... so, die JRT ist durchgelaufen. ier das Logfile: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by USER on 19.05.2013 at 10:16:44,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2319825
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
~~~ Files
Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp"
~~~ Folders
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\USER\Anwendungsdaten\pricegong"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\USER\Anwendungsdaten\quickstorestoolbar"
Successfully deleted: [Folder] "C:\Programme\conduit"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.05.2013 at 10:19:57,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... AdwCleaner ist einmal durchgelaufen. Hier das Logfile vom AdwCleaner: Code:
# AdwCleaner v2.301 - Datei am 19/05/2013 um 10:27:16 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : USER - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\USER\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Dokumente und Einstellungen\USER\Startmenü\QuickStores.url
Ordner Gelöscht : C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Winload
Ordner Gelöscht : C:\Dokumente und Einstellungen\USER\Anwendungsdaten\HELPER
Ordner Gelöscht : C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Conduit
Ordner Gelöscht : C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Winload
Ordner Gelöscht : C:\Programme\Winload
Ordner Gelöscht : C:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Winload
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{67D7FA89-9CFD-4019-8383-9F2861D4D144}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76144E73-39B3-4B7A-AB29-7976632EC42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED9F8F2F-8DF4-4F9F-88B5-F79E635FD659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuickStores-Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winload Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{67D7FA89-9CFD-4019-8383-9F2861D4D144}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : HKLM\Software\Winload
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\USER Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.15.1748.0
Datei : C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [5048 octets] - [19/05/2013 10:27:16]
########## EOF - C:\AdwCleaner[S1].txt - [5108 octets] ########## ...so, nun ist auch die OTL durchgelaufen. :-)
Hier die Extras.txt: Code:
OTL logfile created on: 19.05.2013 10:43:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 38,99% Memory free
2,58 Gb Paging File | 1,47 Gb Available in Paging File | 57,16% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 1,67 Gb Free Space | 4,28% Space Free | Partition Type: FAT32
Drive E: | 426,69 Gb Total Space | 178,58 Gb Free Space | 41,85% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Sage Software Shared\Deploymentservice.exe (Sage Software)
PRC - C:\Programme\KONICA MINOLTA\Status Monitor\KMSM.exe (KONICA MINOLTA)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - E:\SYSTEM (F)\Programme\Eraser\Eraser.exe (The Eraser Project)
PRC - E:\DATEN\Privat\xxx\Tools\trbackup\traybackup.exe ((C) Michael Schiel)
PRC - C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
PRC - C:\Programme\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe (PFU Limited.)
PRC - C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
PRC - C:\Programme\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
PRC - C:\WINDOWS\system32\o2flash.exe ()
PRC - C:\Programme\PFU\ScanSnap\PfuSsSct.exe (PFU LIMITED)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PRINTKEY2000.EXE (Fred's Software)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\88856f5f657eaa34828421b355a5fd76\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\03a2c7d0e26886bf966276d441290257\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\921404b7803bda0cb1cba2ee458e4c9f\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\0268fc0c7a4db1850c1c6ba33d980b29\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\56734db07bf2cb287a5f0cf662cc32ef\System.Core.ni.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Programme\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\596a69ff169802c3d6ba5972eb438bd8\Kies.Theme.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6a37ec43c4eb1688817450e43c9f27e0\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7e9340a60d502630db1e4933ec40e725\Kies.Locale.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\713f01a9f055f22f7c1ee148e5373922\Kies.MVVM.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\81c0ff81b2ad570ee85d6cd7ce751bba\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\779a065e9d217d3a3aeeb354f9fce387\ASF_cSharpAPI.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1818a0dcd8e00ef24981eb52acf3f6bd\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\25732130189e8f468a7d98647edffe8e\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a23c39d504467a0024e5f20c0f962f3f\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\5f79b00e1aaeafcc07907aa61fd3599e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - c:\Programme\Adobe\Acrobat 9.0\Acrobat\ExLang32.DEU ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\EScript.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\updater.DEU ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\Annots.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\sqlite.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\PfuSsPCapPI\PfuSsPCapPI.api ()
MOD - C:\Programme\PFU\ScanSnap\Driver\f5bdkedr.dll ()
MOD - C:\Programme\PFU\ScanSnap\Driver\PfuUpdater0407.dll ()
MOD - C:\WINDOWS\system32\o2flash.exe ()
MOD - C:\Programme\PFU\ScanSnap\CardMinder V3.0\CardPath.dll ()
MOD - C:\Programme\PFU\ScanSnap\Driver\PfuUpdater.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\SSSecurity\SSSecurity.api ()
MOD - C:\Programme\PFU\ScanSnap\Driver\ssIplA6.dll ()
MOD - C:\Programme\PFU\ScanSnap\Driver\ssIpl.dll ()
MOD - C:\WINDOWS\system32\NavLogon.dll ()
MOD - C:\Programme\PFU\ScanSnap\Driver\PfuSsImgIO.dll ()
MOD - C:\Programme\PFU\ScanSnap\Driver\F5BDKAKU.DLL ()
========== Services (SafeList) ==========
