Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows XP: Avira Scanner starten nicht; Avira regiert nicht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.03.2016, 17:34   #16
qwertz3
 
Windows XP: Avira Scanner starten nicht; Avira regiert nicht - Standard

Otlpe



Einstellungen: Standard Registry = Use Safe List, Extra Registry = Use Safe List

C:\OTL.Txt
Code:
ATTFilter
OTL logfile created on: 3/14/2016 4:37:00 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 47.79 Gb Total Space | 13.28 Gb Free Space | 27.79% Space Free | Partition Type: NTFS
Drive D: | 53.44 Gb Total Space | 15.26 Gb Free Space | 28.56% Space Free | Partition Type: NTFS
Drive E: | 10.56 Gb Total Space | 10.50 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (stllssvr)
SRV - [2016/02/18 07:49:19 | 000,462,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2016/02/18 07:49:09 | 001,032,328 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2016/02/18 07:49:06 | 000,834,568 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2016/02/18 07:49:06 | 000,462,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2016/02/18 07:49:05 | 001,054,008 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2015/08/07 12:43:35 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/28 05:06:06 | 000,043,336 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2014/04/03 14:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/12 16:52:16 | 000,560,528 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011/12/30 06:19:21 | 003,483,600 | ---- | M] (Acronis) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/11/10 05:10:16 | 005,899,240 | ---- | M] (Acronis) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/11/10 05:09:24 | 000,813,320 | ---- | M] (Acronis) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/07/20 00:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/10/01 07:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto] -- C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/11/28 18:13:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/03/18 11:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/05/08 02:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/04/22 10:32:42 | 000,221,184 | ---- | M] (SafeBoot International) [Auto] -- C:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/04/19 07:35:46 | 000,075,304 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/02/06 21:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/04 14:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 07:31:14 | 000,887,544 | ---- | M] (Sonic Solutions) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/06/22 01:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (vsdatant)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] --  -- (catchme)
DRV - [2016/02/18 07:49:06 | 000,135,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2015/12/03 04:11:26 | 000,106,968 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2015/06/11 06:07:27 | 000,027,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2014/03/12 16:35:16 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2014/03/12 16:33:56 | 000,058,736 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux)
DRV - [2014/03/12 16:33:56 | 000,040,304 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint)
DRV - [2013/11/28 19:48:08 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/07/31 02:35:19 | 000,113,024 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2013/07/31 02:35:19 | 000,092,448 | ---- | M] (Avira GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2011/12/30 06:19:21 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/12/30 06:19:17 | 000,766,496 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2011/12/30 06:19:15 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/12/30 06:19:13 | 000,126,144 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr)
DRV - [2011/12/30 06:19:11 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61)
DRV - [2011/12/30 06:19:08 | 000,170,752 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/12/30 06:19:05 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2009/12/25 09:33:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/09/10 08:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 12:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/06/22 14:00:48 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/11/21 15:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 10:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/11/16 13:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/28 15:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 19:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/10/31 13:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/04/23 09:10:48 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2007/04/22 10:25:30 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/04/22 10:24:58 | 000,100,095 | ---- | M] (SafeBoot International) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/04/10 09:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/29 10:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/02/27 06:21:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2007/02/14 10:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 10:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/30 05:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/22 05:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/10/17 05:59:06 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/10/17 05:57:58 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2006/10/09 07:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2006/09/19 12:58:58 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2001/08/17 22:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.loca
 
IE - HKU\Dorothee_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Dorothee_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Dorothee_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Heinz_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Heinz_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Heinz_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "AT"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.de,Bing,eBay"
FF - prefs.js..browser.search.region: "AT"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2015/08/07 12:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2015/08/07 12:43:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010/12/29 05:49:46 | 000,000,000 | ---D | M]
 
