GMX Abuse meldet mir Infizierung mit Virus "Zeus"

Costanzo · 29.04.2013, 15:57

Also, da kam nur die eine Datei:

Code:

ATTFilter

OTL logfile created on: 4/29/2013 6:49:29 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232.88 Gb Total Space | 201.52 Gb Free Space | 86.53% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled] --  -- (HidServ)
SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/04/02 08:32:22 | 000,289,048 | ---- | M] (Norman ASA) [On_Demand] -- C:\Programme\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc)
SRV - [2013/03/13 08:09:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/14 06:31:59 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/04 07:07:46 | 000,133,744 | ---- | M] (Norman ASA) [On_Demand] -- C:\Programme\Norman\Npm\Bin\zfr.exe -- (NormanZfr)
SRV - [2011/05/16 02:28:03 | 000,196,608 | ---- | M] (Norman ASA) [On_Demand] -- C:\Programme\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas)
SRV - [2011/04/12 07:14:42 | 000,100,336 | ---- | M] (Norman ASA) [Auto] -- C:\Programme\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV - [2011/04/12 07:11:16 | 000,427,888 | ---- | M] (Norman ASA) [Auto] -- C:\Programme\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV - [2011/04/11 05:57:23 | 000,112,424 | ---- | M] () [On_Demand] -- C:\Programme\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves)
SRV - [2011/04/11 04:38:22 | 000,099,312 | ---- | M] (Norman ASA) [On_Demand] -- C:\Programme\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2011/04/08 03:21:34 | 000,075,104 | ---- | M] (Norman ASA) [Auto] -- C:\Programme\Norman\Npm\Bin\Elogsvc.exe -- (eLoggerSvc6)
SRV - [2010/12/03 05:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Disabled] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/07/29 08:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Programme\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/08/07 04:59:50 | 000,540,184 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/19 05:55:54 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (TetaSCDevice)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (FTD2XX)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2013/04/04 08:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 10:01:42 | 000,031,632 | ---- | M] (Norman ASA) [File_System | Boot] -- C:\WINDOWS\system32\drivers\nvcw32mf.sys -- (NvcMFlt)
DRV - [2011/02/11 06:49:01 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto] -- C:\Programme\Norman\Nse\Bin\ndiskio.sys -- (Ndiskio)
DRV - [2011/02/11 06:39:43 | 000,050,576 | ---- | M] (Norman ASA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nnetsec.sys -- (nnetsec)
DRV - [2011/02/11 06:39:43 | 000,029,968 | ---- | M] (Norman ASA) [Kernel | On_Demand] -- C:\Programme\Norman\Ngs\Bin\nnetsecc.sys -- (NNetSecC)
DRV - [2011/01/19 11:15:25 | 000,060,552 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/12/13 04:25:02 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System] -- C:\Programme\Norman\Ngs\Bin\ngs.sys -- (NGS)
DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/12/03 05:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2008/06/23 03:03:52 | 000,020,352 | R--- | M] (OEM(CI)) [Kernel | System] -- C:\WINDOWS\system32\drivers\glvsp.sys -- (VirtualCom)
DRV - [2008/04/24 10:36:42 | 000,060,268 | ---- | M] (Moxa Technologies Co., Ltd. ) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\npdrv.sys -- (npdrv)
DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/10/07 23:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/07 23:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/07 23:20:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/07 23:20:00 | 000,026,044 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/07 23:20:00 | 000,015,068 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/07 23:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/07 23:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/09/07 13:19:22 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2006/07/04 15:29:18 | 004,306,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/22 13:37:18 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/17 02:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 02:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/02/28 05:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2005/01/07 11:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/04 01:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 19:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 19:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 19:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 19:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 19:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 19:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 19:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 19:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 19:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 19:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 19:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 19:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 19:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 19:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 19:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2003/02/13 09:33:12 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [1997/09/10 03:15:00 | 000,055,296 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\SSIPDDP.SYS -- (SSIPDDP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\administrator.UNITONAG_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\administrator.UNITONAG_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\elsaesser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\elsaesser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\laudan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\laudan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\loeliger_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\loeliger_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\Rohner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\Rohner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\traxler_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\traxler_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\werkcad_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\werkcad_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/01 04:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013/01/14 06:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013/02/25 02:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013/02/01 04:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2013/02/25 02:47:19 | 000,000,000 | ---D | M]
 