SRV - (HitmanPro37CrusaderBoot) -- F:\HitmanPro.exe /crusader:boot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SageDeploymentService) -- C:\Programme\Gemeinsame Dateien\Sage Software Shared\Deploymentservice.exe (Sage Software)
SRV - (osppsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinVNC4) -- C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (O2Flash) -- C:\WINDOWS\system32\o2flash.exe ()
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Norton AntiVirus Server) -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (cmnsusbser) -- system32\DRIVERS\cmnsusbser.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOKUME~1\USER\LOKALE~1\Temp\catchme.sys File not found
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20101018.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20101018.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Programme\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (RsFx0102) -- C:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (BtnHnd) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys (FUJITSU LIMITED)
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2 Micro )
DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (FUJ02E3) -- C:\WINDOWS\system32\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (NAVAPEL) -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys (Symantec Corporation)
DRV - (NAVAP) -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Navap.sys (Symantec Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bmw-werk-leipzig.de/leipzig/deutsch/lowband/com/de/index.html
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2013.02.19 10:35:04 | 000,445,731 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15308 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel Reminder] File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [KM Status] C:\Programme\KONICA MINOLTA\Status Monitor\KMSM.EXE (KONICA MINOLTA)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PfuSsSct.exe] C:\Programme\PFU\ScanSnap\PfuSsSct.exe (PFU LIMITED)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe ()
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe File not found
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [Eraser] E:\SYSTEM (F)\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [KiesAirMessage] C:\Programme\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [muzA1.tmp] C:\WINDOWS\system32\muzA1.tmp File not found
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [TrayBackup] E:\DATEN\Privat\xxx\Tools\trbackup\traybackup.exe ((C) Michael Schiel)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanSnap Manager.lnk = C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk = C:\Programme\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe (PFU LIMITED)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CardMinder Viewer.lnk = C:\Programme\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe (PFU Limited.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PRINTKEY2000.EXE (Fred's Software)
O4 - Startup: C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: fbzibzqxchzrqlbvoknbTaskMgr = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243358402406 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243358478187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{643E8F02-9F96-4F2F-945D-E84FFAF59306}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB2C0958-3975-4EAD-B1EE-9EFEA56EA2C2}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\fa_1024d.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\fa_1024d.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.26 17:48:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.19 10:16:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.05.19 10:16:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.19 10:13:58 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\USER\Desktop\JRT.exe
[2013.05.18 09:06:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\CrashDump
[2013.05.11 08:31:49 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\USER\Desktop\tdsskiller.exe
[2013.05.08 11:29:42 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\USER\Desktop\aswMBR.exe
[2013.05.08 09:31:34 | 000,000,000 | -HSD | C] -- C:\Recycled
[2013.05.08 09:31:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\mbar
[2013.05.08 09:05:56 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.05.07 23:23:52 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2013.05.07 23:03:48 | 005,066,874 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\USER\Desktop\ComboFix.exe
[2013.05.07 22:52:18 | 000,000,000 | -HSD | C] -- C:\FOUND.004
[2013.05.07 17:56:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.05.07 17:54:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.07 17:54:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.07 17:54:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.05.07 17:54:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.07 17:54:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.07 17:54:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.05.07 14:12:30 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2013.05.07 13:29:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe
[2013.05.07 13:15:03 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013.05.07 12:42:42 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2013.05.07 12:23:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2013.05.07 12:16:54 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2013.04.28 09:25:18 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2009.10.09 21:59:17 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Comdlg32.ocx
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.19 10:40:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe
[2013.05.19 10:36:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.19 10:32:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.19 10:29:36 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7ecefeefde4.job
[2013.05.19 10:29:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.19 10:26:10 | 000,632,031 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\adwcleaner.exe
[2013.05.19 10:14:02 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\USER\Desktop\JRT.exe
