Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner auf dem pc oder nicht?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.03.2012, 16:43   #1
theda
 
BKA-Trojaner auf dem pc oder nicht? - Standard

BKA-Trojaner auf dem pc oder nicht?



hallo forum,
ich habe gestern eine version des bka-trojaners auf meinem rechner vorgefunden, die den pc zunächst gesperrt hat. nach ausführlichen recherchen im netz habe ich keine version gefunden, die der meinen ähnelt und daher auch keinen lösungsansatz. nach neutstarten des rechners, war vom trojaner dann aber erst mal nichts mehr zu sehen, der pc läuft scheinbar normal. nun meine frage: ist das ding trotzdem noch auf dem rechner oder nicht? möglicherweise eine naive frage - da ich jedoch eine absolute pc-idiotin bin, bitte ich das (und alle folgenden begriffstutzigkeiten) zu entschuldigen .
vielen dank für eine antwort!
lg, theda

Alt 01.03.2012, 18:36   #2
markusg
/// Malware-holic
 
BKA-Trojaner auf dem pc oder nicht? - Standard

BKA-Trojaner auf dem pc oder nicht?



hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 01.03.2012, 18:54   #3
theda
 
BKA-Trojaner auf dem pc oder nicht? - Standard

BKA-Trojaner auf dem pc oder nicht?



hallo markus,
danke für deine schnelle rückmeldung!
habe otl.exe runtergeladen und die angegebenen schritte befolgt.
leider hängt sich der otl-scan schon nach wenigen sekunden auf ("keine rückmeldung").

des weiteren gibt antivir seit einigen stunden immer wieder folgende warnmeldung: TR/LockScreen.BU.1 gefunden. steht das in irgendeinem zusammenhang zum erstgenannten problem mit dem bka trojaner?

wie soll ich weiter verfahren?
vielen dank für deine hilfe,
theda
__________________

Alt 01.03.2012, 19:19   #4
markusg
/// Malware-holic
 
BKA-Trojaner auf dem pc oder nicht? - Standard

BKA-Trojaner auf dem pc oder nicht?



hi, wie siehts aus wenn du mein script weg lässt?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.03.2012, 19:26   #5
theda
 
BKA-Trojaner auf dem pc oder nicht? - Standard

BKA-Trojaner auf dem pc oder nicht?



hi,
was meinst du mit "script"?
ich habe den scan gestartet, nachdem ich otl heruntergeladen hatte. der scan bricht aber schon nach wenigen sekunden ab, das programm reagiert dann nicht mehr.


Alt 01.03.2012, 19:59   #6
markusg
/// Malware-holic
 
BKA-Trojaner auf dem pc oder nicht? - Standard

BKA-Trojaner auf dem pc oder nicht?



ok
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
--> BKA-Trojaner auf dem pc oder nicht?

Alt 01.03.2012, 20:12   #7
theda
 
BKA-Trojaner auf dem pc oder nicht? - Standard

BKA-Trojaner auf dem pc oder nicht?



hallo markus,
aus welchen gründen auch immer hat otl den scan nun doch ausgeführt (glaube ich zumindest). anbei der inhalt:
wie gehts weiter?OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.03.2012 19:23:11 - Run 2
OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Theda\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 42,75% Memory free
6,21 Gb Paging File | 4,30 Gb Available in Paging File | 69,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 585,42 Gb Total Space | 298,15 Gb Free Space | 50,93% Space Free | Partition Type: NTFS
 
Computer Name: THEDA | User Name: Theda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Theda\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office\WINWORD.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\77127374bf3de8ede2afcdee94bde3c8\Mcx2Dvcs.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\475ace6e7cf2fdeba90bda946181e15c\Microsoft.MediaCenter.iTv.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehshell\c5db95cc089f53a8466086e19ec47322\ehshell.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\015a692fac966be04ba567b1016c315d\Microsoft.MediaCenter.Sports.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ca71fd7a568c1f54cdf0b94fd4ca71d3\Microsoft.MediaCenter.Shell.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\e3b8664bf8adac1620ed2c4b64478079\mcstoredb.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\675186fa7a9ca81a3a0420d79c6ab55c\mcstore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mcepg\9c634d1c8f581ddaec27586ae9768af9\mcepg.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\cc0160371f83adff14372fab549c5cf3\ehRecObj.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\3fc7c1f48d8da8165448183e51d0d594\ehiWUapi.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\b97d8b3b8e79d23f9fd32bab5766e272\Microsoft.MediaCenter.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\19c33a17570a639bf4007e52cfbb5202\ehiUserXp.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\f5a83e59ee751f6eff633093d1778e4a\Microsoft.MediaCenter.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\d984ef82ef09d68c7746815835df261b\ehiExtCOM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\3ec4e67623abf2e7e58b7bc56f62b722\ehiProxy.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\2050dc7a96918bd474c59851faf87d63\BDATunePIA.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mcplayerinterop\6.0.6000.0__31bf3856ad364e35\mcplayerinterop.dll ()
MOD - C:\Windows\assembly\GAC_32\Mcx2Dvcs\6.0.6000.0__31bf3856ad364e35\Mcx2Dvcs.dll ()
MOD - C:\Windows\assembly\GAC_32\mcstoredb\6.0.6000.0__31bf3856ad364e35\mcstoredb.dll ()
MOD - C:\Windows\assembly\GAC_32\BDATunePIA\6.0.6000.0__31bf3856ad364e35\BDATunePIA.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll ()
MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 2C D0 3D 3C D1 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 23:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:15:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 08:45:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2009.01.31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Extensions
[2012.02.05 18:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions
[2012.01.25 20:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.12.24 10:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.21 08:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.18 09:15:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.03 17:50:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.11 16:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.11 16:10:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.11 16:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 16:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 16:10:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.11 16:10:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
O4 - HKLM..\Run: [AuditVista]   File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Theda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490F112D-237A-4E5F-A1E1-864FEC0A7C89}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07022D8-8C3F-4268-BD89-F38F1DFC4C93}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG
O24 - Desktop BackupWallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d00fe1da-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{d00fe1e0-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{d355840c-1d53-11df-9200-001180d0a427}\Shell\AutoRun\command - "" = I:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\J:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.29 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Theda\AppData\Local\NPE
[2012.02.29 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.01 19:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.01 18:16:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 18:16:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 18:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.01 18:16:17 | 3219,623,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.01 00:26:57 | 000,010,894 | ---- | M] () -- C:\Users\Theda\AppData\Roaming\SmarThruOptions.xml
[2012.02.29 23:15:58 | 000,001,886 | ---- | M] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.02.29 23:15:58 | 000,001,815 | ---- | M] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk
[2012.02.29 19:43:40 | 000,147,456 | RHS- | M] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll
[2012.02.26 16:36:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.26 16:36:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.26 16:36:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.26 16:36:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.18 09:22:48 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.02.01 23:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
 
========== Files Created - No Company Name ==========
 
[2012.02.29 23:11:14 | 000,001,886 | ---- | C] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.02.29 23:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk
[2012.02.29 19:43:40 | 000,147,456 | RHS- | C] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll
[2010.12.21 16:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini
[2010.09.07 20:18:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.07.18 23:28:50 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.03.21 19:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

< End of report >
         
--- --- ---

Alt 01.03.2012, 20:57   #8
theda
 
BKA-Trojaner auf dem pc oder nicht? - Standard

BKA-Trojaner auf dem pc oder nicht?



hallo markus,
ich habe nun noch einmal versucht, deine anweisungen schritt für schritt auszuführen, d.h.:
1. habe den otl scan ausgeführt
2. den inhalt von otl.txt und extras.txt in die textbox "benutzerdefinierte scans/fixes" eingefügt
3. alle programme geschlossen
4. den quick scan ausgeführt
5. nach beendigung des quick scans den inhalt aus der otl.txt datei hier hinein kopOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.03.2012 20:51:19 - Run 5
OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Theda\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,22% Memory free
6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 585,42 Gb Total Space | 298,90 Gb Free Space | 51,06% Space Free | Partition Type: NTFS
 
