter

Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	24.12.2011		10.1.102.64
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	24.12.2011		11.0.1.152
Adobe Reader 7.1.0 - Deutsch	Adobe Systems Incorporated	31.07.2008	79,5MB	7.1.0
ArcSoft PhotoImpression 2000		24.12.2011		
Audials TV	RapidSolution Software AG	29.11.2009	3,23MB	1.3.10800.0
AudialsOne 3.0.5006.600	RapidSolution Software AG	29.11.2009		
AudioCon	Basement Softworks	24.12.2011		1.0
Avira Free Antivirus	Avira	24.12.2011		12.0.0.872
Canon Camera Access Library		24.12.2011		8.4.0.1
Canon Camera Support Core Library		22.12.2011		7.3.1.6
Canon Camera Window DSLR 5 for ZoomBrowser EX	Canon	07.09.2008		5.3.1
Canon G.726 WMP-Decoder		22.12.2011		1.1.0.4
CANON iMAGE GATEWAY Task for ZoomBrowser EX		22.12.2011		1.4.0.8
Canon Internet Library for ZoomBrowser EX		22.12.2011		1.6.0.3
Canon MovieEdit Task for ZoomBrowser EX		22.12.2011		2.5.0.15
Canon PhotoRecord	Cisra	07.09.2008	80,5MB	02.02.03002
Canon RAW Image Task for ZoomBrowser EX		22.12.2011		0.9.3.9
Canon Utilities CameraWindow		24.12.2011		7.0.0.8
Canon Utilities CameraWindow DC		24.12.2011		7.0.0.15
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX		24.12.2011		5.4.5.17
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX		24.12.2011		6.4.1.15
Canon Utilities EOS Utility		24.12.2011		1.1.0.8
Canon Utilities MyCamera		24.12.2011		6.4.0.5
Canon Utilities MyCamera DC		24.12.2011		7.0.0.5
Canon Utilities PhotoStitch		24.12.2011		3.1.20.44
Canon Utilities RemoteCapture DC		24.12.2011		3.0.1.8
Canon Utilities RemoteCapture Task for ZoomBrowser EX		24.12.2011		1.7.1.9
Canon Utilities ZoomBrowser EX		24.12.2011		6.0.0.246
Canon ZoomBrowser EX Memory Card Utility		24.12.2011		1.0.0.19
CCleaner	Piriform	24.12.2011		3.14
DATA BECKER MPEG2 Video Encoder		08.03.2010		
DATA BECKER Stream Catcher 2		08.03.2010		
Dual Mode Digital Camera 5.0M		24.12.2011		
Express Rip	NCH Swift Sound	24.12.2011		
FaxTools	BVRP Software	24.12.2011		5.10
Firebird SQL Server - MAGIX Edition	MAGIX AG	08.03.2010		2.0.1.13
Free YouTube to MP3 Converter version 3.10.13.1123	DVDVideoSoft Ltd.	07.12.2011		
Google Earth	Google	28.04.2008	25,3MB	4.3.7191.6508
Google Toolbar for Internet Explorer	Google Inc.	01.11.2009		
HD Tach version 3	Simpli Software, Inc.	27.06.2009		
HP Image Zone Express	Hewlett-Packard	23.08.2007	8,95MB	1.5.1.29
Intel(R) Integrated Performance Primitives RTI 4.0	Intel Corporation	28.10.2007	59,2MB	4.0.23
Java(TM) 6 Update 10	Sun Microsystems, Inc.	21.11.2008	94,4MB	6.0.100
MAGIX Filme auf DVD 7 7.0.3.3 (D)	MAGIX AG	08.03.2010		7.0.3.3
MAGIX Foto Manager 2007 4.2.0.176 (D)	MAGIX AG	08.03.2010		4.2.0.176
MAGIX Foto Manager 8 6.0.1.457 (D)	MAGIX AG	08.03.2010		6.0.1.457
MAGIX Fotobuch 3.6	MAGIX AG	24.12.2011		3.6
MAGIX Goya burnR 1.3.1.3 (D)	MAGIX AG	08.03.2010		1.3.1.3
MAGIX Music Manager 2007 8.2.0.54 (D)	MAGIX AG	08.03.2010		8.2.0.54
MAGIX Online Druck Service 3.4.3.0 (D)	MAGIX AG	08.03.2010		3.4.3.0
MAGIX Screenshare 4.3.6.1987 (D)	MAGIX AG	08.03.2010		4.3.6.1987
MAGIX Video deluxe 2006 2007 silver 6.0.5.3 (D)	MAGIX AG	08.03.2010		6.0.5.3
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	22.12.2011		1.51.2.1300
Microsoft .NET Framework 1.1		13.10.2011		