[2010/12/28 15:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions
[2010/12/28 15:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/03 08:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\xffq8n5l.default\extensions
[2011/12/03 08:40:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\xffq8n5l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2015/08/07 12:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2015/08/07 12:43:41 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- 
[2010/11/30 13:01:40 | 000,288,568 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\ieatgpc.dll
[2010/11/30 13:01:16 | 000,171,320 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\npatgpc.dll
[2011/11/10 00:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2016/03/11 17:26:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKU\Dorothee_ON_D\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Dorothee_ON_D\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\Heinz_ON_D\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira System Speedup] C:\Programme\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [CognizanceTS] C:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Speedup_umh] C:\Programme\Avira\AviraSpeedup\Speedup_umh.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\Heinz_ON_D..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00  [binary data]
O7 - HKU\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Heinz_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - Reg Error: Key error. File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - Reg Error: Key error. File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - Reg Error: Key error. File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OneCard: DllName - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - CLSID or File not found.
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - Reg Error: Key error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c9de0e10-d079-11e1-97dd-efbf148c2a67}\Shell - "" = AutoRun
O33 - MountPoints2\{c9de0e10-d079-11e1-97dd-efbf148c2a67}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9de0e10-d079-11e1-97dd-efbf148c2a67}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/03/11 17:04:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2016/03/11 17:04:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2016/03/11 17:04:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2016/03/11 17:04:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2016/03/11 17:00:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2016/03/11 16:59:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2016/03/11 16:52:23 | 005,658,088 | R--- | C] (Swearware) -- D:\$UserProfiles\Dorothee\Desktop\ComboFix.exe
[2016/03/10 10:16:52 | 000,000,000 | ---D | C] -- D:\Dorothee\_neu
[2016/03/04 18:01:40 | 000,000,000 | ---D | C] -- C:\FRST
[1 D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016/03/14 08:11:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/03/14 08:05:24 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\MATLAB R2011b Startup Accelerator.job
[2016/03/14 08:02:39 | 3212,103,680 | -HS- | M] () -- C:\hiberfil.sys
[2016/03/13 14:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2016/03/11 17:26:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2016/03/11 17:26:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2016/03/11 16:52:23 | 005,658,088 | R--- | M] (Swearware) -- D:\$UserProfiles\Dorothee\Desktop\ComboFix.exe
[2016/03/07 02:55:47 | 000,002,389 | ---- | M] () -- D:\$UserProfiles\Dorothee\Desktop\Microsoft Office Word 2007.lnk
[2016/02/18 07:49:06 | 000,135,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[1 D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016/03/13 12:25:23 | 3212,103,680 | -HS- | C] () -- C:\hiberfil.sys
[2016/03/11 17:04:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2016/03/11 17:04:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2016/03/11 17:04:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2016/03/11 17:04:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2016/03/11 17:04:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2015/05/25 04:57:51 | 000,000,860 | ---- | C] () -- D:\$UserProfiles\Dorothee\.recently-used.xbel
[2015/05/22 19:50:09 | 000,000,057 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ament.ini
[2014/11/07 07:06:10 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2014/08/27 04:20:21 | 000,233,472 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\s-1-5-19.rrr
[2014/08/26 17:58:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/18 06:23:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/02/01 15:54:01 | 000,000,600 | ---- | C] () -- D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2011/12/31 09:02:58 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/09/06 11:14:24 | 000,000,104 | ---- | C] () -- C:\WINDOWS\medigraf.INI
[2011/03/15 04:30:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/10 02:14:20 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAZCA_L.DLL
[2010/07/26 16:03:08 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/03/23 08:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2010/01/02 10:17:22 | 000,000,655 | ---- | C] () -- D:\$UserProfiles\Dorothee\quosasdddm.properties
[2009/12/25 18:31:12 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2009/12/25 18:31:12 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DAT
[2009/12/25 16:56:52 | 000,000,613 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/12/25 09:33:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/10/15 09:36:52 | 000,006,656 | ---- | C] () -- D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/22 10:53:36 | 000,000,019 | ---- | C] () -- C:\WINDOWS\retrieve.ini
[2009/07/25 05:59:45 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
[2009/05/07 12:23:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/18 11:22:38 | 000,000,600 | ---- | C] () -- D:\$UserProfiles\Dorothee\PUTTY.RND
[2009/04/14 17:29:14 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLec.DAT
[2009/04/14 17:18:41 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Enhance Timing
[2009/04/14 17:18:41 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Echo
[2009/04/14 17:18:41 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLds.DAT
[2009/04/14 17:18:41 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Examples
[2009/04/14 15:57:05 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009/04/14 15:57:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2009/04/14 15:30:07 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/01/01 05:37:21 | 000,000,146 | ---- | C] () -- D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/01/01 05:37:11 | 000,000,146 | ---- | C] () -- D:\$UserProfiles\Heinz\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/12/31 09:07:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/02 17:54:07 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2008/11/02 17:12:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/02 17:12:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/02 17:12:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/02 17:12:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/02 17:12:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/02 17:12:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/11/02 17:08:48 | 000,000,146 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/07/24 15:24:29 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/07/24 15:24:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2007/07/24 15:09:55 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/05/16 07:48:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/05/16 07:14:58 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/02/06 10:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 09:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/19 10:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/18 17:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/18 17:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/07 02:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 02:08:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 02:04:28 | 000,519,834 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/07 02:04:28 | 000,495,612 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 02:04:28 | 000,100,180 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/07 02:04:28 | 000,083,864 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 02:02:10 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 01:57:28 | 001,645,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 01:52:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 01:49:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 04:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 04:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/06 11:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1998/05/06 22:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2011/12/30 06:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Acronis
[2008/12/30 18:00:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Design Science
[2012/03/18 05:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EndNote
[2012/03/18 05:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Epson
[2012/07/22 09:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EurekaLog
[2009/04/15 05:29:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nikon
[2011/12/31 10:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Registry Mechanic
[2007/07/25 03:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2010/12/28 15:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2013/09/12 17:41:52 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Acronis
[2013/07/05 16:23:33 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Audacity
[2014/11/07 07:06:10 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Cliqz
[2010/05/12 02:21:09 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Design Science
[2013/12/15 10:40:00 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Dropbox
[2012/01/30 15:02:24 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\EndNote
[2012/03/29 17:46:22 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Epson
[2012/11/14 17:05:28 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\EurekaLog
[2015/05/25 04:57:52 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\gtk-2.0
[2010/09/29 16:18:44 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Idegf
[2012/11/19 18:49:09 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\InterVideo
[2010/09/22 07:04:10 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Nikon
[2009/01/01 05:37:21 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\SampleView
[2010/09/29 16:18:44 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Sanaze
[2010/12/29 10:31:56 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Thunderbird
[2012/02/22 07:59:08 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Tracker Software
[2011/07/13 12:51:46 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\webex
[2014/08/27 05:20:02 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Heinz\Anwendungsdaten\Acronis
[2009/01/01 05:37:11 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Heinz\Anwendungsdaten\SampleView
[2014/10/11 09:23:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/12/30 07:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2013/07/31 02:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\APN
[2014/05/18 06:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
[2009/04/14 17:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp
[2012/03/18 05:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2009/04/15 13:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2009/12/25 09:36:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Molecular Devices
[2012/07/22 07:53:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2009/04/14 17:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon
[2012/01/30 11:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers
[2012/03/18 05:35:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2009/04/14 17:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15
[2012/11/11 12:35:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{092C512F-9ECA-47B0-BF89-F0FF91DB1676}
[2008/11/02 16:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2009/04/15 13:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2016/03/14 08:05:24 | 000,000,536 | ---- | M] () -- C:\WINDOWS\Tasks\MATLAB R2011b Startup Accelerator.job
[2016/03/13 14:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/27 15:16:27 | 106,527,028 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\毛哜6
[2013/11/23 09:15:27 | 106,527,028 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\毛哜6
[2013/10/08 06:26:50 | 099,859,239 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\痣Ƛ哜6
[2013/09/19 10:44:01 | 099,859,239 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\痣Ƛ哜6
< End of report >
         