[2013/01/14 06:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013/01/14 06:31:59 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2013/02/01 04:07:55 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll
[2013/01/14 06:31:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/01/14 06:31:56 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013/01/14 06:31:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013/01/14 06:31:56 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/01/14 06:31:56 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/01/14 06:31:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013/04/25 07:41:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Norman ZANDA] C:\Programme\Norman\npm\bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\administrator.UNITONAG_ON_C..\Run: [LightScribe Control Panel]  File not found
O4 - HKU\Administrator_ON_C..\Run: [LightScribe Control Panel]  File not found
O4 - HKU\elsaesser_ON_C..\Run: [Zoubyd] C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev\buac.exe ()
O4 - HKU\laudan_ON_C..\Run: [LightScribe Control Panel]  File not found
O4 - HKU\Rohner_ON_C..\Run: [LightScribe Control Panel]  File not found
O4 - HKU\traxler_ON_C..\Run: [LightScribe Control Panel]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\Rohner\Startmenü\Programme\Autostart\AOM.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Web\AOM.exe (Adobe Systems, Incorporated)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\administrator.UNITONAG_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\elsaesser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\laudan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\loeliger_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Rohner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\traxler_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\werkcad_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UNITONAG.intra
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/29 11:27:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013/04/29 11:27:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/04/29 11:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WINDOWS
[2013/04/29 11:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013/04/29 11:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2013/04/29 11:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\html
[2013/04/29 02:20:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/29 02:20:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013/04/29 02:04:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Malwarebytes
[2013/04/29 02:03:24 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/26 10:25:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\tdsskiller.exe
[2013/04/26 10:24:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\aswMBR.exe
[2013/04/26 05:15:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/04/26 05:14:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/26 05:12:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\OTL.exe
[2013/04/26 05:11:35 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\JRT.exe
[2013/04/26 02:43:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2013/04/26 02:43:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2013/04/25 07:56:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/04/25 07:33:26 | 000,000,000 | ---D | C] -- C:\cmdcons
[2013/04/25 07:18:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/25 07:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/04/24 02:05:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013/04/22 09:25:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\elsaesser\Desktop\DMAX Soft Version 2.16 Beta 2
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/29 11:38:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/29 11:27:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013/04/29 11:19:08 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_elsaesser.job
[2013/04/29 11:10:08 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1529201136-1576731350-2773778870-1129.job
[2013/04/29 10:08:56 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1529201136-1576731350-2773778870-1129.job
[2013/04/29 09:48:40 | 000,502,814 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/04/29 09:48:40 | 000,484,210 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/29 09:48:40 | 000,101,392 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/04/29 09:48:40 | 000,087,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/29 09:31:58 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/29 09:09:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/29 09:04:11 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/29 08:09:45 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1529201136-1576731350-2773778870-1129.job
[2013/04/29 02:20:14 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/29 02:03:41 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/29 01:54:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/26 10:51:07 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\MBR.dat
[2013/04/26 10:25:55 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\aswMBR.exe
[2013/04/26 10:25:48 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\tdsskiller.exe
[2013/04/26 05:29:02 | 000,018,642 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2013/04/26 05:12:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\OTL.exe
[2013/04/26 05:12:29 | 000,619,461 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\adwcleaner.exe
[2013/04/26 05:11:36 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\JRT.exe
[2013/04/26 03:51:50 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\sysdata.xml
[2013/04/25 07:41:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/04/24 04:10:00 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\defogger_reenable
[2013/04/22 12:11:37 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_elsaesser.job
[2013/04/22 12:09:02 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_elsaesser.job
[2013/04/04 08:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/29 02:20:14 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/26 10:51:07 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\MBR.dat
[2013/04/26 05:12:29 | 000,619,461 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\adwcleaner.exe
[2013/04/26 03:51:50 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\sysdata.xml
[2013/04/25 07:33:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/04/25 07:33:29 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013/04/24 04:10:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\defogger_reenable
[2013/04/22 12:09:01 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_elsaesser.job
[2013/04/22 12:09:01 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_elsaesser.job
[2013/04/22 12:09:00 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_elsaesser.job
[2013/04/22 09:24:58 | 045,407,693 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\DMAX Soft Version 2.16 Beta 2.zip
[2011/09/14 10:45:18 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2011/09/14 06:36:39 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\loeliger\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011/06/24 08:03:34 | 000,002,164 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\.recently-used.xbel
[2011/05/12 10:12:19 | 000,000,236 | ---- | C] () -- C:\WINDOWS\DsmDwnld.INI
[2011/05/12 10:08:48 | 000,000,063 | ---- | C] () -- C:\WINDOWS\DSMProgrammer.INI
[2011/05/12 07:20:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\C63.INI
[2010/02/17 08:22:27 | 000,000,024 | ---- | C] () -- C:\WINDOWS\RSMTRA~1.INI
[2009/11/05 07:54:30 | 000,127,023 | ---- | C] () -- C:\WINDOWS\c96unins.exe
[2009/11/04 03:39:24 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009/11/04 03:39:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2009/06/26 08:53:59 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Remote.INI
[2009/06/26 08:03:09 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\dsci.dll
[2009/04/24 03:09:01 | 000,018,642 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2009/02/26 11:01:58 | 000,019,938 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\MPS Icon 24x24 bis 128x128#.2009_02_26_16_01_58.1
[2009/02/26 11:01:58 | 000,014,466 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Neues Dokument 1.2009_02_26_16_01_58.0