Microsoft .NET Framework 1.1 German Language Pack	Microsoft	11.04.2007	3,02MB	1.1.4322
Microsoft .NET Framework 2.0 Service Pack 2	Microsoft Corporation	22.12.2011	184,3MB	2.2.30729
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU	Microsoft Corporation	27.06.2009	6,30MB	2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2	Microsoft Corporation	22.12.2011	209MB	3.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU	Microsoft Corporation	27.06.2009	37,5MB	3.2.30729
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	22.12.2011		
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	22.12.2011		
Microsoft Office Home and Student 2007	Microsoft Corporation	24.08.2007		12.0.4518.1014
Microsoft Picture It! 2000	Microsoft	05.06.2007	402MB	4.0.0.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	18.08.2009	5,21MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	26.06.2009	10,3MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	04.11.2010	10,2MB	9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	21.12.2011	11,1MB	10.0.40219
Mozilla Firefox 8.0 (x86 de)	Mozilla	24.12.2011		8.0
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	12.04.2007	2,56MB	4.20.9841.0
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	15.08.2007	2,62MB	4.20.9848.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	19.11.2008	2,67MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.11.2009	2,77MB	4.20.9876.0
Nero 9	Nero AG	30.11.2009		
Norton PartitionMagic 8.0	Symantec	27.06.2009		8.05.000
O&O Defrag Professional	O&O Software GmbH	27.06.2009	34,8MB	11.5.4101
phonostar-Player Version 2.01.0		24.12.2011		
PixiePack Codec Pack	None	29.11.2009	16,4MB	1.1.400.0
Pixillion Image Converter	NCH Software	24.12.2011		
Presto! Mr. Photo 3		22.12.2011		
Presto! VideoWorks 6	NewSoft	28.10.2007		6.20.12
Protect Disc License Helper 1.0.118	Protect Disc	24.12.2011		1.0.118
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	22.12.2011		11.0.0.11
Radiotracker	RapidSolution Software AG	29.11.2009	167,5MB	5.0.23056.5600
RealPlayer	RealNetworks	24.12.2011		
Roxio UDF Reader	Roxio	07.09.2008	2,92MB	4.97
Roxio Update Manager	Roxio	07.09.2008	2,39MB	3.0.0
Siemens Subscriber Networks SpeedStream DSL		24.12.2011		
SiSoftware Sandra Lite 2009	SiSoftware	27.06.2009		15.42.2009.1
Smart Start UP		24.12.2011		
Spybot - Search & Destroy	Safer Networking Limited	27.06.2009		1.6.2
Switch Sound File Converter	NCH Software	22.12.2011		
Tagrunner	RapidSolution Software AG	29.11.2009	7,62MB	2.1.6700.0
Tunebite	RapidSolution Software AG	29.11.2009	116,3MB	6.0.31728.2500
TuneUp Utilities 2009	TuneUp Software	27.06.2009	44,8MB	8.0.1210.1
USIM Editor 1.0.25.0		02.12.2010		
VLC media player 0.9.8a	VideoLAN Team	24.12.2011		0.9.8a
WavePad Sound Editor	NCH Software	24.12.2011		
Windows Genuine Advantage Validation Tool (KB892130)	Microsoft Corporation	27.06.2009		
Windows Internet Explorer 8	Microsoft Corporation	27.06.2009		20090308.140743
Windows Media Format 11 runtime		24.12.2011		
Windows Media Player 11		24.12.2011		
WinPcap 4.0.2	CACE Technologies	24.12.2011		4.0.0.1040

Den Internet explorer habe ich wie gesagt deinstalliert.

Und jetzt?

BKA-Trojaner

Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner

BKA-Trojaner