C:\Extras.Txt
Code:
ATTFilter
OTL Extras logfile created on: 3/14/2016 4:37:00 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 47.79 Gb Total Space | 13.28 Gb Free Space | 27.79% Space Free | Partition Type: NTFS
Drive D: | 53.44 Gb Total Space | 15.26 Gb Free Space | 28.56% Space Free | Partition Type: NTFS
Drive E: | 10.56 Gb Total Space | 10.50 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
"5357:TCP" = 5357:TCP:*:Enabled:WS-Eventing TCP Port 5357
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\$UserProfiles\Dorothee\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = D:\$UserProfiles\Dorothee\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe" = C:\Programme\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung (HP Deskjet 2540 series) -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe" = C:\Programme\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator COM (HP Deskjet 2540 series) -- (Hewlett-Packard Co.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Programme\Mozilla Firefox) -- (Mozilla Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1CF925D3-1E33-4447-889B-0751D2CF886D}" = Drive Encryption for HP ProtectTools
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2186F2E0-7023-453B-B604-0F13C72AFF37}" = Acronis*True*Image*Home 2012
"{2186F2E0-7023-453B-B604-0F13C72AFF37}Visible" = Acronis*True*Image*Home 2012
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.22
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 F2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1" = Cliqz
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6310A66B-F080-4E81-90F4-2AA6C30008EB}" = Axon pCLAMP 10.2 demo
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80416A15-214B-4F25-A025-ED6E875631F2}" = Cisco AnyConnect Secure Mobility Client
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 7.3.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A7CB3D4-0C49-4A19-8504-CF250CE1F5E8}" = HP Deskjet 2540 series - Grundlegende Software für das Gerät
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3E5B153-CC4B-40F2-9802-288B0AF2A966}" = HP Deskjet 2540 series Hilfe
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0CC75CD-F5B7-46AD-B016-17C0F5171718}" = Apple Mobile Device Support
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA791BB-6F54-48ED-BC2A-F78157C1D558}" = Adobe Setup
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBC81659-188F-4260-B9A8-E1EA53C4D650}" = Eudora
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F32DC846-4457-40A8-BECA-BCC0E960BC53}" = iTunes
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}" = HP BIOS Configuration for ProtectTools
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FBB55C5E-2548-4511-A6F5-8CBCDE16484C}" = A1 Dashboard
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2
"A1 Dashboard" = A1 Dashboard
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c015d5ef39552390a753ee735d16041" = Adobe Illustrator CS3
"Avira AntiVir Desktop" = Avira Internet Security
"Avira System Speedup_is1" = Avira System Speedup
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DSMT5" = MathType 5
"EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall
"EPSON BX535WD Series Netg" = Netzwerkhandbuch EPSON BX535WD Series
"EPSON BX535WD Series Useg" = Benutzerhandbuch EPSON BX535WD Series
"EPSON Scanner" = EPSON Scan
"FileZilla" = FileZilla (remove only)
"FreePDF_XP" = FreePDF XP (Remove only)
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 39.0.3 (x86 de)" = Mozilla Firefox 39.0.3 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Origin 6.0" = Origin 6.0
"PDF Complete" = PDF Complete
"PROHYBRIDR" = 2007 Microsoft Office system
"PuTTY_is1" = PuTTY version 0.62
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Registry Mechanic_is1" = Registry Mechanic 10.0
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineFestplatte" = aon Online Festplatte (entfernen)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
< End of report >
         