[2013.05.18 13:55:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.18 11:26:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.05.17 08:27:54 | 000,255,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.16 13:28:14 | 000,594,302 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.16 13:28:14 | 000,569,272 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.16 13:28:14 | 000,131,468 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.16 13:28:14 | 000,114,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.16 12:55:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.05.16 12:38:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.05.16 12:38:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.05.15 13:39:52 | 000,014,124 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\TerminKFZ.pdf
[2013.05.14 22:07:00 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\MBR.dat
[2013.05.14 21:49:40 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\USER\Desktop\aswMBR.exe
[2013.05.12 10:17:14 | 000,000,716 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2013.05.11 08:31:58 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\USER\Desktop\tdsskiller.exe
[2013.05.10 15:15:44 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[2013.05.10 14:46:02 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013.05.08 13:55:18 | 000,007,422 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\fehler.gif
[2013.05.08 09:02:18 | 005,066,874 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\USER\Desktop\ComboFix.exe
[2013.05.07 17:56:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.05.07 14:57:44 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.05.07 13:28:36 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\defogger_reenable
[2013.05.07 13:27:44 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Defogger.exe
[2013.05.07 13:15:04 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013.05.07 13:15:04 | 000,001,062 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013.05.07 13:14:44 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7aotf.pad
[2013.05.07 09:41:24 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlvh.pad
[2013.05.07 09:40:50 | 000,003,036 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7aotf.js
[2013.05.07 06:27:18 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.04.28 09:25:40 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\20101002_210700_USER.job
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.19 10:25:50 | 000,632,031 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\adwcleaner.exe
[2013.05.15 13:39:51 | 000,014,124 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\TerminKFZ.pdf
[2013.05.14 22:06:58 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\MBR.dat
[2013.05.08 13:55:17 | 000,007,422 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\fehler.gif
[2013.05.07 17:56:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.05.07 17:56:31 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.05.07 17:54:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.07 17:54:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.07 17:54:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.07 17:54:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.07 17:54:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.07 14:57:42 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.05.07 13:28:34 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\defogger_reenable
[2013.05.07 13:27:41 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\Defogger.exe
[2013.05.07 13:15:03 | 000,001,062 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013.05.07 09:40:49 | 000,003,036 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7aotf.js
[2013.05.07 09:40:43 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlvh.pad
[2013.05.07 09:40:30 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7aotf.pad
[2013.03.04 23:32:51 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013.03.04 23:32:51 | 000,037,344 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013.02.19 11:19:47 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013.01.30 23:29:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.01.29 14:15:14 | 000,621,664 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1482476501-1303643608-682003330-1004-0.dat
[2013.01.29 14:15:14 | 000,228,810 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.07.30 14:16:20 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012.07.30 14:16:18 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012.07.30 14:16:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012.07.30 14:16:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012.07.30 14:16:18 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012.02.17 06:35:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.03.29 11:52:05 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2009.06.28 20:02:44 | 000,071,680 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.26 22:56:10 | 000,000,087 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\default.pls
[2009.05.26 18:02:16 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== ZeroAccess Check ==========
[2009.05.26 17:50:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.07.18 18:03:14 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009.09.22 21:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.10.05 17:53:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.03.11 13:49:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.10.11 16:18:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.29 13:41:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2013.02.26 14:12:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ancestry.com
[2013.05.07 12:23:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2012.08.31 16:39:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\XSManager
[2009.05.27 07:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\InterVideo
[2009.06.16 20:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Opera
[2009.06.30 20:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Kingston
[2009.07.04 14:01:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\FileZilla
[2009.08.25 20:28:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\PFU