[2009/02/07 08:17:31 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\laudan\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/01/29 03:32:56 | 000,000,272 | ---- | C] () -- C:\WINDOWS\PSUeng.INI
[2009/01/22 11:01:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\RSM.INI
[2009/01/21 12:29:48 | 000,191,440 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2008/12/17 03:47:30 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/11 04:07:20 | 000,179,545 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\debuggee.mdmp
[2008/12/04 08:26:18 | 000,000,272 | ---- | C] () -- C:\WINDOWS\PSU.INI
[2008/09/29 02:34:27 | 000,000,623 | ---- | C] () -- C:\WINDOWS\System32\hppapr10.dat
[2008/08/21 03:59:18 | 000,000,586 | ---- | C] () -- C:\WINDOWS\Zentrale.INI
[2008/08/18 09:55:52 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2008/05/28 07:08:57 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/05/28 07:08:56 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2008/05/28 07:08:56 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/05/28 05:48:13 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2008/05/28 02:30:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Backup.INI
[2008/05/16 03:31:36 | 000,001,144 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/05/15 09:11:03 | 000,000,332 | ---- | C] () -- C:\WINDOWS\TAD Programmer.INI
[2008/05/14 11:12:39 | 000,000,600 | ---- | C] () -- C:\WINDOWS\DSM.INI
[2008/05/14 11:06:36 | 000,212,992 | R--- | C] () -- C:\WINDOWS\System32\NmUninst.exe
[2008/05/14 10:13:49 | 000,000,450 | ---- | C] () -- C:\WINDOWS\MCUTOOLS.INI
[2008/05/14 10:13:49 | 000,000,164 | ---- | C] () -- C:\WINDOWS\MDSELIB.INI
[2008/05/14 09:59:25 | 000,000,037 | ---- | C] () -- C:\WINDOWS\coolmp3.ini
[2008/05/14 09:59:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wordpad.ini
[2008/05/14 09:59:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2008/05/14 09:59:17 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2008/05/14 09:59:13 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini
[2008/05/14 09:58:06 | 000,017,649 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2008/05/08 06:37:08 | 000,001,544 | ---- | C] () -- C:\WINDOWS\CSPY.INI
[2008/05/08 04:22:12 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSIPDDP.SYS
[2008/05/08 04:22:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\SSIVDDP.DLL
[2008/05/08 04:22:12 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSIDDDP.SYS
[2008/05/08 04:13:07 | 000,000,916 | ---- | C] () -- C:\WINDOWS\IAREW.INI
[2008/05/08 03:28:27 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/06 09:12:19 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\traxler\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/06 08:12:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Rohner\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/06 07:25:44 | 000,000,318 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2008/05/06 05:38:55 | 000,000,922 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/06 05:32:20 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe
[2008/05/06 05:16:14 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/06 02:26:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/06 02:18:31 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\werkcad\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/06 02:00:23 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\administrator.UNITONAG\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/05 04:30:51 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/05 04:30:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2008/05/05 04:25:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/05/05 04:24:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/05/05 04:24:56 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/05/05 04:24:54 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/05/05 04:24:33 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/05/05 04:16:35 | 000,000,814 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/04 20:02:06 | 000,000,146 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/04 19:49:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/04 19:44:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/05/04 19:44:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/05/04 19:38:10 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/06/28 09:06:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2007/04/23 16:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/16 10:20:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/04 23:53:24 | 000,502,814 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/05/04 23:53:24 | 000,484,210 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/04 23:53:24 | 000,101,392 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/05/04 23:53:24 | 000,087,982 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/04 23:49:18 | 000,231,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/04 23:41:54 | 000,004,348 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/04 23:37:00 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 03:57:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 14:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/18 07:09:40 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/18 07:09:40 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/17 16:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 16:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 16:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 17:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 17:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1997/09/03 18:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/09/03 18:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/09/03 18:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/09/03 18:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/09/03 18:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/03 18:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VADE232.DLL
[1997/09/03 18:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2008/10/15 10:42:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\aicon
[2013/04/24 08:44:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Arupz
[2008/09/09 10:40:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Axialis
[2009/09/02 11:19:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\CursorArts
[2011/06/24 08:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\gtk-2.0
[2008/09/26 04:48:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Inkscape
[2008/05/28 05:45:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\InterTrust
[2008/06/11 09:26:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Leadertech
[2009/09/02 11:04:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Music Editor Free
[2013/04/29 11:26:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev
[2011/02/24 08:39:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\OpenOffice.org
[2010/10/27 07:29:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\PapDesigner
[2008/05/14 09:41:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Scooter Software
[2010/10/27 02:13:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Thunderbird
[2011/02/17 04:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\UNITON AG
[2011/02/02 06:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Wireshark
[2011/05/19 06:48:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\XnView
[2013/02/11 05:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Ykyfz
[2009/11/04 03:39:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2008/06/19 04:23:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2010/09/10 06:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OPHM
[2008/05/14 08:27:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PreEmptive Solutions
[2011/01/28 09:26:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UNITON AG Switzerland
[2010/12/09 06:06:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2013/04/22 12:11:37 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\ReclaimerUpdateFiles_elsaesser.job
[2013/04/22 12:09:02 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\ReclaimerUpdateXML_elsaesser.job
[2013/04/29 11:19:08 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_elsaesser.job
 