Computer Name: THEDA | User Name: Theda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Theda\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll ()
MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 2C D0 3D 3C D1 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 23:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:15:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 08:45:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2009.01.31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Extensions
[2012.02.05 18:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions
[2012.01.25 20:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.12.24 10:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.21 08:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.18 09:15:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.03 17:50:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.11 16:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.11 16:10:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.11 16:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 16:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 16:10:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.11 16:10:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
O4 - HKLM..\Run: [AuditVista]   File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Theda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490F112D-237A-4E5F-A1E1-864FEC0A7C89}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07022D8-8C3F-4268-BD89-F38F1DFC4C93}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG
O24 - Desktop BackupWallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d00fe1da-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{d00fe1e0-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{d355840c-1d53-11df-9200-001180d0a427}\Shell\AutoRun\command - "" = I:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\J:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.29 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Theda\AppData\Local\NPE
[2012.02.29 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.01 20:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 18:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.01 18:16:17 | 3219,623,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.01 00:26:57 | 000,010,894 | ---- | M] () -- C:\Users\Theda\AppData\Roaming\SmarThruOptions.xml
[2012.02.29 23:15:58 | 000,001,886 | ---- | M] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.02.29 23:15:58 | 000,001,815 | ---- | M] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk
[2012.02.29 19:43:40 | 000,147,456 | RHS- | M] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll
[2012.02.26 16:36:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.26 16:36:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.26 16:36:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.26 16:36:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.18 09:22:48 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.02.01 23:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
 
========== Files Created - No Company Name ==========
 
[2012.02.29 23:11:14 | 000,001,886 | ---- | C] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.02.29 23:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk
[2012.02.29 19:43:40 | 000,147,456 | RHS- | C] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll
[2010.12.21 16:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini
[2010.09.07 20:18:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.07.18 23:28:50 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.03.21 19:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== LOP Check ==========
 
[2011.01.30 18:03:36 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\Cornelsen
[2010.03.21 17:54:35 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\GARMIN
[2011.05.13 18:51:03 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\NCH Swift Sound
[2011.11.07 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\OpenOffice.org
[2010.02.04 14:52:47 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\PaperPublisher
[2009.12.29 19:13:14 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\SmarThru4
[2012.03.01 17:15:44 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< OTL logfile created on: 01.03.2012 20:28:47 - Run 4 >
 
< OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Theda\Downloads >
 
< Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation >
 
< Internet Explorer (Version = 8.0.6001.19088) >
 
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
 
<   >
 
< 3,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,55% Memory free >
 
< 6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,81% Paging File free >
 
< Paging file location(s): ?:\pagefile.sys [binary data] >
 
<   >
 
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
 
< Drive C: | 585,42 Gb Total Space | 299,40 Gb Free Space | 51,14% Space Free | Partition Type: NTFS >
 
<   >
 
< Computer Name: THEDA | User Name: Theda | Logged in as Administrator. >
 
< Boot Mode: Normal | Scan Mode: Current user >
 
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
 
<   >
 
< ========== Processes (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
< PRC - C:\Users\Theda\Downloads\OTL(2).exe (OldTimer Tools) >
 
< PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) >
 
< PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) >
 
< PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) >
 
< PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) >
 
< PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) >
 
< PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) >
 
< PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) >
 
< PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) >
 
< PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) >
 
< PRC - C:\Windows\explorer.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) >
 
< PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) >
 
< PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () >
 
< PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () >
 
< PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) >
 
< PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) >
 
< PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) >
 
<   >
 
<   >
 
< ========== Modules (No Company Name) ========== >
Invalid Switch: color]

 
<   >
 
< MOD - C:\Programme\Mozilla Firefox\mozjs.dll () >
 
< MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () >
 
< MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () >
 
< MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () >
 
< MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () >
 
< MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll () >
 
< MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll () >
 
< MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll () >
 
< MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU () >
 
< MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU () >
 
< MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu () >
 
< MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU () >
 
< MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll () >
 
< MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () >
 
< MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () >
 
< MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () >
 
<   >
 
<   >
 
< ========== Win32 Services (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
< SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) >
 
< SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) >
 
< SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) >
 
< SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) >
 
< SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) >
 
<   >
 
<   >
 
< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
< DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) >
 
< DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) >
 
< DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) >
 
< DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) >
 
< DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH) >
 
< DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) >
 
< DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) >
 
< DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) >
 
< DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) >
 
< DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) >
 
< DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) >
 
< DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) >
 
< DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.) >
 
<   >
 
<   >
 
< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
<   >
 
< ========== Internet Explorer ========== >
Invalid Switch: color]

 
<   >
 
< IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) >
 
< IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} >
 
< IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} >
 
< IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 >
 
<   >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN >
Invalid Switch: ?ocid=iehp

 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 2C D0 3D 3C D1 CC 01  [binary data] >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 >
 
< IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} >
 
< IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC >
 
< IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 >
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local >
 
<   >
 
< ========== FireFox ========== >
Invalid Switch: color]

 
<   >
 
< FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 >
 
< FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 >
 
< FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 >
 
<   >
 
<   >
 
< FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () >
Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

 
< FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found >
Invalid Switch: iTunes,version=:  File not found

 
< FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () >
Invalid Switch: iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

 
< FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) >
Invalid Switch: GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

 
< FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) >
Invalid Switch: JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) >
Invalid Switch: WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 
< FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) >
Invalid Switch: nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) >
Invalid Switch: nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) >
Invalid Switch: nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) >
Invalid Switch: nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) >
Invalid Switch: nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found >
Invalid Switch: nsJSRealPlayerPlugin;version=:  File not found

 
< FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 
<   >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 23:34:11 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:15:32 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 08:45:36 | 000,000,000 | ---D | M] >
 
< FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin >
 
< FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter >
 
<   >
 
< [2009.01.31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Extensions >
 
< [2012.02.05 18:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions >
 
< [2012.01.25 20:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} >
 
< [2011.12.24 10:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} >
 
< [2011.12.21 08:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions >
 
< [2012.02.18 09:15:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll >
 
< [2011.05.03 17:50:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll >
 
< [2012.01.11 16:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml >
 
< [2012.01.11 16:10:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml >
 
< [2012.01.11 16:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml >
 
< [2012.01.11 16:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml >
 
< [2012.01.11 16:10:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml >
 
< [2012.01.11 16:10:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml >
 
<   >
 
< O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts >
 
< O1 - Hosts: 127.0.0.1       localhost >
 
< O1 - Hosts: ::1             localhost >
 
< O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) >
 
< O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) >
 
< O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) >
 
< O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () >
 
< O4 - HKLM..\Run: [AuditVista]   File not found >
 
< O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) >
 
< O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) >
 
< O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) >
 
< O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) >
 
< O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) >
 
< O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () >
 
< O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) >
 
< O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) >
 
< O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) >
 
< O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) >
 
< O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) >
 
< O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) >
 
< O4 - Startup: C:\Users\Theda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () >
 
< O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () >
 
< O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () >
 
< O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () >
 
< O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm () >
 
< O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () >
 
< O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm () >
 
< O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll () >
 
< O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () >
 
< O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () >
 
< O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) >
 
< O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) >
 
< O13 - gopher Prefix: missing >
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490F112D-237A-4E5F-A1E1-864FEC0A7C89}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56 >
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07022D8-8C3F-4268-BD89-F38F1DFC4C93}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 >
 
< O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) >
 
< O24 - Desktop WallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG >
 
< O24 - Desktop BackupWallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG >
 
< O32 - HKLM CDRom: AutoRun - 1 >
 
< O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] >
 
< O33 - MountPoints2\{d00fe1da-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe >
 
< O33 - MountPoints2\{d00fe1e0-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe >
 
< O33 - MountPoints2\{d355840c-1d53-11df-9200-001180d0a427}\Shell\AutoRun\command - "" = I:\Menu.exe >
 
< O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) >
Invalid Switch: p \??\J:)

 
< O34 - HKLM BootExecute: (autocheck autochk *) >
 
< O35 - HKLM\..comfile [open] -- "%1" %* >
 
< O35 - HKLM\..exefile [open] -- "%1" %* >
 
< O37 - HKLM\...com [@ = comfile] -- "%1" %* >
 
< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >
 
<   >
 
< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]

 
<   >
 
< [2012.02.29 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Theda\AppData\Local\NPE >
 
< [2012.02.29 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton >
 
<   >
 
< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]

 
<   >
 
< [2012.03.01 20:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job >
 
< [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 >
 
< [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 >
 
< [2012.03.01 18:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat >
 
< [2012.03.01 18:16:17 | 3219,623,936 | -HS- | M] () -- C:\hiberfil.sys >
 
< [2012.03.01 00:26:57 | 000,010,894 | ---- | M] () -- C:\Users\Theda\AppData\Roaming\SmarThruOptions.xml >
 
< [2012.02.29 23:15:58 | 000,001,886 | ---- | M] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk >
 
< [2012.02.29 23:15:58 | 000,001,815 | ---- | M] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk >
 
< [2012.02.29 19:43:40 | 000,147,456 | RHS- | M] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll >
 