[2009.08.25 20:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Fujitsu
[2009.10.05 17:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Ulead Systems
[2009.10.09 21:54:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\WinRail 7.0 Demo
[2009.10.16 19:14:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\phonostar GmbH
[2011.04.07 20:46:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\tidysongs16
[2011.04.15 10:05:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Fotobuchexpress24
[2011.12.29 14:15:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\s+p Software und Consulting AG
[2011.12.30 20:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Sage HR Solutions AG
[2012.01.22 21:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\GetRightToGo
[2012.02.19 18:19:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\iSpy
[2012.09.26 17:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Dropbox
[2013.01.29 13:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Samsung
[2013.02.26 14:25:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\KeyingTool
========== Purity Check ==========
< End of report > Und nun die OTL.txt: Code:
OTL logfile created on: 19.05.2013 10:43:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 38,99% Memory free
2,58 Gb Paging File | 1,47 Gb Available in Paging File | 57,16% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 1,67 Gb Free Space | 4,28% Space Free | Partition Type: FAT32
Drive E: | 426,69 Gb Total Space | 178,58 Gb Free Space | 41,85% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Sage Software Shared\Deploymentservice.exe (Sage Software)
PRC - C:\Programme\KONICA MINOLTA\Status Monitor\KMSM.exe (KONICA MINOLTA)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - E:\SYSTEM (F)\Programme\Eraser\Eraser.exe (The Eraser Project)
PRC - E:\DATEN\Privat\xxx\Tools\trbackup\traybackup.exe ((C) Michael Schiel)
PRC - C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
PRC - C:\Programme\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe (PFU Limited.)
PRC - C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
PRC - C:\Programme\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
PRC - C:\WINDOWS\system32\o2flash.exe ()
PRC - C:\Programme\PFU\ScanSnap\PfuSsSct.exe (PFU LIMITED)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PRINTKEY2000.EXE (Fred's Software)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\88856f5f657eaa34828421b355a5fd76\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\03a2c7d0e26886bf966276d441290257\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\921404b7803bda0cb1cba2ee458e4c9f\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\0268fc0c7a4db1850c1c6ba33d980b29\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\56734db07bf2cb287a5f0cf662cc32ef\System.Core.ni.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Programme\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\596a69ff169802c3d6ba5972eb438bd8\Kies.Theme.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6a37ec43c4eb1688817450e43c9f27e0\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7e9340a60d502630db1e4933ec40e725\Kies.Locale.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\713f01a9f055f22f7c1ee148e5373922\Kies.MVVM.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\81c0ff81b2ad570ee85d6cd7ce751bba\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\779a065e9d217d3a3aeeb354f9fce387\ASF_cSharpAPI.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1818a0dcd8e00ef24981eb52acf3f6bd\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\25732130189e8f468a7d98647edffe8e\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a23c39d504467a0024e5f20c0f962f3f\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\5f79b00e1aaeafcc07907aa61fd3599e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - c:\Programme\Adobe\Acrobat 9.0\Acrobat\ExLang32.DEU ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\EScript.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\updater.DEU ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\Annots.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\sqlite.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\PfuSsPCapPI\PfuSsPCapPI.api ()
MOD - C:\Programme\PFU\ScanSnap\Driver\f5bdkedr.dll ()
MOD - C:\Programme\PFU\ScanSnap\Driver\PfuUpdater0407.dll ()
MOD - C:\WINDOWS\system32\o2flash.exe ()
MOD - C:\Programme\PFU\ScanSnap\CardMinder V3.0\CardPath.dll ()
MOD - C:\Programme\PFU\ScanSnap\Driver\PfuUpdater.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\SSSecurity\SSSecurity.api ()
MOD - C:\Programme\PFU\ScanSnap\Driver\ssIplA6.dll ()
MOD - C:\Programme\PFU\ScanSnap\Driver\ssIpl.dll ()
MOD - C:\WINDOWS\system32\NavLogon.dll ()
MOD - C:\Programme\PFU\ScanSnap\Driver\PfuSsImgIO.dll ()
MOD - C:\Programme\PFU\ScanSnap\Driver\F5BDKAKU.DLL ()
========== Services (SafeList) ==========
SRV - (HitmanPro37CrusaderBoot) -- F:\HitmanPro.exe /crusader:boot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SageDeploymentService) -- C:\Programme\Gemeinsame Dateien\Sage Software Shared\Deploymentservice.exe (Sage Software)
SRV - (osppsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinVNC4) -- C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (O2Flash) -- C:\WINDOWS\system32\o2flash.exe ()
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Norton AntiVirus Server) -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (cmnsusbser) -- system32\DRIVERS\cmnsusbser.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOKUME~1\USER\LOKALE~1\Temp\catchme.sys File not found
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20101018.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20101018.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Programme\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (RsFx0102) -- C:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (BtnHnd) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys (FUJITSU LIMITED)
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2 Micro )
DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (FUJ02E3) -- C:\WINDOWS\system32\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (NAVAPEL) -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys (Symantec Corporation)