Einstellungen: Standard Registry = Use Safe List, Extra Registry = None

C:\OTL.Txt
Code:
ATTFilter
OTL logfile created on: 3/14/2016 2:43:29 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 47.79 Gb Total Space | 13.28 Gb Free Space | 27.79% Space Free | Partition Type: NTFS
Drive D: | 53.44 Gb Total Space | 15.26 Gb Free Space | 28.56% Space Free | Partition Type: NTFS
Drive E: | 10.56 Gb Total Space | 10.50 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (stllssvr)
SRV - [2016/02/18 07:49:19 | 000,462,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2016/02/18 07:49:09 | 001,032,328 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2016/02/18 07:49:06 | 000,834,568 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2016/02/18 07:49:06 | 000,462,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2016/02/18 07:49:05 | 001,054,008 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2015/08/07 12:43:35 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/28 05:06:06 | 000,043,336 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2014/04/03 14:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/12 16:52:16 | 000,560,528 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011/12/30 06:19:21 | 003,483,600 | ---- | M] (Acronis) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/11/10 05:10:16 | 005,899,240 | ---- | M] (Acronis) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/11/10 05:09:24 | 000,813,320 | ---- | M] (Acronis) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/07/20 00:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/10/01 07:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto] -- C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/11/28 18:13:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/03/18 11:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/05/08 02:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/04/22 10:32:42 | 000,221,184 | ---- | M] (SafeBoot International) [Auto] -- C:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/04/19 07:35:46 | 000,075,304 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/02/06 21:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/04 14:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 07:31:14 | 000,887,544 | ---- | M] (Sonic Solutions) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/06/22 01:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (vsdatant)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] --  -- (catchme)
DRV - [2016/02/18 07:49:06 | 000,135,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2015/12/03 04:11:26 | 000,106,968 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2015/06/11 06:07:27 | 000,027,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2014/03/12 16:35:16 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2014/03/12 16:33:56 | 000,058,736 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux)
DRV - [2014/03/12 16:33:56 | 000,040,304 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint)
DRV - [2013/11/28 19:48:08 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/07/31 02:35:19 | 000,113,024 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2013/07/31 02:35:19 | 000,092,448 | ---- | M] (Avira GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2011/12/30 06:19:21 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/12/30 06:19:17 | 000,766,496 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2011/12/30 06:19:15 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/12/30 06:19:13 | 000,126,144 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr)
DRV - [2011/12/30 06:19:11 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61)
DRV - [2011/12/30 06:19:08 | 000,170,752 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/12/30 06:19:05 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2009/12/25 09:33:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/09/10 08:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 12:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/06/22 14:00:48 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/11/21 15:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 10:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/11/16 13:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/28 15:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 19:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/10/31 13:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/04/23 09:10:48 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2007/04/22 10:25:30 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/04/22 10:24:58 | 000,100,095 | ---- | M] (SafeBoot International) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/04/10 09:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/29 10:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/02/27 06:21:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2007/02/14 10:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 10:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/30 05:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/22 05:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/10/17 05:59:06 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/10/17 05:57:58 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2006/10/09 07:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2006/09/19 12:58:58 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2001/08/17 22:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.loca
 
IE - HKU\Dorothee_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Dorothee_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Dorothee_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Heinz_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Heinz_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Heinz_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "AT"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.de,Bing,eBay"
FF - prefs.js..browser.search.region: "AT"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2015/08/07 12:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2015/08/07 12:43:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010/12/29 05:49:46 | 000,000,000 | ---D | M]
 