< [2012.02.26 16:36:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat >
 
< [2012.02.26 16:36:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat >
 
< [2012.02.26 16:36:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat >
 
< [2012.02.26 16:36:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat >
 
< [2012.02.18 09:22:48 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk >
 
< [2012.02.01 23:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job >
 
<   >
 
< ========== Files Created - No Company Name ========== >
Invalid Switch: color]

 
<   >
 
< [2012.02.29 23:11:14 | 000,001,886 | ---- | C] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk >
 
< [2012.02.29 23:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk >
 
< [2012.02.29 19:43:40 | 000,147,456 | RHS- | C] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll >
 
< [2010.12.21 16:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini >
 
< [2010.09.07 20:18:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini >
 
< [2010.07.18 23:28:50 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini >
 
< [2010.03.21 19:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat >
 
<  >
 
< < End of report >
         

--- --- ---
>


<OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.03.2012 20:28:47 - Run 4 >
         
Code:
ATTFilter
 
< OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Theda\Downloads >
 
< Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation >
 
< Internet Explorer (Version = 8.0.6001.19088) >
 
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
 
<   >
 
< 3,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,55% Memory free >
 
< 6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,81% Paging File free >
 
< Paging file location(s): ?:\pagefile.sys [binary data] >
 
<   >
 
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
 
< Drive C: | 585,42 Gb Total Space | 299,40 Gb Free Space | 51,14% Space Free | Partition Type: NTFS >
 
<   >
 
< Computer Name: THEDA | User Name: Theda | Logged in as Administrator. >
 
< Boot Mode: Normal | Scan Mode: Current user >
 
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
 
<   >
 
< ========== Extra Registry (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
<   >
 
< ========== File Associations ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >
 
< .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) >
 
< .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) >
 
< .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) >
 
<   >
 
< [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] >
 
< .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) >
 
<   >
 
< ========== Shell Spawning ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >
 
< batfile [open] -- "%1" %* >
 
< cmdfile [open] -- "%1" %* >
 
< comfile [open] -- "%1" %* >
 
< cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) >
 
< exefile [open] -- "%1" %* >
 
< helpfile [open] -- Reg Error: Key error. >
 
< hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) >
 
< htmlfile [edit] -- Reg Error: Key error. >
 
< htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" >
 
< http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
 
< https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
 
< inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) >
 
< piffile [open] -- "%1" %* >
 
< regfile [merge] -- Reg Error: Key error. >
 
< scrfile [config] -- "%1" >
 
< scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >
 
< scrfile [open] -- "%1" /S >
 
< txtfile [edit] -- Reg Error: Key error. >
 
< Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >
 
< Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >
 
< Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
 
< Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) >
Invalid Switch: idlist,%I,%L (Microsoft Corporation)

 
< Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) >
Invalid Switch: idlist,%I,%L (Microsoft Corporation)

 
< Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
 
<   >
 
< ========== Security Center Settings ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >
 
< "cval" = 1 >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >
 
< "AntiVirusOverride" = 0 >
 
< "AntiSpywareOverride" = 0 >
 
< "FirewallOverride" = 0 >
 
< "VistaSp1" = Reg Error: Unknown registry data type -- File not found >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] >
 
<   >
 
< ========== Firewall Settings ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] >
 
< "EnableFirewall" = 1 >
 
< "DisableNotifications" = 0 >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] >
 
< "EnableFirewall" = 1 >
 
< "DisableNotifications" = 0 >
 
< "DoNotAllowExceptions" = 0 >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] >
 
< "EnableFirewall" = 1 >
 
< "DisableNotifications" = 0 >
 
<   >
 
< ========== Authorized Applications List ========== >
Invalid Switch: color]

 
<   >
 
<   >
 
< ========== Vista Active Open Ports Exception List ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
 
< "{0D9B4809-3C10-48A0-86DD-A9D68C16158E}" = lport=2869 | protocol=6 | dir=in | app=system |  >
 
< "{0FCE8EA4-5A54-4FC3-8A0D-8486C70E38D3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{1C2613BF-DB3B-481B-824F-F444735F2065}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{1DAF50E7-66FA-4EA6-92FA-01A757C3AAF2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{251EDEB5-2A39-43F8-A714-A493E70139C8}" = rport=2869 | protocol=6 | dir=out | app=system |  >
 
< "{272BB308-8136-4ACE-A25D-505C1736DAFF}" = rport=138 | protocol=17 | dir=out | app=system |  >
 
< "{2852C818-DBC1-4077-8BDB-339882BF9F0D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |  >
 
< "{303BFC98-4B6E-4E7F-9EC8-18B6733318BA}" = lport=137 | protocol=17 | dir=in | app=system |  >
 
< "{3472435E-862A-4AD5-9817-C7E76C79327C}" = rport=139 | protocol=6 | dir=out | app=system |  >
 
< "{41EC8C7C-4EB6-4A36-BC3E-2AB7C49D6504}" = lport=139 | protocol=6 | dir=in | app=system |  >
 
< "{45D9225D-0869-4E61-A5AD-480FB8EBAD5D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |  >
 
< "{4C73AA3E-46A1-4E60-A87E-E7C3591ACBE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{519048E3-E92D-4FE8-8E77-BC867E520AC7}" = lport=445 | protocol=6 | dir=in | app=system |  >
 
< "{622F7AD9-C9E6-4B06-AA3B-CF692E7E1F86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{70A0FE2F-1909-4D50-BFE6-EAC614C7F8ED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{70A6DC16-3F97-4BCF-AB07-5D24DB8B1CFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |  >
 
< "{743AF950-41D0-4D50-8CC0-46CC91F0426C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |  >
 
< "{7B2DA271-4E87-4919-8325-2CDEE87C5BF9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |  >
 
< "{80C4FDC5-302B-47AC-9F64-74E851BCA6CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |  >
 
< "{9128684C-16A4-4119-8593-384A483943B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{9EC9ED5A-AD8C-4B96-B2C3-B9B89DCEEBEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |  >
 
< "{9F97E44F-97DD-4B80-8BCB-AFE19D338420}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |  >
 
< "{AF146322-4DE8-4397-927D-1D765C14E1F2}" = lport=138 | protocol=17 | dir=in | app=system |  >
 
< "{AF368118-676E-4635-B1B7-40773EB15B68}" = lport=2869 | protocol=6 | dir=in | app=system |  >
 
< "{B31EF848-62D4-40B3-8C1D-FE6D5F8EFD07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{B71B8723-F33B-462B-8BD7-AC396ED055ED}" = lport=10243 | protocol=6 | dir=in | app=system |  >
 
< "{BB83EA0F-F607-424A-A5E2-0AC4809B1FBA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{BFF75083-C503-45D2-893B-DE712D2DF3C9}" = rport=10243 | protocol=6 | dir=out | app=system |  >
 
< "{C4E0D738-0F5B-43AE-B469-3A2339CF06E2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{CB31EF3A-B696-468A-80F0-331149004040}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |  >
 
< "{D2DC29FE-EEB7-48E0-8731-8EBDA4FE55C1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{DDAD6306-A4DF-42E1-AF64-791C8A8584BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{F3870119-316B-48F4-97EB-0E9BDF22AB6E}" = rport=445 | protocol=6 | dir=out | app=system |  >
 
< "{FC254C88-FBCB-4EB3-A89E-9F606968C41D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |  >
 
< "{FDE941C5-E23B-4E13-AE04-883A00B2D551}" = rport=137 | protocol=17 | dir=out | app=system |  >
 
<   >
 
< ========== Vista Active Application Exception List ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
 
< "{05631F0B-25C3-4580-B273-A2A08B876E22}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |  >
 
< "{06F51380-D15C-44F9-9D6B-18B1021DF3B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{0B3FB531-88B5-4287-8A5D-A5B1A05C42A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{0CE85B40-803B-4934-8904-1AA3B46888BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |  >
 
< "{192E6FA6-04F6-4AD6-B000-D19E813DD0BF}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |  >
 
< "{1E513480-9351-4676-ACA8-E80A130AA559}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |  >
 
< "{25D975CA-CC61-428D-ACBC-404F144C4D35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |  >
 
< "{2843DD70-543B-48EC-8878-9BB8B7863478}" = protocol=6 | dir=out | app=system |  >
 
< "{2AEB4CB7-B090-4631-AAB9-C88CE37C87B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{33B7B956-0B56-4018-B4A4-D4EE7EF0A9EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |  >
 
< "{40ED6370-A2F9-4F2E-A90F-0C4FF9A46088}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{4811F408-21D1-4FE1-AE2D-11019AA78FBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |  >
 
