Trojaner-Board - System Fix Virus auf Win7 64 Bit

Danke für den Tip, hat so weit mal funktioniert.

Hier die Ergebnisse:

Extras:OTL Logfile:

Code:

OTL Extras logfile created on: 16.11.2011 21:58:06 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = G:\

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

5,98 Gb Total Physical Memory | 5,03 Gb Available Physical Memory | 84,13% Memory free

11,96 Gb Paging File | 11,02 Gb Available in Paging File | 92,16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931,41 Gb Total Space | 834,54 Gb Free Space | 89,60% Space Free | Partition Type: NTFS

Drive F: | 1397,26 Gb Total Space | 1104,73 Gb Free Space | 79,06% Space Free | Partition Type: NTFS

Drive G: | 1,87 Gb Total Space | 1,87 Gb Free Space | 99,97% Space Free | Partition Type: FAT

 

Computer Name: JOERG | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack

"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{62E685A3-1E4F-4A12-B77C-9949DE9E7DFB}" = FRITZ!Fernzugang

"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support

"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack

"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"EPSON SX620FW Series" = EPSON SX620FW Series Printer Uninstall

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1

"Microsoft Security Client" = Microsoft Security Essentials

"Pen Tablet Driver" = Bamboo

"WinRAR archiver" = WinRAR 4.01 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26

"{292A9286-58C7-11D4-9882-005004EDBBBD}" = HiPath 3000 Manager C  68.50.555.0

"{2A8AEFF7-E7DA-4440-979A-2AB137BE185C}_is1" = F-Editor

"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer

"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4736607E-57BF-11D4-9881-005004EDBBBD}" = HiPath 3000 Manager E  68.50.850.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer

"{4E8FFAB1-88FA-4A8C-B611-08C2C9DD69F3}_is1" = NinjaLite 3.9.6

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE

"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari

"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{65421D16-36C3-4081-95D9-AF4475676015}" = MUSIPHONE Jukebox 2.0.20 (Deutsch)

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F7E9471-BDEB-4BA2-9DD1-749CDAB4DA70}" = Artcut Software

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = MODEM Mobiler Anschluss

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A79408B0-345D-42E8-8EB6-00597320B9E0}" = FRITZ!Box-Fernzugang einrichten

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch

"{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}" = Nero Multimedia Suite 10 Essentials

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility

"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}" = Google Earth

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Corporate Edition

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10

"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3

"artcut german version" = artcut german version

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)

"BabylonToolbar" = Babylon toolbar on IE

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Colorizer3" = Colorizer3 1.0

"com.adobe.dmp.contentviewer" = Adobe Content Viewer

"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser

"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver

"EPSON Scanner" = EPSON Scan

"EPSON SX620FW Series Manual" = EPSON SX620FW Series Handbuch

"EPSON SX620FW Series Network Guide" = EPSON SX620FW Series Netzwerk-Handbuch

"FileZilla Client" = FileZilla Client 3.5.1

"Google Chrome" = Google Chrome

"GSiteCrawler" = GSiteCrawler

"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer

"Memory Manager_is1" = Memory Manager 2.07

"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)

"Nmap" = Nmap 5.51

"Notepad++" = Notepad++

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.SingleImage" = Microsoft Office Home and Business 2010

"Protect Disc License Helper" = Protect Disc License Helper 1.0.118

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"SchnapperPro" = SchnapperPro 2.0.72

"TAPPS DE_is1" = TAPPS 1.25 DE

"TeamViewer 6" = TeamViewer 6

"Visitenkarten-Druckerei 12_is1" = DATA BECKER Visitenkarten-Druckerei 12

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.2

"Winsol_is1" = Winsol 1.22

"Wireshark" = Wireshark 1.6.3

"xHamster Video Downloader_is1" = xHamster Video Downloader 3.23

"XMedia Recode" = XMedia Recode 3.0.2.5

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"FoxTab Music Converter" = FoxTab Music Converter

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 10.11.2011 19:30:11 | Computer Name = JOERG.immorat.local | Source = SideBySide | ID = 16842827

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files

 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-

 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"

 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

 

Error - 10.11.2011 19:31:17 | Computer Name = JOERG.immorat.local | Source = SideBySide | ID = 16842824

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft

 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element

 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements

 angezeigt, das von dieser Windows-Version nicht unterstützt wird.