[2010/12/28 15:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions
[2010/12/28 15:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/03 08:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\xffq8n5l.default\extensions
[2011/12/03 08:40:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\xffq8n5l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2015/08/07 12:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2015/08/07 12:43:41 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- 
[2010/11/30 13:01:40 | 000,288,568 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\ieatgpc.dll
[2010/11/30 13:01:16 | 000,171,320 | ---- | M] (Cisco WebEx LLC) -- C:\Programme\mozilla firefox\plugins\npatgpc.dll
[2011/11/10 00:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2016/03/11 17:26:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKU\Dorothee_ON_D\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Dorothee_ON_D\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\Heinz_ON_D\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira System Speedup] C:\Programme\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [CognizanceTS] C:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Speedup_umh] C:\Programme\Avira\AviraSpeedup\Speedup_umh.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\Heinz_ON_D..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00  [binary data]
O7 - HKU\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Dorothee_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Heinz_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - Reg Error: Key error. File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - Reg Error: Key error. File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - Reg Error: Key error. File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OneCard: DllName - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - CLSID or File not found.
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - Reg Error: Key error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c9de0e10-d079-11e1-97dd-efbf148c2a67}\Shell - "" = AutoRun
O33 - MountPoints2\{c9de0e10-d079-11e1-97dd-efbf148c2a67}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9de0e10-d079-11e1-97dd-efbf148c2a67}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/03/11 17:04:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2016/03/11 17:04:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2016/03/11 17:04:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2016/03/11 17:04:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2016/03/11 17:00:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2016/03/11 16:59:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2016/03/11 16:52:23 | 005,658,088 | R--- | C] (Swearware) -- D:\$UserProfiles\Dorothee\Desktop\ComboFix.exe
[2016/03/10 10:16:52 | 000,000,000 | ---D | C] -- D:\Dorothee\_neu
[2016/03/04 18:01:40 | 000,000,000 | ---D | C] -- C:\FRST
[1 D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016/03/14 08:11:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/03/14 08:05:24 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\MATLAB R2011b Startup Accelerator.job
[2016/03/14 08:02:39 | 3212,103,680 | -HS- | M] () -- C:\hiberfil.sys
[2016/03/13 14:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2016/03/11 17:26:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2016/03/11 17:26:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2016/03/11 16:52:23 | 005,658,088 | R--- | M] (Swearware) -- D:\$UserProfiles\Dorothee\Desktop\ComboFix.exe
[2016/03/07 02:55:47 | 000,002,389 | ---- | M] () -- D:\$UserProfiles\Dorothee\Desktop\Microsoft Office Word 2007.lnk
[2016/02/18 07:49:06 | 000,135,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[1 D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016/03/13 12:25:23 | 3212,103,680 | -HS- | C] () -- C:\hiberfil.sys
[2016/03/11 17:04:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2016/03/11 17:04:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2016/03/11 17:04:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2016/03/11 17:04:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2016/03/11 17:04:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2015/05/25 04:57:51 | 000,000,860 | ---- | C] () -- D:\$UserProfiles\Dorothee\.recently-used.xbel
[2015/05/22 19:50:09 | 000,000,057 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ament.ini
[2014/11/07 07:06:10 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2014/08/27 04:20:21 | 000,233,472 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\s-1-5-19.rrr
[2014/08/26 17:58:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/18 06:23:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/02/01 15:54:01 | 000,000,600 | ---- | C] () -- D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2011/12/31 09:02:58 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/09/06 11:14:24 | 000,000,104 | ---- | C] () -- C:\WINDOWS\medigraf.INI
[2011/03/15 04:30:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/10 02:14:20 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAZCA_L.DLL
[2010/07/26 16:03:08 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/03/23 08:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2010/01/02 10:17:22 | 000,000,655 | ---- | C] () -- D:\$UserProfiles\Dorothee\quosasdddm.properties
[2009/12/25 18:31:12 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2009/12/25 18:31:12 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DAT
[2009/12/25 16:56:52 | 000,000,613 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/12/25 09:33:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/10/15 09:36:52 | 000,006,656 | ---- | C] () -- D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/22 10:53:36 | 000,000,019 | ---- | C] () -- C:\WINDOWS\retrieve.ini
[2009/07/25 05:59:45 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL
[2009/05/07 12:23:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/18 11:22:38 | 000,000,600 | ---- | C] () -- D:\$UserProfiles\Dorothee\PUTTY.RND
[2009/04/14 17:29:14 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLec.DAT
[2009/04/14 17:18:41 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Enhance Timing
[2009/04/14 17:18:41 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Echo
[2009/04/14 17:18:41 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLds.DAT
[2009/04/14 17:18:41 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Examples