< "{4D567261-C083-4A49-9779-95C64FE14F65}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |  >
 
< "{552BEFFF-CBF9-4971-9F96-D1F318F34D4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{5DF15C1A-D3F2-4DC3-AA78-272986B255E9}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{66EF07A6-FEC9-4AF1-9EF0-B83FCA3CD451}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |  >
 
< "{73EFEEB2-8950-423C-A3DC-223EA4B559B1}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |  >
 
< "{92BDF649-6CAF-42DA-946A-3E7864120D0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{96C46653-DAA7-4798-8203-70B5779F1429}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |  >
 
< "{97C617FA-8EEC-46A3-B673-ECDC06265611}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |  >
 
< "{980E6C9E-DE66-44CC-81DA-9EFBE2AB0D67}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |  >
 
< "{A7520AED-B486-4BFA-8415-E161F53A9F6C}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |  >
 
< "{C06D0C95-BD82-4640-BE21-A03DFD8E40FD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |  >
 
< "{CD598967-90BD-4632-B7F2-BC2F92D7075E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |  >
 
< "{CF17CA4C-2B5B-447A-BE89-4D25FD168797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{D143C24E-1151-417F-8271-9EBBC53F3B7A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |  >
 
< "{D2ED002D-A4E2-4E3D-BA11-67CAD90311F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{D9C00D5A-7C1E-4197-A513-B54E43786F41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |  >
 
< "{E51726D7-5330-4692-AE75-78E00B16E72C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{EB667932-C450-4744-8957-2100F1A969E4}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |  >
 
< "{F3B057A5-8579-46D7-A76F-7C085665057E}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |  >
 
< "{FB5478A8-7728-4511-B993-1BE59E295921}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |  >
 
< "TCP Query User{1B64E226-5666-49AC-BAF2-CD088E3BFA95}C:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light |  >
 
< "TCP Query User{49D2679C-2B27-4BF0-B39C-778560886E67}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |  >
 
< "UDP Query User{3E36E3EE-7D92-49E1-8FE3-B78414241794}C:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light |  >
 
< "UDP Query User{460AC53A-917A-45FF-91DC-91B7D605C356}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |  >
 
<   >
 
< ========== HKEY_LOCAL_MACHINE Uninstall List ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
 
< "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 >
 
< "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium >
 
< "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu >
 
< "{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office >
 
< "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10 >
 
< "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin >
 
< "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate >
 
< "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 >
 
< "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime >
 
< "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 >
 
< "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 >
 
< "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 >
 
< "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card >
 
< "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup >
 
< "{394C4F1B-8C88-404C-B644-58203570EEDB}" = MainConcept MPEG2 Software Encoder >
 
< "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile >
 
< "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5 >
 
< "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 >
 
< "{461A4763-28B5-425A-AE3D-B9B54EDF0F21}" = CIB pdf brewer >
 
< "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater >
 
< "{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software  1.14.19.1 >
 
< "{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300 >
 
< "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml >
 
< "{5F6A846C-1CBA-407F-839C-DC0204547F13}" = EuroRoute 2008 >
 
< "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers >
 
< "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update >
 
< "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime >
 
< "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec >
 
< "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour >
 
< "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4 >
 
< "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 >
 
< "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE >
 
< "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable >
 
< "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04 >
 
< "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper >
 
< "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch >
 
< "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 >
 
< "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy >
 
< "{CE20056B-01FD-4AC1-BC39-8138CA301031}" = Nero 8 Essentials >
 
< "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 >
 
< "{D341C705-A763-4DC0-A3B6-EA13E34ADE9E}" = USB Flachbettscanner >
 
< "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional >
 
< "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade >
 
< "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support >
 
< "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 >
 
< "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver >
 
< "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager >
 
< "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes >
 
< "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
 
< "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 >
 
< "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) >
 
< "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX >
 
< "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin >
 
< "Audiograbber" = Audiograbber 1.83 SE  >
 
< "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus >
 
< "C2F5DF4DBA55AD4D004E4EDA0406903C1643F8E0" = Windows-Treiberpaket - PEGATRON GROUP (NxpCap) MEDIA  (09/22/2008 1.0.5.25) >
 
< "Catan - Staedte und Ritter" = Catan - Städte und Ritter >
 
< "Chipgames Kartenspiele" = Chipgames Kartenspiele >
 
< "conduitEngine" = Conduit Engine >
 
< "Google Chrome" = Google Chrome >
 
< "LIDL Fotoservice_is1" = LIDL Fotoservice >
 
< "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU >
 
< "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 >
 
< "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile >
 
< "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
 
< "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) >
 
< "NCH_DE Toolbar" = NCH DE Toolbar >
 
< "NVIDIA Drivers" = NVIDIA Drivers >
 
< "RealPlayer 12.0" = RealPlayer >
 
< "Samsung CLX-3170 Series" = Samsung CLX-3170 Series >
 
< "SmarThru PC Fax" = SmarThru PC Fax >
 
< "Switch" = Switch Audiodatei-Konverter >
 
< "Werkstatt Geschichte 2" = Werkstatt Geschichte 2 >
 
< "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 >
 
< "ZDFmediathek_is1" = ZDFmediathek Version 2.1.5 >
 
<   >
 
< ========== HKEY_CURRENT_USER Uninstall List ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
 
<   >
 
< ========== Last 10 Event Log Errors ========== >
Invalid Switch: color]

 
<   >
 
< [ Application Events ] >
 
< Error - 09.02.2011 12:01:10 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
 
< Description =  >
 
<   >
 
< Error - 09.02.2011 12:01:10 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
 
< Description =  >
 
<   >
 
< Error - 09.02.2011 12:06:34 | Computer Name = Theda | Source = Application Error | ID = 1000 >
 
< Description = Fehlerhafte Anwendung Scan2Pc.exe, Version 2.3.0.0, Zeitstempel 0x4883ebe1, >
 
<  fehlerhaftes Modul NetModule.dll, Version 1.0.0.2, Zeitstempel 0x484d25be, Ausnahmecode >
 
<  0xc0000005, Fehleroffset 0x00003b7f,  Prozess-ID 0xfc4, Anwendungsstartzeit 01cbc8729ce0e1a0. >
 
<   >
 
< Error - 10.02.2011 11:26:25 | Computer Name = Theda | Source = WinMgmt | ID = 10 >
 
< Description =  >
 
<   >
 
< Error - 10.02.2011 11:26:37 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
 
< Description =  >
 
<   >
 
< Error - 10.02.2011 11:26:37 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
 
< Description =  >
 
<   >
 
< Error - 10.02.2011 14:01:21 | Computer Name = Theda | Source = Application Error | ID = 1000 >
 
< Description = Fehlerhafte Anwendung Scan2Pc.exe, Version 2.3.0.0, Zeitstempel 0x4883ebe1, >
 
<  fehlerhaftes Modul NetModule.dll, Version 1.0.0.2, Zeitstempel 0x484d25be, Ausnahmecode >
 
<  0xc0000005, Fehleroffset 0x00003b7f,  Prozess-ID 0xb3c, Anwendungsstartzeit 01cbc936f8d2b969. >
 
<   >
 
< Error - 11.02.2011 05:22:18 | Computer Name = Theda | Source = WinMgmt | ID = 10 >
 
< Description =  >
 
<   >
 
< Error - 11.02.2011 05:22:29 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
 
< Description =  >
 
<   >
 
< Error - 11.02.2011 05:22:29 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
 
< Description =  >
 
<   >
 
< [ Media Center Events ] >
 
< Error - 27.11.2010 08:19:56 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description = Fehler beim Herstellen der Internetverbindung. (4956.1128) >
 
<   >
 
< Error - 27.11.2010 08:19:56 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description =     Serververbindung konnte nicht hergestellt werden.. (4956.1129) >
 
<   >
 
< Error - 08.12.2010 12:22:31 | Computer Name = Theda | Source = ehRecvr | ID = 3 >
 
< Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 7231 BDA >
 
<  Analog TV Tuner >
 
<   >
 
< Error - 08.12.2010 12:23:37 | Computer Name = Theda | Source = ehRecvr | ID = 3 >
 
< Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 7231 BDA >
 
<  Analog TV Tuner >
 
<   >
 
< Error - 30.03.2011 12:23:29 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description = Fehler beim Herstellen der Internetverbindung. (1408.1128) >
 
<   >
 
< Error - 30.03.2011 12:23:29 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description =     Serververbindung konnte nicht hergestellt werden.. (1408.1129) >
 
<   >
 
< Error - 30.03.2011 12:23:34 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description = Fehler beim Herstellen der Internetverbindung. (1408.1128) >
 