========== Purity Check ==========
 
 
< End of report >

Aber wahrscheinlich hätte ich auch diesmal die üblichen Einstellungen machen müssen...
Dann kommen folgende Dateien raus:

Code:

ATTFilter

OTL logfile created on: 4/29/2013 6:55:20 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232.88 Gb Total Space | 201.52 Gb Free Space | 86.53% Space Free | Partition Type: NTFS
Drive I: | 1.84 Gb Total Space | 0.94 Gb Free Space | 51.32% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) --  File not found
SRV - (HidServ) --  File not found
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nsesvc) -- C:\Programme\Norman\Nse\Bin\NSESVC.EXE (Norman ASA)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NormanZfr) -- C:\Programme\Norman\Npm\Bin\zfr.exe (Norman ASA)
SRV - (nvcoas) -- C:\Programme\Norman\Nvc\Bin\nvcoas.exe (Norman ASA)
SRV - (NVOY) -- C:\Programme\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (Norman ZANDA) -- C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (Norman NJeeves) -- C:\Programme\Norman\Npm\Bin\Njeeves.exe ()
SRV - (Scheduler) -- C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\Programme\Norman\Npm\Bin\Elogsvc.exe (Norman ASA)
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (msvsmon90) -- C:\Programme\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (TetaSCDevice) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (FTD2XX) --  File not found
DRV - (Changer) --  File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)
DRV - (Ndiskio) -- C:\Programme\Norman\Nse\Bin\ndiskio.sys (Norman ASA)
DRV - (nnetsec) -- C:\WINDOWS\system32\drivers\nnetsec.sys (Norman ASA)
DRV - (NNetSecC) -- C:\Programme\Norman\Ngs\Bin\nnetsecc.sys (Norman ASA)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (NGS) -- C:\Programme\Norman\Ngs\Bin\ngs.sys (Norman ASA)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (VirtualCom) -- C:\WINDOWS\system32\drivers\glvsp.sys (OEM(CI))
DRV - (npdrv) -- C:\WINDOWS\system32\drivers\npdrv.sys (Moxa Technologies Co., Ltd. )
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel(R) Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel(R) Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel(R) Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel(R) Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel(R) Corporation)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (SSIPDDP) -- C:\WINDOWS\system32\drivers\SSIPDDP.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\administrator.UNITONAG_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\administrator.UNITONAG_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\elsaesser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\elsaesser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\laudan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\laudan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\loeliger_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\loeliger_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\Rohner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\Rohner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\traxler_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\traxler_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\werkcad_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
IE - HKU\werkcad_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/01 04:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013/01/14 06:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013/02/25 02:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013/02/01 04:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2013/02/25 02:47:19 | 000,000,000 | ---D | M]
 
