Trojaner-Board - BKA Trojaner - nichts geht mehr...

OTL Logfile:
Code:
OTL logfile created on: 05.09.2011 19:14:00 - Run 1

OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Silke\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1013,45 Mb Total Physical Memory | 367,22 Mb Available Physical Memory | 36,23% Memory free

2,23 Gb Paging File | 1,36 Gb Available in Paging File | 61,05% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 94,50 Gb Total Space | 34,88 Gb Free Space | 36,91% Space Free | Partition Type: NTFS

Drive D: | 17,28 Gb Total Space | 10,50 Gb Free Space | 60,76% Space Free | Partition Type: FAT32

 

Computer Name: ULRIKE-PC | User Name: Silke | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.05 19:03:12 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Silke\Desktop\OTL.exe

PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.04.21 07:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009.07.26 19:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2007.11.10 15:38:51 | 000,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe

PRC - [2006.12.26 12:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe

PRC - [2006.12.23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2006.12.23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2006.12.14 17:53:28 | 000,192,512 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe

PRC - [2006.11.23 16:10:42 | 000,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe

PRC - [2006.11.20 08:13:00 | 004,018,176 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2006.11.17 21:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe

PRC - [2006.11.09 15:37:52 | 000,086,016 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe

PRC - [2006.10.09 14:43:44 | 000,729,088 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe

PRC - [2006.07.31 02:02:00 | 001,544,192 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe

PRC - [2006.07.31 02:02:00 | 000,370,756 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe

PRC - [2005.07.25 14:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe

PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe

PRC - [2000.05.19 11:25:12 | 000,180,224 | ---- | M] (NewSoft) -- C:\Programme\EPSON\EPSON SMART PANEL for Scanner\ESPmain.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.08.07 18:48:31 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll

MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2006.12.13 18:19:34 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

MOD - [2006.12.13 18:16:20 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll

MOD - [2006.11.09 15:37:52 | 000,086,016 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe

MOD - [2006.10.09 14:43:50 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56ita.dll

MOD - [2006.10.09 14:43:50 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56esp.dll

MOD - [2006.10.09 14:43:50 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56brz.dll

MOD - [2006.10.09 14:43:50 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56kor.dll

MOD - [2006.10.09 14:43:48 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56ger.dll

MOD - [2006.10.09 14:43:48 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56fra.dll

MOD - [2006.10.09 14:43:48 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56dnk.dll

MOD - [2006.10.09 14:43:48 | 000,057,344 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56jpn.dll

MOD - [2006.10.09 14:43:48 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56cht.dll

MOD - [2006.10.09 14:43:48 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56chs.dll

MOD - [2005.07.25 14:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe

MOD - [1999.07.28 20:02:28 | 000,202,752 | ---- | M] () -- C:\Programme\EPSON\EPSON SMART PANEL for Scanner\IsmDll.dll

MOD - [1999.07.26 12:21:36 | 000,103,936 | ---- | M] () -- C:\Programme\EPSON\EPSON SMART PANEL for Scanner\FIOALL32.DLL

MOD - [1999.07.26 12:21:36 | 000,062,464 | ---- | M] () -- C:\Programme\EPSON\EPSON SMART PANEL for Scanner\Fiobmp32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.07.26 16:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)

SRV - [2010.07.08 16:55:20 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2008.05.17 14:56:26 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006.11.17 21:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

SRV - [2006.07.31 02:02:00 | 000,370,756 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)

SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2007.01.08 20:34:04 | 000,449,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)

DRV - [2006.12.20 10:32:40 | 000,067,072 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)

DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)

DRV - [2006.11.15 11:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006.11.15 06:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006.11.15 04:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006.10.12 07:57:34 | 001,053,824 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)

DRV - [2006.10.09 14:47:58 | 000,981,504 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2006.07.31 02:02:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)

DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home/?ai=13054

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.22 22:22:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.22 22:22:20 | 000,000,000 | ---D | M]

 

[2010.07.09 00:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silke\AppData\Roaming\mozilla\Extensions

[2011.09.05 18:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silke\AppData\Roaming\mozilla\Firefox\Profiles\mj4fcn60.default\extensions

[2010.08.06 14:35:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Silke\AppData\Roaming\mozilla\Firefox\Profiles\mj4fcn60.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.06.15 20:09:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Silke\AppData\Roaming\mozilla\Firefox\Profiles\mj4fcn60.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010.08.23 09:33:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Silke\AppData\Roaming\mozilla\Firefox\Profiles\mj4fcn60.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010.06.15 00:31:50 | 000,000,943 | ---- | M] () -- C:\Users\Silke\AppData\Roaming\Mozilla\Firefox\Profiles\mj4fcn60.default\searchplugins\conduit.xml

[2011.02.16 17:00:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.08.07 11:57:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.08.07 11:57:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.03.15 22:47:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.03.15 22:47:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.03.15 22:47:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.03.15 22:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.03.15 22:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [CheckPoint Cleanup]  File not found

O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()

O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [SystemTray] C:\Windows\System32\systray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O4 - HKCU..\Run: [Kbmod] C:\Users\Silke\AppData\Roaming\Mslink\crtreal.exe ()

O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Silke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15584DC1-D613-4C40-BDF2-B06141573AF3}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{cca7eef1-7d0c-11dd-9420-0016d3811654}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