[2009/04/14 15:57:05 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009/04/14 15:57:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2009/04/14 15:30:07 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/01/01 05:37:21 | 000,000,146 | ---- | C] () -- D:\$UserProfiles\Dorothee\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/01/01 05:37:11 | 000,000,146 | ---- | C] () -- D:\$UserProfiles\Heinz\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/12/31 09:07:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/02 17:54:07 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2008/11/02 17:12:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/02 17:12:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/02 17:12:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/02 17:12:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/02 17:12:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/02 17:12:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/11/02 17:08:48 | 000,000,146 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/07/24 15:24:29 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/07/24 15:24:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2007/07/24 15:09:55 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/05/16 07:48:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/05/16 07:14:58 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/02/06 10:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 09:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/19 10:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/18 17:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/18 17:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/07 02:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 02:08:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 02:04:28 | 000,519,834 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/07 02:04:28 | 000,495,612 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 02:04:28 | 000,100,180 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/07 02:04:28 | 000,083,864 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 02:02:10 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 01:57:28 | 001,645,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 01:52:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 01:49:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 04:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 04:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/06 11:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1998/05/06 22:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2011/12/30 06:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Acronis
[2008/12/30 18:00:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Design Science
[2012/03/18 05:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EndNote
[2012/03/18 05:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Epson
[2012/07/22 09:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EurekaLog
[2009/04/15 05:29:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nikon
[2011/12/31 10:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Registry Mechanic
[2007/07/25 03:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2010/12/28 15:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2013/09/12 17:41:52 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Acronis
[2013/07/05 16:23:33 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Audacity
[2014/11/07 07:06:10 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Cliqz
[2010/05/12 02:21:09 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Design Science
[2013/12/15 10:40:00 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Dropbox
[2012/01/30 15:02:24 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\EndNote
[2012/03/29 17:46:22 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Epson
[2012/11/14 17:05:28 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\EurekaLog
[2015/05/25 04:57:52 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\gtk-2.0
[2010/09/29 16:18:44 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Idegf
[2012/11/19 18:49:09 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\InterVideo
[2010/09/22 07:04:10 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Nikon
[2009/01/01 05:37:21 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\SampleView
[2010/09/29 16:18:44 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Sanaze
[2010/12/29 10:31:56 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Thunderbird
[2012/02/22 07:59:08 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\Tracker Software
[2011/07/13 12:51:46 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Dorothee\Anwendungsdaten\webex
[2014/08/27 05:20:02 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Heinz\Anwendungsdaten\Acronis
[2009/01/01 05:37:11 | 000,000,000 | ---D | M] -- D:\$UserProfiles\Heinz\Anwendungsdaten\SampleView
[2014/10/11 09:23:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/12/30 07:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2013/07/31 02:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\APN
[2014/05/18 06:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
[2009/04/14 17:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp
[2012/03/18 05:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2009/04/15 13:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2009/12/25 09:36:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Molecular Devices
[2012/07/22 07:53:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2009/04/14 17:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon
[2012/01/30 11:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers
[2012/03/18 05:35:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2009/04/14 17:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15
[2012/11/11 12:35:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{092C512F-9ECA-47B0-BF89-F0FF91DB1676}
[2008/11/02 16:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2009/04/15 13:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2016/03/14 08:05:24 | 000,000,536 | ---- | M] () -- C:\WINDOWS\Tasks\MATLAB R2011b Startup Accelerator.job
[2016/03/13 14:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/27 15:16:27 | 106,527,028 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\毛哜6
[2013/11/23 09:15:27 | 106,527,028 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\毛哜6
[2013/10/08 06:26:50 | 099,859,239 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\痣Ƛ哜6
[2013/09/19 10:44:01 | 099,859,239 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\痣Ƛ哜6
< End of report >
         