<   >
 
< Error - 30.03.2011 12:23:34 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description =     Serververbindung konnte nicht hergestellt werden.. (1408.1129) >
 
<   >
 
< Error - 07.04.2011 13:59:05 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description = Fehler beim Herstellen der Internetverbindung. (5520.1128) >
 
<   >
 
< Error - 07.04.2011 13:59:05 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description =     Serververbindung konnte nicht hergestellt werden.. (5520.1129) >
 
<   >
 
< [ System Events ] >
 
< Error - 01.03.2012 10:59:31 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
 
< Description =  >
 
<   >
 
< Error - 01.03.2012 13:16:24 | Computer Name = Theda | Source = HTTP | ID = 15016 >
 
< Description =  >
 
<   >
 
< Error - 01.03.2012 13:16:24 | Computer Name = Theda | Source = Microsoft-Windows-TaskScheduler | ID = 412 >
 
< Description =  >
 
<   >
 
< Error - 01.03.2012 13:16:32 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
 
< Description =  >
 
<   >
 
< Error - 01.03.2012 13:16:32 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
 
< Description =  >
 
<   >
 
< Error - 01.03.2012 15:05:34 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
 
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
 
<   >
 
< Error - 01.03.2012 15:13:10 | Computer Name = Theda | Source = PlugPlayManager | ID = 11 >
 
< Description = Das Gerät "Root\LEGACY_SMR250\0000" wurde ohne vorbereitende Maßnahmen >
 
<  vom System entfernt. >
 
<   >
 
< Error - 01.03.2012 15:13:22 | Computer Name = Theda | Source = ipnathlp | ID = 31004 >
 
< Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet >
 
<  werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner  >
 
< Fehler ist im Speicher-Manager aufgetreten. >
 
<   >
 
< Error - 01.03.2012 15:20:10 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
 
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
 
<   >
 
< Error - 01.03.2012 15:32:18 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
 
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
 
<   >
 
<   >
 
< < End of report >
         

--- --- ---
>


< End of report >
iert

Alt 01.03.2012, 21:00   #9
theda
 
BKA-Trojaner auf dem pc oder nicht? - Standard

BKA-Trojaner auf dem pc oder nicht?



hallo markus,
ich habe nun noch einmal versucht, deine anweisungen schritt für schritt auszuführen, d.h.:
1. habe den otl scan ausgeführt
2. den inhalt von otl.txt und extras.txt in die textbox "benutzerdefinierte scans/fixes" eingefügt
3. alle programme geschlossen
4. den quick scan ausgeführt
5. nach beendigung des quick scans den inhalt aus der otl.txt datei hier hinein kopiert
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.03.2012 20:51:19 - Run 5
OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Theda\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,22% Memory free
6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 585,42 Gb Total Space | 298,90 Gb Free Space | 51,06% Space Free | Partition Type: NTFS
 
Computer Name: THEDA | User Name: Theda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Theda\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll ()
MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 2C D0 3D 3C D1 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 23:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:15:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 08:45:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2009.01.31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Extensions
[2012.02.05 18:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions
[2012.01.25 20:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.12.24 10:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.21 08:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.18 09:15:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.03 17:50:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.11 16:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.11 16:10:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.11 16:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 16:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 16:10:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.11 16:10:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
O4 - HKLM..\Run: [AuditVista]   File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Theda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490F112D-237A-4E5F-A1E1-864FEC0A7C89}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07022D8-8C3F-4268-BD89-F38F1DFC4C93}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG
O24 - Desktop BackupWallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d00fe1da-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{d00fe1e0-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{d355840c-1d53-11df-9200-001180d0a427}\Shell\AutoRun\command - "" = I:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\J:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.29 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Theda\AppData\Local\NPE
[2012.02.29 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.01 20:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 18:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.01 18:16:17 | 3219,623,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.01 00:26:57 | 000,010,894 | ---- | M] () -- C:\Users\Theda\AppData\Roaming\SmarThruOptions.xml
[2012.02.29 23:15:58 | 000,001,886 | ---- | M] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.02.29 23:15:58 | 000,001,815 | ---- | M] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk
[2012.02.29 19:43:40 | 000,147,456 | RHS- | M] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll
[2012.02.26 16:36:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.26 16:36:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.26 16:36:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.26 16:36:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.18 09:22:48 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.02.01 23:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
 
========== Files Created - No Company Name ==========
 
[2012.02.29 23:11:14 | 000,001,886 | ---- | C] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.02.29 23:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk
[2012.02.29 19:43:40 | 000,147,456 | RHS- | C] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll
[2010.12.21 16:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini
[2010.09.07 20:18:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.07.18 23:28:50 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.03.21 19:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== LOP Check ==========
 
[2011.01.30 18:03:36 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\Cornelsen
[2010.03.21 17:54:35 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\GARMIN
[2011.05.13 18:51:03 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\NCH Swift Sound
[2011.11.07 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\OpenOffice.org
[2010.02.04 14:52:47 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\PaperPublisher
[2009.12.29 19:13:14 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\SmarThru4
[2012.03.01 17:15:44 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< OTL logfile created on: 01.03.2012 20:28:47 - Run 4 >
 
< OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Theda\Downloads >
 
< Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation >
 
< Internet Explorer (Version = 8.0.6001.19088) >
 
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
 
<   >
 
< 3,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,55% Memory free >
 
< 6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,81% Paging File free >
 
< Paging file location(s): ?:\pagefile.sys [binary data] >
 
<   >
 
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
 
< Drive C: | 585,42 Gb Total Space | 299,40 Gb Free Space | 51,14% Space Free | Partition Type: NTFS >
 
<   >
 
< Computer Name: THEDA | User Name: Theda | Logged in as Administrator. >
 
< Boot Mode: Normal | Scan Mode: Current user >
 
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
 
<   >
 
< ========== Processes (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
< PRC - C:\Users\Theda\Downloads\OTL(2).exe (OldTimer Tools) >
 
< PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) >
 
< PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) >
 
< PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) >
 
< PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) >
 
< PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) >
 
< PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) >
 
< PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) >
 
< PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) >
 
< PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) >
 
< PRC - C:\Windows\explorer.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) >
 
< PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) >
 
< PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () >
 
< PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () >
 
< PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) >
 
< PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) >
 
< PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) >
 
<   >
 
<   >
 
< ========== Modules (No Company Name) ========== >
Invalid Switch: color]

 
<   >
 
< MOD - C:\Programme\Mozilla Firefox\mozjs.dll () >
 
< MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () >
 
< MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () >
 
< MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () >
 
< MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () >
 
< MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll () >
 
< MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll () >
 
< MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll () >
 
< MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU () >
 
< MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU () >
 
< MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu () >
 
< MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU () >
 
< MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll () >
 
< MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () >
 
< MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () >
 
< MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () >
 
<   >
 
<   >
 
< ========== Win32 Services (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
< SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) >
 
< SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) >
 
< SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) >
 
< SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) >
 
< SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) >
 
<   >
 
<   >
 
< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
< DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) >
 
< DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) >
 
< DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) >
 
< DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) >
 
< DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH) >
 
< DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) >
 
< DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) >
 
< DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) >
 
< DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) >
 
< DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) >
 
< DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) >
 
< DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) >
 
< DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.) >
 
<   >
 
<   >
 
< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
<   >
 
< ========== Internet Explorer ========== >
Invalid Switch: color]

 
<   >
 
< IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) >
 
< IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} >
 
< IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} >
 
< IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 >
 
<   >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN >
Invalid Switch: ?ocid=iehp

 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 2C D0 3D 3C D1 CC 01  [binary data] >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 >
 
< IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} >
 
< IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC >
 
< IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 >
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local >
 
<   >
 
< ========== FireFox ========== >
Invalid Switch: color]

 
<   >
 
< FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 >
 
< FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 >
 
< FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 >
 
<   >
 
<   >
 
< FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () >
Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

 
< FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found >
Invalid Switch: iTunes,version=:  File not found

 
< FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () >
Invalid Switch: iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

 
< FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) >
Invalid Switch: GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

 
< FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) >
Invalid Switch: JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) >
Invalid Switch: WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 
< FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) >
Invalid Switch: nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) >
Invalid Switch: nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) >
Invalid Switch: nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) >
Invalid Switch: nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) >
Invalid Switch: nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found >
Invalid Switch: nsJSRealPlayerPlugin;version=:  File not found

 
< FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 
<   >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 23:34:11 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:15:32 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 08:45:36 | 000,000,000 | ---D | M] >
 
< FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin >
 
< FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter >
 
<   >
 
< [2009.01.31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Extensions >
 
< [2012.02.05 18:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions >
 
< [2012.01.25 20:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} >
 
< [2011.12.24 10:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} >
 
< [2011.12.21 08:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions >
 
< [2012.02.18 09:15:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll >
 
< [2011.05.03 17:50:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll >
 
< [2012.01.11 16:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml >
 
< [2012.01.11 16:10:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml >
 
< [2012.01.11 16:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml >
 
< [2012.01.11 16:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml >
 
< [2012.01.11 16:10:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml >
 
< [2012.01.11 16:10:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml >
 
<   >
 
< O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts >
 
< O1 - Hosts: 127.0.0.1       localhost >
 
< O1 - Hosts: ::1             localhost >
 
< O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) >
 
< O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) >
 
< O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) >
 
< O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () >
 
< O4 - HKLM..\Run: [AuditVista]   File not found >
 
< O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) >
 
< O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) >
 
< O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) >
 
< O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) >
 
< O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) >
 
< O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () >
 
< O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) >
 
< O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) >
 
< O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) >
 
< O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) >
 
< O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) >
 
< O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) >
 
< O4 - Startup: C:\Users\Theda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () >
 
< O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () >
 
< O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () >
 
< O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () >
 
< O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm () >
 
< O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () >
 
< O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm () >
 
< O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll () >
 
< O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () >
 
< O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () >
 
< O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) >
 
< O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) >
 
< O13 - gopher Prefix: missing >
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490F112D-237A-4E5F-A1E1-864FEC0A7C89}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56 >
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07022D8-8C3F-4268-BD89-F38F1DFC4C93}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 >
 
< O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) >
 
< O24 - Desktop WallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG >
 
< O24 - Desktop BackupWallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG >
 
< O32 - HKLM CDRom: AutoRun - 1 >
 
< O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] >
 
< O33 - MountPoints2\{d00fe1da-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe >
 
< O33 - MountPoints2\{d00fe1e0-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe >
 
< O33 - MountPoints2\{d355840c-1d53-11df-9200-001180d0a427}\Shell\AutoRun\command - "" = I:\Menu.exe >
 
< O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) >
Invalid Switch: p \??\J:)

 
< O34 - HKLM BootExecute: (autocheck autochk *) >
 
< O35 - HKLM\..comfile [open] -- "%1" %* >
 
< O35 - HKLM\..exefile [open] -- "%1" %* >
 
< O37 - HKLM\...com [@ = comfile] -- "%1" %* >
 
< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >
 
<   >
 
< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]

 
<   >
 
< [2012.02.29 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Theda\AppData\Local\NPE >
 
< [2012.02.29 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton >
 
<   >
 
< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]

 
<   >
 
< [2012.03.01 20:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job >
 
< [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 >
 
< [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 >
 
< [2012.03.01 18:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat >
 
< [2012.03.01 18:16:17 | 3219,623,936 | -HS- | M] () -- C:\hiberfil.sys >
 
< [2012.03.01 00:26:57 | 000,010,894 | ---- | M] () -- C:\Users\Theda\AppData\Roaming\SmarThruOptions.xml >
 
< [2012.02.29 23:15:58 | 000,001,886 | ---- | M] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk >
 
< [2012.02.29 23:15:58 | 000,001,815 | ---- | M] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk >
 
< [2012.02.29 19:43:40 | 000,147,456 | RHS- | M] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll >
 
< [2012.02.26 16:36:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat >
 
< [2012.02.26 16:36:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat >
 
< [2012.02.26 16:36:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat >
 
< [2012.02.26 16:36:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat >
 
< [2012.02.18 09:22:48 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk >
 
< [2012.02.01 23:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job >
 
<   >
 
< ========== Files Created - No Company Name ========== >
Invalid Switch: color]

 
<   >
 
< [2012.02.29 23:11:14 | 000,001,886 | ---- | C] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk >
 
< [2012.02.29 23:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk >
 
< [2012.02.29 19:43:40 | 000,147,456 | RHS- | C] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll >
 
< [2010.12.21 16:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini >
 
< [2010.09.07 20:18:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini >
 
< [2010.07.18 23:28:50 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini >
 
< [2010.03.21 19:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat >
 
<  >
 
< < End of report >
         

--- --- ---
>


<OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.03.2012 20:28:47 - Run 4 >
         
Code:
ATTFilter
 
< OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Theda\Downloads >
 
< Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation >
 
< Internet Explorer (Version = 8.0.6001.19088) >
 
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
 
<   >
 
< 3,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,55% Memory free >
 
< 6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,81% Paging File free >
 
< Paging file location(s): ?:\pagefile.sys [binary data] >
 
<   >
 
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
 
< Drive C: | 585,42 Gb Total Space | 299,40 Gb Free Space | 51,14% Space Free | Partition Type: NTFS >
 
<   >
 
< Computer Name: THEDA | User Name: Theda | Logged in as Administrator. >
 
< Boot Mode: Normal | Scan Mode: Current user >
 
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
 
<   >
 
< ========== Extra Registry (SafeList) ========== >
Invalid Switch: color]

 
<   >
 
<   >
 
< ========== File Associations ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >
 
< .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) >
 
< .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) >
 
< .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) >
 
<   >
 
< [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] >
 
< .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) >
 
<   >
 
< ========== Shell Spawning ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >
 
< batfile [open] -- "%1" %* >
 
< cmdfile [open] -- "%1" %* >
 
< comfile [open] -- "%1" %* >
 
< cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) >
 
< exefile [open] -- "%1" %* >
 
< helpfile [open] -- Reg Error: Key error. >
 
< hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) >
 
< htmlfile [edit] -- Reg Error: Key error. >
 
< htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" >
 
< http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
 
< https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
 
< inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) >
 
< piffile [open] -- "%1" %* >
 
< regfile [merge] -- Reg Error: Key error. >
 
< scrfile [config] -- "%1" >
 
< scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >
 
< scrfile [open] -- "%1" /S >
 
< txtfile [edit] -- Reg Error: Key error. >
 
< Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >
 
< Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >
 
< Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
 
< Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) >
Invalid Switch: idlist,%I,%L (Microsoft Corporation)

 
< Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) >
Invalid Switch: idlist,%I,%L (Microsoft Corporation)

 
< Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
 
<   >
 
< ========== Security Center Settings ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >
 
< "cval" = 1 >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >
 
< "AntiVirusOverride" = 0 >
 
< "AntiSpywareOverride" = 0 >
 
< "FirewallOverride" = 0 >
 
< "VistaSp1" = Reg Error: Unknown registry data type -- File not found >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] >
 
<   >
 
< ========== Firewall Settings ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] >
 
< "EnableFirewall" = 1 >
 
< "DisableNotifications" = 0 >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] >
 
< "EnableFirewall" = 1 >
 
< "DisableNotifications" = 0 >
 
< "DoNotAllowExceptions" = 0 >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] >
 
< "EnableFirewall" = 1 >
 
< "DisableNotifications" = 0 >
 
<   >
 
< ========== Authorized Applications List ========== >
Invalid Switch: color]

 
<   >
 
<   >
 
< ========== Vista Active Open Ports Exception List ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
 
< "{0D9B4809-3C10-48A0-86DD-A9D68C16158E}" = lport=2869 | protocol=6 | dir=in | app=system |  >
 
< "{0FCE8EA4-5A54-4FC3-8A0D-8486C70E38D3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{1C2613BF-DB3B-481B-824F-F444735F2065}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{1DAF50E7-66FA-4EA6-92FA-01A757C3AAF2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{251EDEB5-2A39-43F8-A714-A493E70139C8}" = rport=2869 | protocol=6 | dir=out | app=system |  >
 
< "{272BB308-8136-4ACE-A25D-505C1736DAFF}" = rport=138 | protocol=17 | dir=out | app=system |  >
 
< "{2852C818-DBC1-4077-8BDB-339882BF9F0D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |  >
 
< "{303BFC98-4B6E-4E7F-9EC8-18B6733318BA}" = lport=137 | protocol=17 | dir=in | app=system |  >
 
< "{3472435E-862A-4AD5-9817-C7E76C79327C}" = rport=139 | protocol=6 | dir=out | app=system |  >
 
< "{41EC8C7C-4EB6-4A36-BC3E-2AB7C49D6504}" = lport=139 | protocol=6 | dir=in | app=system |  >
 
< "{45D9225D-0869-4E61-A5AD-480FB8EBAD5D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |  >
 