[2013/01/14 06:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013/01/14 06:31:59 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2013/02/01 04:07:55 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll
[2013/01/14 06:31:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/01/14 06:31:56 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013/01/14 06:31:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013/01/14 06:31:56 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/01/14 06:31:56 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/01/14 06:31:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013/04/25 07:41:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Norman ZANDA] C:\Programme\Norman\npm\bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\administrator.UNITONAG_ON_C..\Run: [LightScribe Control Panel]  File not found
O4 - HKU\Administrator_ON_C..\Run: [LightScribe Control Panel]  File not found
O4 - HKU\elsaesser_ON_C..\Run: [Zoubyd] C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev\buac.exe ()
O4 - HKU\laudan_ON_C..\Run: [LightScribe Control Panel]  File not found
O4 - HKU\Rohner_ON_C..\Run: [LightScribe Control Panel]  File not found
O4 - HKU\traxler_ON_C..\Run: [LightScribe Control Panel]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\Rohner\Startmenü\Programme\Autostart\AOM.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Web\AOM.exe (Adobe Systems, Incorporated)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\administrator.UNITONAG_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\elsaesser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\laudan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\loeliger_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Rohner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\traxler_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\werkcad_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UNITONAG.intra
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/29 11:27:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013/04/29 11:27:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/04/29 11:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WINDOWS
[2013/04/29 11:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013/04/29 11:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2013/04/29 11:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\html
[2013/04/29 02:20:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/29 02:20:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013/04/29 02:04:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Malwarebytes
[2013/04/29 02:03:24 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/26 10:25:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\tdsskiller.exe
[2013/04/26 10:24:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\aswMBR.exe
[2013/04/26 05:15:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/04/26 05:14:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/26 05:12:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\OTL.exe
[2013/04/26 05:11:35 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\JRT.exe
[2013/04/26 02:43:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2013/04/26 02:43:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2013/04/25 07:56:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/04/25 07:33:26 | 000,000,000 | ---D | C] -- C:\cmdcons
[2013/04/25 07:18:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/25 07:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/04/24 02:05:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013/04/22 09:25:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\elsaesser\Desktop\DMAX Soft Version 2.16 Beta 2
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/29 11:38:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/29 11:27:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013/04/29 11:19:08 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_elsaesser.job
[2013/04/29 11:10:08 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1529201136-1576731350-2773778870-1129.job
[2013/04/29 10:08:56 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1529201136-1576731350-2773778870-1129.job
[2013/04/29 09:48:40 | 000,502,814 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/04/29 09:48:40 | 000,484,210 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/29 09:48:40 | 000,101,392 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/04/29 09:48:40 | 000,087,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/29 09:31:58 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/29 09:09:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/29 09:04:11 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/29 08:09:45 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1529201136-1576731350-2773778870-1129.job
[2013/04/29 02:20:14 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/29 02:03:41 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/29 01:54:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/26 10:51:07 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\MBR.dat
[2013/04/26 10:25:55 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\aswMBR.exe
[2013/04/26 10:25:48 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\tdsskiller.exe
[2013/04/26 05:29:02 | 000,018,642 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2013/04/26 05:12:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\OTL.exe
[2013/04/26 05:12:29 | 000,619,461 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\adwcleaner.exe
[2013/04/26 05:11:36 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\elsaesser\Desktop\JRT.exe
[2013/04/26 03:51:50 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\sysdata.xml
[2013/04/25 07:41:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/04/24 04:10:00 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\elsaesser\defogger_reenable
[2013/04/22 12:11:37 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_elsaesser.job
[2013/04/22 12:09:02 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_elsaesser.job
[2013/04/04 08:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/29 02:20:14 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/26 10:51:07 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\MBR.dat
[2013/04/26 05:12:29 | 000,619,461 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\adwcleaner.exe
[2013/04/26 03:51:50 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\sysdata.xml
[2013/04/25 07:33:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/04/25 07:33:29 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013/04/24 04:10:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\defogger_reenable
[2013/04/22 12:09:01 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_elsaesser.job
[2013/04/22 12:09:01 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_elsaesser.job
[2013/04/22 12:09:00 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_elsaesser.job
[2013/04/22 09:24:58 | 045,407,693 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Desktop\DMAX Soft Version 2.16 Beta 2.zip
[2011/09/14 10:45:18 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2011/09/14 06:36:39 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\loeliger\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011/06/24 08:03:34 | 000,002,164 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\.recently-used.xbel
[2011/05/12 10:12:19 | 000,000,236 | ---- | C] () -- C:\WINDOWS\DsmDwnld.INI
[2011/05/12 10:08:48 | 000,000,063 | ---- | C] () -- C:\WINDOWS\DSMProgrammer.INI
[2011/05/12 07:20:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\C63.INI
[2010/02/17 08:22:27 | 000,000,024 | ---- | C] () -- C:\WINDOWS\RSMTRA~1.INI
[2009/11/05 07:54:30 | 000,127,023 | ---- | C] () -- C:\WINDOWS\c96unins.exe
[2009/11/04 03:39:24 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009/11/04 03:39:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2009/06/26 08:53:59 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Remote.INI
[2009/06/26 08:03:09 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\dsci.dll
[2009/04/24 03:09:01 | 000,018,642 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2009/02/26 11:01:58 | 000,019,938 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\MPS Icon 24x24 bis 128x128#.2009_02_26_16_01_58.1
[2009/02/26 11:01:58 | 000,014,466 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Neues Dokument 1.2009_02_26_16_01_58.0