DRV - (NAVAP) -- C:\Programme\Symantec_Client_Security\Symantec AntiVirus\Navap.sys (Symantec Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bmw-werk-leipzig.de/leipzig/deutsch/lowband/com/de/index.html
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2013.02.19 10:35:04 | 000,445,731 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15308 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel Reminder] File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [KM Status] C:\Programme\KONICA MINOLTA\Status Monitor\KMSM.EXE (KONICA MINOLTA)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PfuSsSct.exe] C:\Programme\PFU\ScanSnap\PfuSsSct.exe (PFU LIMITED)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe ()
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe File not found
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [Eraser] E:\SYSTEM (F)\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [KiesAirMessage] C:\Programme\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [muzA1.tmp] C:\WINDOWS\system32\muzA1.tmp File not found
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004..\Run: [TrayBackup] E:\DATEN\Privat\xxx\Tools\trbackup\traybackup.exe ((C) Michael Schiel)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanSnap Manager.lnk = C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk = C:\Programme\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe (PFU LIMITED)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CardMinder Viewer.lnk = C:\Programme\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe (PFU Limited.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PRINTKEY2000.EXE (Fred's Software)
O4 - Startup: C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: fbzibzqxchzrqlbvoknbTaskMgr = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243358402406 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243358478187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{643E8F02-9F96-4F2F-945D-E84FFAF59306}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB2C0958-3975-4EAD-B1EE-9EFEA56EA2C2}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\fa_1024d.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\fa_1024d.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.26 17:48:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.19 10:16:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.05.19 10:16:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.19 10:13:58 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\USER\Desktop\JRT.exe
[2013.05.18 09:06:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\CrashDump
[2013.05.11 08:31:49 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\USER\Desktop\tdsskiller.exe
[2013.05.08 11:29:42 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\USER\Desktop\aswMBR.exe
[2013.05.08 09:31:34 | 000,000,000 | -HSD | C] -- C:\Recycled
[2013.05.08 09:31:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\mbar
[2013.05.08 09:05:56 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.05.07 23:23:52 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2013.05.07 23:03:48 | 005,066,874 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\USER\Desktop\ComboFix.exe
[2013.05.07 22:52:18 | 000,000,000 | -HSD | C] -- C:\FOUND.004
[2013.05.07 17:56:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.05.07 17:54:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.07 17:54:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.07 17:54:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.05.07 17:54:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.07 17:54:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.07 17:54:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.05.07 14:12:30 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2013.05.07 13:29:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe
[2013.05.07 13:15:03 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013.05.07 12:42:42 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2013.05.07 12:23:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2013.05.07 12:16:54 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2013.04.28 09:25:18 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2009.10.09 21:59:17 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Comdlg32.ocx
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.19 10:40:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe
[2013.05.19 10:36:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.19 10:32:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.19 10:29:36 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7ecefeefde4.job
[2013.05.19 10:29:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.19 10:26:10 | 000,632,031 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\adwcleaner.exe
[2013.05.19 10:14:02 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\USER\Desktop\JRT.exe
[2013.05.18 13:55:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.18 11:26:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.05.17 08:27:54 | 000,255,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.16 13:28:14 | 000,594,302 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.16 13:28:14 | 000,569,272 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.16 13:28:14 | 000,131,468 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.16 13:28:14 | 000,114,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.16 12:55:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.05.16 12:38:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.05.16 12:38:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.05.15 13:39:52 | 000,014,124 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\TerminKFZ.pdf
[2013.05.14 22:07:00 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\MBR.dat
[2013.05.14 21:49:40 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\USER\Desktop\aswMBR.exe
[2013.05.12 10:17:14 | 000,000,716 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2013.05.11 08:31:58 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\USER\Desktop\tdsskiller.exe