O33 - MountPoints2\{cca7eef1-7d0c-11dd-9420-0016d3811654}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.05 19:00:59 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Silke\Desktop\OTL.exe

[2011.09.05 18:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011.09.05 18:49:44 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.09.05 18:49:44 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.09.05 18:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011.09.05 18:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011.09.04 19:38:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Silke\Desktop\esetsmartinstaller_enu.exe

[2011.09.04 19:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles

[2011.09.04 18:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.09.04 14:20:39 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.09.04 14:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.09.04 14:20:33 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.09.04 14:05:18 | 000,000,000 | ---D | C] -- C:\Users\Silke\AppData\Roaming\Malwarebytes

[2011.09.04 14:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.09.04 14:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.09.03 15:15:19 | 000,000,000 | ---D | C] -- C:\Users\Silke\Andrea Janssens

[2011.08.17 22:18:24 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2011.08.13 11:59:56 | 000,000,000 | ---D | C] -- C:\Users\Silke\Desktop\Andrea Janssens

[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.05 19:15:30 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F3777C8F-AD7E-4961-8497-F4897A43006C}.job

[2011.09.05 19:03:12 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Silke\Desktop\OTL.exe

[2011.09.05 18:57:24 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.09.05 18:50:21 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011.09.05 18:45:02 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011.09.05 18:44:50 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.09.05 18:41:53 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.05 18:41:53 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.05 18:41:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.05 18:41:03 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.04 19:38:15 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Silke\Desktop\esetsmartinstaller_enu.exe

[2011.09.04 14:23:48 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.09.04 14:23:47 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.09.04 14:23:47 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.09.04 14:23:47 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.09.04 14:20:40 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.09.04 13:25:57 | 000,050,176 | ---- | M] () -- C:\Users\Silke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.04 13:18:48 | 000,331,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.09.03 15:23:37 | 000,001,356 | ---- | M] () -- C:\Users\Silke\AppData\Local\d3d9caps.dat

[2011.08.10 12:40:23 | 000,002,605 | ---- | M] () -- C:\Users\Silke\Desktop\Microsoft Word.lnk

[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.09.05 18:50:21 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011.09.04 14:20:40 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.09.04 13:18:17 | 1063,444,480 | -HS- | C] () -- C:\hiberfil.sys

[2011.09.03 15:15:20 | 000,376,879 | ---- | C] () -- C:\Users\Silke\7.4.Trainingsbogen_zur_Lernzielanalyse.pdf

[2011.09.03 15:15:19 | 001,610,375 | ---- | C] () -- C:\Users\Silke\Endfassung.pdf

[2011.09.03 15:15:19 | 000,736,527 | ---- | C] () -- C:\Users\Silke\Entwurf-Kommentar 11.09.pdf

[2010.09.06 22:28:03 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010.09.06 22:28:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009.08.18 23:11:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.08.18 23:11:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.06.04 08:58:40 | 000,001,356 | ---- | C] () -- C:\Users\Silke\AppData\Local\d3d9caps.dat

[2009.01.11 23:06:57 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini

[2009.01.11 23:06:55 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll

[2009.01.11 23:06:55 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin

[2009.01.05 21:47:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008.09.17 23:37:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.05.26 10:52:48 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll

[2007.11.15 20:54:33 | 000,000,337 | ---- | C] () -- C:\Windows\cdplayer.ini

[2007.09.27 20:02:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2007.09.27 19:54:35 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html

[2007.07.18 10:49:54 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin

[2007.07.18 10:42:08 | 000,000,093 | ---- | C] () -- C:\Users\Silke\AppData\Local\fusioncache.dat

[2007.03.21 23:22:43 | 000,050,176 | ---- | C] () -- C:\Users\Silke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007.03.21 22:53:30 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI

[2007.03.15 22:16:48 | 000,000,000 | ---- | C] () -- C:\Users\Silke\AppData\Roaming\Default.PLS

[2007.03.07 09:49:25 | 000,000,000 | ---- | C] () -- C:\Users\Silke\AppData\Roaming\wklnhst.dat

[2007.01.13 04:42:16 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys

[2007.01.13 04:00:52 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2007.01.13 02:35:37 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2007.01.13 01:13:48 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe

[2007.01.11 17:34:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll

[2007.01.11 17:34:23 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll

[2007.01.11 17:34:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll

[2007.01.10 14:15:55 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007.01.10 14:15:55 | 000,003,072 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll

[2007.01.10 14:15:37 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,331,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.09.20 08:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini

[1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

 
 ========== LOP Check ==========

 

[2007.11.15 20:08:27 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\AD ON Multimedia

[2011.06.30 13:05:49 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\BOM

[2010.03.01 23:37:57 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\Canneverbe Limited

[2010.08.07 19:02:08 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\CheckPoint

[2008.02.26 22:49:12 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\CoSoSys

[2009.03.26 12:24:53 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\FileMaker

[2010.05.09 23:32:11 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\FinalMediaPlayer

[2009.07.08 08:57:51 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\Foxit

[2009.01.11 22:23:40 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\IrfanView

[2011.02.17 23:03:29 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\Mslink

[2008.04.01 23:21:05 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\TuneUp Software

[2010.08.07 11:05:23 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\Uniblue

[2011.09.05 18:38:38 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.09.05 19:15:30 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F3777C8F-AD7E-4961-8497-F4897A43006C}.job

 
 ========== Purity Check ==========

 

 
 

< End of report >
--- --- ---