[2009/02/07 08:17:31 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\laudan\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/01/29 03:32:56 | 000,000,272 | ---- | C] () -- C:\WINDOWS\PSUeng.INI
[2009/01/22 11:01:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\RSM.INI
[2009/01/21 12:29:48 | 000,191,440 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2008/12/17 03:47:30 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/11 04:07:20 | 000,179,545 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\debuggee.mdmp
[2008/12/04 08:26:18 | 000,000,272 | ---- | C] () -- C:\WINDOWS\PSU.INI
[2008/09/29 02:34:27 | 000,000,623 | ---- | C] () -- C:\WINDOWS\System32\hppapr10.dat
[2008/08/21 03:59:18 | 000,000,586 | ---- | C] () -- C:\WINDOWS\Zentrale.INI
[2008/08/18 09:55:52 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2008/05/28 07:08:57 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/05/28 07:08:56 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2008/05/28 07:08:56 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/05/28 05:48:13 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2008/05/28 02:30:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Backup.INI
[2008/05/16 03:31:36 | 000,001,144 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/05/15 09:11:03 | 000,000,332 | ---- | C] () -- C:\WINDOWS\TAD Programmer.INI
[2008/05/14 11:12:39 | 000,000,600 | ---- | C] () -- C:\WINDOWS\DSM.INI
[2008/05/14 11:06:36 | 000,212,992 | R--- | C] () -- C:\WINDOWS\System32\NmUninst.exe
[2008/05/14 10:13:49 | 000,000,450 | ---- | C] () -- C:\WINDOWS\MCUTOOLS.INI
[2008/05/14 10:13:49 | 000,000,164 | ---- | C] () -- C:\WINDOWS\MDSELIB.INI
[2008/05/14 09:59:25 | 000,000,037 | ---- | C] () -- C:\WINDOWS\coolmp3.ini
[2008/05/14 09:59:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wordpad.ini
[2008/05/14 09:59:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2008/05/14 09:59:17 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2008/05/14 09:59:13 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini
[2008/05/14 09:58:06 | 000,017,649 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2008/05/08 06:37:08 | 000,001,544 | ---- | C] () -- C:\WINDOWS\CSPY.INI
[2008/05/08 04:22:12 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSIPDDP.SYS
[2008/05/08 04:22:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\SSIVDDP.DLL
[2008/05/08 04:22:12 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSIDDDP.SYS
[2008/05/08 04:13:07 | 000,000,916 | ---- | C] () -- C:\WINDOWS\IAREW.INI
[2008/05/08 03:28:27 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\elsaesser\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/06 09:12:19 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\traxler\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/06 08:12:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Rohner\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/06 07:25:44 | 000,000,318 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2008/05/06 05:38:55 | 000,000,922 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/06 05:32:20 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe
[2008/05/06 05:16:14 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/06 02:26:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/06 02:18:31 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\werkcad\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/06 02:00:23 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\administrator.UNITONAG\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/05 04:30:51 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/05 04:30:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2008/05/05 04:25:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/05/05 04:24:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/05/05 04:24:56 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/05/05 04:24:54 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/05/05 04:24:33 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/05/05 04:16:35 | 000,000,814 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/04 20:02:06 | 000,000,146 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/04 19:49:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/04 19:44:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/05/04 19:44:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/05/04 19:38:10 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/06/28 09:06:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2007/04/23 16:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/16 10:20:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/04 23:53:24 | 000,502,814 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/05/04 23:53:24 | 000,484,210 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/04 23:53:24 | 000,101,392 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/05/04 23:53:24 | 000,087,982 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/04 23:49:18 | 000,231,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/04 23:41:54 | 000,004,348 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/04 23:37:00 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 03:57:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 14:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/18 07:09:40 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/18 07:09:40 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/17 16:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 16:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 16:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 17:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 17:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1997/09/03 18:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/09/03 18:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/09/03 18:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/09/03 18:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/09/03 18:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/03 18:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VADE232.DLL
[1997/09/03 18:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2008/10/15 10:42:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\aicon
[2013/04/24 08:44:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Arupz
[2008/09/09 10:40:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Axialis
[2009/09/02 11:19:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\CursorArts
[2011/06/24 08:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\gtk-2.0
[2008/09/26 04:48:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Inkscape
[2008/05/28 05:45:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\InterTrust
[2008/06/11 09:26:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Leadertech
[2009/09/02 11:04:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Music Editor Free
[2013/04/29 11:26:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev
[2011/02/24 08:39:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\OpenOffice.org
[2010/10/27 07:29:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\PapDesigner
[2008/05/14 09:41:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Scooter Software
[2010/10/27 02:13:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Thunderbird
[2011/02/17 04:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\UNITON AG
[2011/02/02 06:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Wireshark
[2011/05/19 06:48:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\XnView
[2013/02/11 05:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Ykyfz
[2009/11/04 03:39:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2008/06/19 04:23:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2010/09/10 06:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OPHM
[2008/05/14 08:27:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PreEmptive Solutions
[2011/01/28 09:26:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UNITON AG Switzerland
[2010/12/09 06:06:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2013/04/22 12:11:37 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\ReclaimerUpdateFiles_elsaesser.job
[2013/04/22 12:09:02 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\ReclaimerUpdateXML_elsaesser.job
[2013/04/29 11:19:08 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_elsaesser.job
 