C:\Extras.Txt
wurde nicht erstellt

Alt 16.03.2016, 00:22   #17
Deathkid535
/// Malwareteam
 
Windows XP: Avira Scanner starten nicht; Avira regiert nicht - Standard

Windows XP: Avira Scanner starten nicht; Avira regiert nicht



Hi,

bin derzeit ziemlich im Schulstress (Diplomprojekt, Diplomarbeit, Matura und so).

Ich kann dir hier nicht garantieren, dass ich immer schnell Antworten kann und dass wir den PC wieder zum Laufen kriegen. Am einfachsten wäre hier neu aufsetzen. Falls du trotzdem eine Reparatur probieren willst sag mir bitte bescheid.
__________________

__________________

Alt 17.03.2016, 13:43   #18
qwertz3
 
Windows XP: Avira Scanner starten nicht; Avira regiert nicht - Standard

Windows XP: Avira Scanner starten nicht; Avira regiert nicht



Hallo,

danke für die Info! Dann werde ich mich wohl Richtung Heimat (und dort vorhandenen Backups + Computerexperte) machen und neu aufsetzen.

Könntest du mir vorher noch folgende 2 Fragen beantworten:
- Wo finde ich, was CF gelöscht/verändert hat? Kann ich davon ausgehen, dass CF nur gelöscht hat, was im CF Log unter den Überschriften "Weitere Löschungen" sowie "Entfernte verwaiste Registrierungseinträge" steht?
- Hast du einen Anhaltspunkt gefunden, dass der Rechner befallen war?

Das wär super!
Danke und viel Erfolg bei den Uni- & Schulprojekten!
__________________

Alt 17.03.2016, 14:23   #19
Deathkid535
/// Malwareteam
 
Windows XP: Avira Scanner starten nicht; Avira regiert nicht - Standard

Windows XP: Avira Scanner starten nicht; Avira regiert nicht



Hi,

CF löscht auch leider ein paar Sachen ohne diese zu protokollieren. Da ist es schwer nachzuvollziehen was da schief gelaufen ist.