< "{4C73AA3E-46A1-4E60-A87E-E7C3591ACBE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{519048E3-E92D-4FE8-8E77-BC867E520AC7}" = lport=445 | protocol=6 | dir=in | app=system |  >
 
< "{622F7AD9-C9E6-4B06-AA3B-CF692E7E1F86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{70A0FE2F-1909-4D50-BFE6-EAC614C7F8ED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{70A6DC16-3F97-4BCF-AB07-5D24DB8B1CFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |  >
 
< "{743AF950-41D0-4D50-8CC0-46CC91F0426C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |  >
 
< "{7B2DA271-4E87-4919-8325-2CDEE87C5BF9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |  >
 
< "{80C4FDC5-302B-47AC-9F64-74E851BCA6CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |  >
 
< "{9128684C-16A4-4119-8593-384A483943B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{9EC9ED5A-AD8C-4B96-B2C3-B9B89DCEEBEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |  >
 
< "{9F97E44F-97DD-4B80-8BCB-AFE19D338420}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |  >
 
< "{AF146322-4DE8-4397-927D-1D765C14E1F2}" = lport=138 | protocol=17 | dir=in | app=system |  >
 
< "{AF368118-676E-4635-B1B7-40773EB15B68}" = lport=2869 | protocol=6 | dir=in | app=system |  >
 
< "{B31EF848-62D4-40B3-8C1D-FE6D5F8EFD07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{B71B8723-F33B-462B-8BD7-AC396ED055ED}" = lport=10243 | protocol=6 | dir=in | app=system |  >
 
< "{BB83EA0F-F607-424A-A5E2-0AC4809B1FBA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{BFF75083-C503-45D2-893B-DE712D2DF3C9}" = rport=10243 | protocol=6 | dir=out | app=system |  >
 
< "{C4E0D738-0F5B-43AE-B469-3A2339CF06E2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{CB31EF3A-B696-468A-80F0-331149004040}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |  >
 
< "{D2DC29FE-EEB7-48E0-8731-8EBDA4FE55C1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{DDAD6306-A4DF-42E1-AF64-791C8A8584BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{F3870119-316B-48F4-97EB-0E9BDF22AB6E}" = rport=445 | protocol=6 | dir=out | app=system |  >
 
< "{FC254C88-FBCB-4EB3-A89E-9F606968C41D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |  >
 
< "{FDE941C5-E23B-4E13-AE04-883A00B2D551}" = rport=137 | protocol=17 | dir=out | app=system |  >
 
<   >
 
< ========== Vista Active Application Exception List ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
 
< "{05631F0B-25C3-4580-B273-A2A08B876E22}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |  >
 
< "{06F51380-D15C-44F9-9D6B-18B1021DF3B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{0B3FB531-88B5-4287-8A5D-A5B1A05C42A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{0CE85B40-803B-4934-8904-1AA3B46888BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |  >
 
< "{192E6FA6-04F6-4AD6-B000-D19E813DD0BF}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |  >
 
< "{1E513480-9351-4676-ACA8-E80A130AA559}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |  >
 
< "{25D975CA-CC61-428D-ACBC-404F144C4D35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |  >
 
< "{2843DD70-543B-48EC-8878-9BB8B7863478}" = protocol=6 | dir=out | app=system |  >
 
< "{2AEB4CB7-B090-4631-AAB9-C88CE37C87B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{33B7B956-0B56-4018-B4A4-D4EE7EF0A9EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |  >
 
< "{40ED6370-A2F9-4F2E-A90F-0C4FF9A46088}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{4811F408-21D1-4FE1-AE2D-11019AA78FBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |  >
 
< "{4D567261-C083-4A49-9779-95C64FE14F65}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |  >
 
< "{552BEFFF-CBF9-4971-9F96-D1F318F34D4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{5DF15C1A-D3F2-4DC3-AA78-272986B255E9}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{66EF07A6-FEC9-4AF1-9EF0-B83FCA3CD451}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |  >
 
< "{73EFEEB2-8950-423C-A3DC-223EA4B559B1}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |  >
 
< "{92BDF649-6CAF-42DA-946A-3E7864120D0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{96C46653-DAA7-4798-8203-70B5779F1429}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |  >
 
< "{97C617FA-8EEC-46A3-B673-ECDC06265611}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |  >
 
< "{980E6C9E-DE66-44CC-81DA-9EFBE2AB0D67}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |  >
 
< "{A7520AED-B486-4BFA-8415-E161F53A9F6C}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |  >
 
< "{C06D0C95-BD82-4640-BE21-A03DFD8E40FD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |  >
 
< "{CD598967-90BD-4632-B7F2-BC2F92D7075E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |  >
 
< "{CF17CA4C-2B5B-447A-BE89-4D25FD168797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{D143C24E-1151-417F-8271-9EBBC53F3B7A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |  >
 
< "{D2ED002D-A4E2-4E3D-BA11-67CAD90311F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{D9C00D5A-7C1E-4197-A513-B54E43786F41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |  >
 
< "{E51726D7-5330-4692-AE75-78E00B16E72C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{EB667932-C450-4744-8957-2100F1A969E4}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |  >
 
< "{F3B057A5-8579-46D7-A76F-7C085665057E}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |  >
 
< "{FB5478A8-7728-4511-B993-1BE59E295921}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |  >
 
< "TCP Query User{1B64E226-5666-49AC-BAF2-CD088E3BFA95}C:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light |  >
 
< "TCP Query User{49D2679C-2B27-4BF0-B39C-778560886E67}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |  >
 
< "UDP Query User{3E36E3EE-7D92-49E1-8FE3-B78414241794}C:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light |  >
 
< "UDP Query User{460AC53A-917A-45FF-91DC-91B7D605C356}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |  >
 
<   >
 
< ========== HKEY_LOCAL_MACHINE Uninstall List ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
 
< "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 >
 
< "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium >
 
< "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu >
 
< "{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office >
 
< "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10 >
 
< "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin >
 
< "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate >
 
< "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 >
 
< "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime >
 
< "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 >
 
< "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 >
 
< "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 >
 
< "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card >
 
< "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup >
 
< "{394C4F1B-8C88-404C-B644-58203570EEDB}" = MainConcept MPEG2 Software Encoder >
 
< "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile >
 
< "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5 >
 
< "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 >
 
< "{461A4763-28B5-425A-AE3D-B9B54EDF0F21}" = CIB pdf brewer >
 
< "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater >
 
< "{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software  1.14.19.1 >
 
< "{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300 >
 
< "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml >
 
< "{5F6A846C-1CBA-407F-839C-DC0204547F13}" = EuroRoute 2008 >
 
< "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers >
 
< "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update >
 
< "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime >
 
< "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec >
 
< "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour >
 
< "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4 >
 
< "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 >
 
< "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE >
 
< "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable >
 
< "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04 >
 
< "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper >
 
< "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch >
 
< "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 >
 
< "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy >
 
< "{CE20056B-01FD-4AC1-BC39-8138CA301031}" = Nero 8 Essentials >
 
< "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 >
 
< "{D341C705-A763-4DC0-A3B6-EA13E34ADE9E}" = USB Flachbettscanner >
 
< "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional >
 
< "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade >
 
< "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support >
 
< "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 >
 
< "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver >
 
< "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager >
 
< "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes >
 
< "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
 
< "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 >
 
< "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) >
 
< "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX >
 
< "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin >
 
< "Audiograbber" = Audiograbber 1.83 SE  >
 
< "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus >
 
< "C2F5DF4DBA55AD4D004E4EDA0406903C1643F8E0" = Windows-Treiberpaket - PEGATRON GROUP (NxpCap) MEDIA  (09/22/2008 1.0.5.25) >
 
< "Catan - Staedte und Ritter" = Catan - Städte und Ritter >
 
< "Chipgames Kartenspiele" = Chipgames Kartenspiele >
 
< "conduitEngine" = Conduit Engine >
 
< "Google Chrome" = Google Chrome >
 
< "LIDL Fotoservice_is1" = LIDL Fotoservice >
 
< "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU >
 
< "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 >
 
< "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile >
 
< "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
 
< "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) >
 
< "NCH_DE Toolbar" = NCH DE Toolbar >
 
< "NVIDIA Drivers" = NVIDIA Drivers >
 
< "RealPlayer 12.0" = RealPlayer >
 
< "Samsung CLX-3170 Series" = Samsung CLX-3170 Series >
 
< "SmarThru PC Fax" = SmarThru PC Fax >
 
< "Switch" = Switch Audiodatei-Konverter >
 
< "Werkstatt Geschichte 2" = Werkstatt Geschichte 2 >
 
< "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 >
 
< "ZDFmediathek_is1" = ZDFmediathek Version 2.1.5 >
 
<   >
 
< ========== HKEY_CURRENT_USER Uninstall List ========== >
Invalid Switch: color]