========== Purity Check ==========
 
 
< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 4/29/2013 6:55:20 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232.88 Gb Total Space | 201.52 Gb Free Space | 86.53% Space Free | Partition Type: NTFS
Drive I: | 1.84 Gb Total Space | 0.94 Gb Free Space | 51.32% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- C:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.txt [@ = UltraEdit.txt] -- C:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\mcuez\prog\motpm.exe" = C:\Programme\mcuez\prog\motpm.exe:*:Enabled:motpm
"C:\Programme\mcuez\prog\mcuez.exe" = C:\Programme\mcuez\prog\mcuez.exe:*:Enabled:MCUez EXE -- (Motorola)
"C:\Programme\mcuez\prog\Launcher.exe" = C:\Programme\mcuez\prog\Launcher.exe:*:Enabled:Launcher
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio Data Module
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD Plus
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B92A11C-F48F-430A-AB8D-3F7CA80669CD}" = SDMSSplash
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{860CEC95-75B3-461F-B0C6-0BD96B0C4A14}" = PMD Software Suite
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8BD1F2E9-AE66-4E1B-8B09-BECFF831C905}" = Norman Endpoint Protection
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio Audio Module
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B02F7022-0267-4D7E-94AE-E57A99162E77}" = MPS Tools
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio Copy Module
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B461FE96-6E19-44E6-A621-938493D9AF35}" = MPS Software Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C152E341-135F-4F23-BF0C-D593C04A7D18}" = PMD Tools
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF787A9E-CFB5-42A0-A490-2C169DB7C1F5}" = SigmaStudio 3.0
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FEF07CF4-5834-4AF1-9DEA-9EE94B53C6EB}" = PhotoS
"7-Zip" = 7-Zip 4.62
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoSketch v5.0" = AutoSketch
"BC2_is1" = Beyond Compare Version 2.5.3
"Cool Edit 2000" = Cool Edit 2000
"Cool Edit 96" = Cool Edit 96
"CW6812BDeinstKey" = IAR 68HC12 C-SPY BDM-Debugger
"Diagram Designer" = Diagram Designer
"DMAX Software Suite" = DMAX Software Suite
"DMAX Tools" = DMAX Tools
"EW6812DeinstKey" = IAR 6812 Embedded Workbench
"Fotosizer" = Fotosizer 1.18
"FotoSketcher_is1" = FotoSketcher - Version 1.6
"FreePDF_XP" = FreePDF (Remove only)
"FT_INF" = FT_INF
"FuH_Docklight_V1_7_is1" = Docklight V1.7
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HelpNDoc_is1" = HelpNDoc 2.6.0.74 Standard Edition
"HTML Help Workshop" = HTML Help Workshop
"IconWorkshop" = Axialis IconWorkshop 6.31
"Inkscape" = Inkscape 0.48.0
"Install Creator Pro" = Install Creator Pro
"Install Maker Pro" = Install Maker Pro
"IrfanView" = IrfanView (remove only)
"Lexmark Printer Software Uninstall" = Lexmark Drucker-Software deinstallieren
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MCUez for  HC12 Development Tools" = MCUez for HC12 Development Tools
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MProg 3.0a" = MProg 3.0a
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"NetMos Technology" = NetMos Multi-IO Controller
"NPort Administration Suite_is1" = NPort Administration Suite Ver1.10
"Office8.0" = Microsoft Office 97, Professional Edition
"Orcad Family Release 9.2 Standalone" = Orcad Family Release 9.2 Standalone
"PDF Complete" = PDF Complete
"Photo To Sketch_is1" = Photo To Sketch 3.51
"PhotoFiltre" = PhotoFiltre
"PMPSoft" = PMPSoft
"PrintKey2000" = PrintKey2000
"Professional Screen Saver Producer" = Axialis Professional Screen Saver Producer 3.6
"PSPad editor_is1" = PSPad editor
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 16.0" = RealPlayer
"Realterm" = Realterm 2.0.0.43
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SLSSoft" = SLSSoft
"Unlocker" = Unlocker 1.8.5
"Visual C++ 6.0 Professional Edition" = Microsoft Visual C++ 6.0 Professional Edition
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.0
"WIC" = Windows Imaging Component
"WinGimp-2.0_is1" = GIMP 2.6.11
"Winmail Opener" = Winmail Opener 1.4
"WinPcapInst" = WinPcap 4.0.2
"Wireshark" = Wireshark 0.99.7
"XnView_is1" = XnView 1.94.2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\elsaesser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DMAX Adjust" = DMAX Adjust
"Google Chrome" = Google Chrome
 