Ein paar Indikatoren hätt ich schon gesehen, aber müsste man näher analysieren.

Antwort

Themen zu Windows XP: Avira Scanner starten nicht; Avira regiert nicht
antivir, avira, avira aktivieren, avira blockiert, bonjour, browser, computer, device driver, dllhost.exe, dnsapi.dll, email, excel, festplatte, flash player, format, homepage, keine rückmeldung, launch, mozilla, prozesse, registry, rundll, scan, security, software, starten, starten nicht, svchost.exe, virus, windows, windows xp, wlan



Ähnliche Themen: Windows XP: Avira Scanner starten nicht; Avira regiert nicht


  1. Avira Fund und läßt sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 09.09.2015 (26)
  2. Windows7 taskmgr lässt sich nicht starten, Avira Echtzeitscanner lässt sich nicht aktivieren, USB wird nicht angenommen, ohne Meldung,
    Log-Analyse und Auswertung - 01.06.2015 (15)
  3. Avira lässt sich nicht starten - Tasten (Laptop) spinnen
    Log-Analyse und Auswertung - 01.12.2014 (13)
  4. Mehrere Probleme, Thunderbird-Couldn't load XPCOM, Windows Updates Fehler Code 80070490, Avira läßt sich nicht mehr starten
    Log-Analyse und Auswertung - 30.11.2014 (23)
  5. Avira Desktop lässt sich nicht aktivieren & Windows Updates geht nicht mehr: Schlüssel im angegebenen Status nicht gültig!
    Antiviren-, Firewall- und andere Schutzprogramme - 08.11.2014 (16)
  6. Windows 7: Avira lässt sich nicht starten und bluescreen bei GMER
    Plagegeister aller Art und deren Bekämpfung - 28.09.2014 (15)
  7. XP: Avira Echtzeitschutz lässt sich nicht starten, Treiberinstallation schlägt fehl
    Plagegeister aller Art und deren Bekämpfung - 27.09.2014 (3)
  8. Windows 7/Avira Firewall nicht aktivierbar, Programme funktionieren nicht. Trojanerbefall?
    Log-Analyse und Auswertung - 23.09.2014 (14)
  9. Verdacht auf Virus, Internet connecten dauert lange, Viele Dienste starten nicht. Avira sowie Malwarebytes meckern nicht.
    Plagegeister aller Art und deren Bekämpfung - 23.08.2014 (1)
  10. Avira Antivir, Windows Defender und Windows Update nicht aktivierbar bzw. nicht durchführbar.
    Antiviren-, Firewall- und andere Schutzprogramme - 14.08.2014 (1)
  11. Avira lässt sich nicht starten - Gruppenrichtlinie
    Log-Analyse und Auswertung - 14.06.2014 (5)
  12. Avira Antivir und MBAM werden durch Gruppenrichtlinien blockiert und lassen sich dadurch nicht starten
    Log-Analyse und Auswertung - 04.06.2014 (10)
  13. Windows regiert nicht mehr - Jede 2 Minuten :(
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (5)
  14. B4F3A835-0E21-4959-BA22-42B3008E02FF und Avira lässt sich nicht mehr starten
    Log-Analyse und Auswertung - 17.09.2012 (3)
  15. Avira lässt mein pc nicht starten und zwingt mich es zu kaufen
    Antiviren-, Firewall- und andere Schutzprogramme - 24.03.2012 (2)
  16. paymentsCLIENT_a.exe im Hintergrund, Avira-Live Guard lässt sich nicht mehr starten
    Log-Analyse und Auswertung - 24.03.2011 (3)
  17. Avira Antivir Guard lässt sich nicht mehr starten
    Log-Analyse und Auswertung - 06.02.2011 (3)

Zum Thema Windows XP: Avira Scanner starten nicht; Avira regiert nicht - Einstellungen: Standard Registry = Use Safe List, Extra Registry = Use Safe List C:\OTL.Txt Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 3/14/2016 4:37:00 PM - Run OTLPE by - Windows XP: Avira Scanner starten nicht; Avira regiert nicht...
Archiv
Du betrachtest: Windows XP: Avira Scanner starten nicht; Avira regiert nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.