 
<   >
 
< [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
 
<   >
 
< ========== Last 10 Event Log Errors ========== >
Invalid Switch: color]

 
<   >
 
< [ Application Events ] >
 
< Error - 09.02.2011 12:01:10 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
 
< Description =  >
 
<   >
 
< Error - 09.02.2011 12:01:10 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
 
< Description =  >
 
<   >
 
< Error - 09.02.2011 12:06:34 | Computer Name = Theda | Source = Application Error | ID = 1000 >
 
< Description = Fehlerhafte Anwendung Scan2Pc.exe, Version 2.3.0.0, Zeitstempel 0x4883ebe1, >
 
<  fehlerhaftes Modul NetModule.dll, Version 1.0.0.2, Zeitstempel 0x484d25be, Ausnahmecode >
 
<  0xc0000005, Fehleroffset 0x00003b7f,  Prozess-ID 0xfc4, Anwendungsstartzeit 01cbc8729ce0e1a0. >
 
<   >
 
< Error - 10.02.2011 11:26:25 | Computer Name = Theda | Source = WinMgmt | ID = 10 >
 
< Description =  >
 
<   >
 
< Error - 10.02.2011 11:26:37 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
 
< Description =  >
 
<   >
 
< Error - 10.02.2011 11:26:37 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
 
< Description =  >
 
<   >
 
< Error - 10.02.2011 14:01:21 | Computer Name = Theda | Source = Application Error | ID = 1000 >
 
< Description = Fehlerhafte Anwendung Scan2Pc.exe, Version 2.3.0.0, Zeitstempel 0x4883ebe1, >
 
<  fehlerhaftes Modul NetModule.dll, Version 1.0.0.2, Zeitstempel 0x484d25be, Ausnahmecode >
 
<  0xc0000005, Fehleroffset 0x00003b7f,  Prozess-ID 0xb3c, Anwendungsstartzeit 01cbc936f8d2b969. >
 
<   >
 
< Error - 11.02.2011 05:22:18 | Computer Name = Theda | Source = WinMgmt | ID = 10 >
 
< Description =  >
 
<   >
 
< Error - 11.02.2011 05:22:29 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
 
< Description =  >
 
<   >
 
< Error - 11.02.2011 05:22:29 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
 
< Description =  >
 
<   >
 
< [ Media Center Events ] >
 
< Error - 27.11.2010 08:19:56 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description = Fehler beim Herstellen der Internetverbindung. (4956.1128) >
 
<   >
 
< Error - 27.11.2010 08:19:56 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description =     Serververbindung konnte nicht hergestellt werden.. (4956.1129) >
 
<   >
 
< Error - 08.12.2010 12:22:31 | Computer Name = Theda | Source = ehRecvr | ID = 3 >
 
< Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 7231 BDA >
 
<  Analog TV Tuner >
 
<   >
 
< Error - 08.12.2010 12:23:37 | Computer Name = Theda | Source = ehRecvr | ID = 3 >
 
< Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 7231 BDA >
 
<  Analog TV Tuner >
 
<   >
 
< Error - 30.03.2011 12:23:29 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description = Fehler beim Herstellen der Internetverbindung. (1408.1128) >
 
<   >
 
< Error - 30.03.2011 12:23:29 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description =     Serververbindung konnte nicht hergestellt werden.. (1408.1129) >
 
<   >
 
< Error - 30.03.2011 12:23:34 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description = Fehler beim Herstellen der Internetverbindung. (1408.1128) >
 
<   >
 
< Error - 30.03.2011 12:23:34 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description =     Serververbindung konnte nicht hergestellt werden.. (1408.1129) >
 
<   >
 
< Error - 07.04.2011 13:59:05 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description = Fehler beim Herstellen der Internetverbindung. (5520.1128) >
 
<   >
 
< Error - 07.04.2011 13:59:05 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
 
< Description =     Serververbindung konnte nicht hergestellt werden.. (5520.1129) >
 
<   >
 
< [ System Events ] >
 
< Error - 01.03.2012 10:59:31 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
 
< Description =  >
 
<   >
 
< Error - 01.03.2012 13:16:24 | Computer Name = Theda | Source = HTTP | ID = 15016 >
 
< Description =  >
 
<   >
 
< Error - 01.03.2012 13:16:24 | Computer Name = Theda | Source = Microsoft-Windows-TaskScheduler | ID = 412 >
 
< Description =  >
 
<   >
 
< Error - 01.03.2012 13:16:32 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
 
< Description =  >
 
<   >
 
< Error - 01.03.2012 13:16:32 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
 
< Description =  >
 
<   >
 
< Error - 01.03.2012 15:05:34 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
 
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
 
<   >
 
< Error - 01.03.2012 15:13:10 | Computer Name = Theda | Source = PlugPlayManager | ID = 11 >
 
< Description = Das Gerät "Root\LEGACY_SMR250\0000" wurde ohne vorbereitende Maßnahmen >
 
<  vom System entfernt. >
 
<   >
 
< Error - 01.03.2012 15:13:22 | Computer Name = Theda | Source = ipnathlp | ID = 31004 >
 
< Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet >
 
<  werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner  >
 
< Fehler ist im Speicher-Manager aufgetreten. >
 
<   >
 
< Error - 01.03.2012 15:20:10 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
 
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
 
<   >
 
< Error - 01.03.2012 15:32:18 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
 
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
 
<   >
 
<   >
 
< < End of report >
         

--- --- ---
>


< End of report >

Alt 02.03.2012, 13:20   #10
markusg
/// Malware-holic
 
BKA-Trojaner auf dem pc oder nicht? - Standard

BKA-Trojaner auf dem pc oder nicht?



mach mal bitte trotzdem weiter mit combofix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu BKA-Trojaner auf dem pc oder nicht?
absolute, antwort, arten, ausführliche, bka-trojaner, folge, folgende, folgenden, forum, frage, gesperrt, gestern, möglicherweise, neu, nichts, pc läuft, rechner, rechners, schei, starte, starten, version, zunächst



Ähnliche Themen: BKA-Trojaner auf dem pc oder nicht?


  1. Zip datei entpackt aber exe nicht geöffnet, Trojaner an Bord oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 14.10.2015 (6)
  2. Virus oder Trojaner? Webseitenaufrufe sehr langsam-Sound defekt-Youtube Videos funkt. nicht-nicht gewöhnlich
    Plagegeister aller Art und deren Bekämpfung - 29.01.2015 (11)
  3. GVU-Trojaner - oder nicht?
    Log-Analyse und Auswertung - 08.10.2012 (3)
  4. Hab einen Trojaner oder wurm oder nen virus weis aber nicht was für einen
    Log-Analyse und Auswertung - 30.11.2011 (2)
  5. Tan-Trojaner oder nicht?!
    Plagegeister aller Art und deren Bekämpfung - 07.12.2010 (20)
  6. Virus oder Trojaner? Browser reagieren nicht oder verzögert.
    Log-Analyse und Auswertung - 20.10.2010 (26)
  7. ist es nun ein trojaner oder nicht?
    Log-Analyse und Auswertung - 15.09.2009 (3)
  8. Trojaner oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 18.01.2009 (6)
  9. Trojaner oder nicht ?
    Log-Analyse und Auswertung - 28.10.2008 (4)
  10. Trojaner oder nicht?
    Log-Analyse und Auswertung - 06.03.2008 (3)
  11. Trojaner oder nicht?
    Mülltonne - 24.09.2007 (0)
  12. Trojaner oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 20.01.2007 (1)
  13. Trojaner oder nicht ????
    Log-Analyse und Auswertung - 14.08.2006 (8)
  14. Trojaner??!! Oder nicht??
    Log-Analyse und Auswertung - 15.04.2006 (1)
  15. Trojaner??!! Oder nicht??
    Mülltonne - 15.04.2006 (1)
  16. Trojaner oder nicht ???
    Plagegeister aller Art und deren Bekämpfung - 10.12.2004 (1)
  17. Trojaner oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 07.02.2003 (5)

Zum Thema BKA-Trojaner auf dem pc oder nicht? - hallo forum, ich habe gestern eine version des bka-trojaners auf meinem rechner vorgefunden, die den pc zunächst gesperrt hat. nach ausführlichen recherchen im netz habe ich keine version gefunden, die - BKA-Trojaner auf dem pc oder nicht?...
Archiv
Du betrachtest: BKA-Trojaner auf dem pc oder nicht? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.