< End of report >

cosinus · 29.04.2013, 22:46

Ich befürchte dein System ist schon zu stark umgebogen, auch das fehlende SP3 macht es eher schlimmer. Eine saubere Neuinstallation wird der nächste Schritt sein, wenn der folgende keine signifikante und dauerhafte Besserung bringt

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O4 - HKU\elsaesser_ON_C..\Run: [Zoubyd] C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev\buac.exe ()
[2013/02/11 05:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Ykyfz
:Files
C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Costanzo · 30.04.2013, 07:39

Code:

ATTFilter

========== OTL ==========
Registry value HKEY_USERS\elsaesser_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Zoubyd deleted successfully.
C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev\buac.exe moved successfully.
C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Ykyfz folder moved successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\elsaesser\Anwendungsdaten\Nyev folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 04302013_110535

Leider bleibt das Problem mit dem Login - nach dem Login werden die Benutzereinstellungen geladen und dann startet der PC neu...
Im abgesicherten Modus kann ich die Zip-Datei erstellen. Da ich aber nicht in den abgesicherten Modus mit Netzlaufwerken reinkomme, kann ich sie nicht direkt hochladen.
Ich könnte sie nun per USB-Stick von einem "sauberen" PC hochladen, habe da aber gewisse Bedenken, da ich keinesfalls noch einen anderen PC infizieren möchte...

Das heisst dann wohl Neuinstallation, oder?

cosinus · 30.04.2013, 15:40

Jo, ich denke es endet in einer Reparatur- oder am besten gleich eine komplett saubere Neuinstallation.

Ein sauberes Systemimage des Rechners ist wohl nicht vorhanden?

Costanzo · 02.05.2013, 09:29

Zitat:

Zitat von cosinus

Jo, ich denke es endet in einer Reparatur- oder am besten gleich eine komplett saubere Neuinstallation.

Ein sauberes Systemimage des Rechners ist wohl nicht vorhanden?

Nein, sauberes Systemimage ist nicht vorhanden. Die wichtigen Dateien werden auf den Netzwerkservern abgelegt und von dort werden selbstverständlich Backups erstellt, aber von den einzelnen PCs gibts keine Sicherungen.

Nun gut, schade hat's nicht geklappt.
Ich danke dir trotzdem vielmals für deine Hilfe.

30.04.2013, 15:40	#34
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GMX Abuse meldet mir Infizierung mit Virus "Zeus" Jo, ich denke es endet in einer Reparatur- oder am besten gleich eine komplett saubere Neuinstallation. Ein sauberes Systemimage des Rechners ist wohl nicht vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

GMX Abuse meldet mir Infizierung mit Virus "Zeus"

Log-Analyse und Auswertung: GMX Abuse meldet mir Infizierung mit Virus "Zeus"