[2013.05.10 15:15:44 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[2013.05.10 14:46:02 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013.05.08 13:55:18 | 000,007,422 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\fehler.gif
[2013.05.08 09:02:18 | 005,066,874 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\USER\Desktop\ComboFix.exe
[2013.05.07 17:56:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.05.07 14:57:44 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.05.07 13:28:36 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\defogger_reenable
[2013.05.07 13:27:44 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\Defogger.exe
[2013.05.07 13:15:04 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013.05.07 13:15:04 | 000,001,062 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013.05.07 13:14:44 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7aotf.pad
[2013.05.07 09:41:24 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlvh.pad
[2013.05.07 09:40:50 | 000,003,036 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7aotf.js
[2013.05.07 06:27:18 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.04.28 09:25:40 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\20101002_210700_USER.job
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.19 10:25:50 | 000,632,031 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\adwcleaner.exe
[2013.05.15 13:39:51 | 000,014,124 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\TerminKFZ.pdf
[2013.05.14 22:06:58 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\MBR.dat
[2013.05.08 13:55:17 | 000,007,422 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\fehler.gif
[2013.05.07 17:56:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.05.07 17:56:31 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.05.07 17:54:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.07 17:54:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.07 17:54:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.07 17:54:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.07 17:54:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.07 14:57:42 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.05.07 13:28:34 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\defogger_reenable
[2013.05.07 13:27:41 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\Defogger.exe
[2013.05.07 13:15:03 | 000,001,062 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013.05.07 09:40:49 | 000,003,036 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7aotf.js
[2013.05.07 09:40:43 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlvh.pad
[2013.05.07 09:40:30 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7aotf.pad
[2013.03.04 23:32:51 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013.03.04 23:32:51 | 000,037,344 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013.02.19 11:19:47 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013.01.30 23:29:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.01.29 14:15:14 | 000,621,664 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1482476501-1303643608-682003330-1004-0.dat
[2013.01.29 14:15:14 | 000,228,810 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.07.30 14:16:20 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012.07.30 14:16:18 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012.07.30 14:16:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012.07.30 14:16:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012.07.30 14:16:18 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012.02.17 06:35:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.03.29 11:52:05 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2009.06.28 20:02:44 | 000,071,680 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.26 22:56:10 | 000,000,087 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\default.pls
[2009.05.26 18:02:16 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== ZeroAccess Check ==========
[2009.05.26 17:50:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.07.18 18:03:14 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009.09.22 21:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.10.05 17:53:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.03.11 13:49:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.10.11 16:18:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.29 13:41:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2013.02.26 14:12:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ancestry.com
[2013.05.07 12:23:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2012.08.31 16:39:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\XSManager
[2009.05.27 07:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\InterVideo
[2009.06.16 20:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Opera
[2009.06.30 20:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Kingston
[2009.07.04 14:01:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\FileZilla
[2009.08.25 20:28:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\PFU
[2009.08.25 20:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Fujitsu
[2009.10.05 17:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Ulead Systems
[2009.10.09 21:54:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\WinRail 7.0 Demo
[2009.10.16 19:14:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\phonostar GmbH
[2011.04.07 20:46:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\tidysongs16
[2011.04.15 10:05:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Fotobuchexpress24
[2011.12.29 14:15:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\s+p Software und Consulting AG
[2011.12.30 20:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Sage HR Solutions AG
[2012.01.22 21:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\GetRightToGo
[2012.02.19 18:19:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\iSpy
[2012.09.26 17:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Dropbox
[2013.01.29 13:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Samsung
[2013.02.26 14:25:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\KeyingTool
========== Purity Check ==========
< End of report > Schöne Pfingsten! |