 

Error - 10.11.2011 19:32:11 | Computer Name = JOERG.immorat.local | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\modem mobiler anschluss\DELZIP179.DLL". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\modem mobiler anschluss\DELZIP179.DLL" in Zeile 8.  Der Wert

 "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

 

Error - 11.11.2011 13:39:12 | Computer Name = JOERG.immorat.local | Source = Bonjour Service | ID = 100

Description = 492: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 11.11.2011 13:39:12 | Computer Name = JOERG.immorat.local | Source = Bonjour Service | ID = 100

Description = 232: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 11.11.2011 13:39:12 | Computer Name = JOERG.immorat.local | Source = Bonjour Service | ID = 100

Description = 460: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde

 vom Remotehost geschlossen.)

 

Error - 11.11.2011 18:41:04 | Computer Name = JOERG.immorat.local | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Ass_150e.exe, Version: 68.50.850.0,

 Zeitstempel: 0x4e1c1ad6  Name des fehlerhaften Moduls: TCOMM32.DLL_unloaded, Version:

 0.0.0.0, Zeitstempel: 0x4e1c1ae5  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6455b844

ID

 des fehlerhaften Prozesses: 0x14dc  Startzeit der fehlerhaften Anwendung: 0x01cca0a6dc2ff910

Pfad

 der fehlerhaften Anwendung: C:\Program Files (x86)\Siemens\HiPath 3000 Manager 

E\Ass_150e.exe  Pfad des fehlerhaften Moduls: TCOMM32.DLL  Berichtskennung: 3ca94139-0cb6-11e1-a071-f46d04214138

 

Error - 11.11.2011 23:28:36 | Computer Name = JOERG.immorat.local | Source = SideBySide | ID = 16842827

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files

 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-

 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"

 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

 

Error - 11.11.2011 23:30:00 | Computer Name = JOERG.immorat.local | Source = SideBySide | ID = 16842824

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft

 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element

 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements

 angezeigt, das von dieser Windows-Version nicht unterstützt wird.

 

Error - 11.11.2011 23:31:22 | Computer Name = JOERG.immorat.local | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\modem mobiler anschluss\DELZIP179.DLL". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\modem mobiler anschluss\DELZIP179.DLL" in Zeile 8.  Der Wert

 "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

 

[ Media Center Events ]

Error - 10.09.2011 01:14:28 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0

Description = 07:14:28 - Fehler beim Herstellen der Internetverbindung.  07:14:28 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 10.09.2011 01:14:49 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0

Description = 07:14:48 - Fehler beim Herstellen der Internetverbindung.  07:14:48 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 10.09.2011 02:15:20 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0

Description = 08:15:20 - Fehler beim Herstellen der Internetverbindung.  08:15:20 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 10.09.2011 02:15:42 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0

Description = 08:15:41 - Fehler beim Herstellen der Internetverbindung.  08:15:41 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 13.11.2011 22:25:58 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0

Description = 03:25:56 - Fehler beim Herstellen der Internetverbindung.  03:25:56 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 13.11.2011 23:26:41 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0

Description = 04:26:40 - Fehler beim Herstellen der Internetverbindung.  04:26:40 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 14.11.2011 00:27:25 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0

Description = 05:27:24 - Fehler beim Herstellen der Internetverbindung.  05:27:24 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 14.11.2011 01:28:08 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0

Description = 06:28:08 - Fehler beim Herstellen der Internetverbindung.  06:28:08 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 14.11.2011 01:28:38 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0

Description = 06:28:37 - Fehler beim Herstellen der Internetverbindung.  06:28:37 

-     Serververbindung konnte nicht hergestellt werden..  

 

[ System Events ]

Error - 16.11.2011 16:56:34 | Computer Name = JOERG.immorat.local | Source = DCOM | ID = 10005

Description = 

 

Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = DCOM | ID = 10005

Description = 

 

Error - 16.11.2011 16:56:34 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 16.11.2011 16:56:34 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

 

< End of report >

--- --- ---

OTL:OTL Logfile:

Code:

OTL logfile created on: 16.11.2011 21:58:06 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = G:\

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

5,98 Gb Total Physical Memory | 5,03 Gb Available Physical Memory | 84,13% Memory free

11,96 Gb Paging File | 11,02 Gb Available in Paging File | 92,16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931,41 Gb Total Space | 834,54 Gb Free Space | 89,60% Space Free | Partition Type: NTFS

Drive F: | 1397,26 Gb Total Space | 1104,73 Gb Free Space | 79,06% Space Free | Partition Type: NTFS

Drive G: | 1,87 Gb Total Space | 1,87 Gb Free Space | 99,97% Space Free | Partition Type: FAT

 

Computer Name: JOERG | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - G:\OTL.exe (OldTimer Tools)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (nwtsrv) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)

SRV:64bit: - (certsrv) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)

SRV:64bit: - (avmike) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)

SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)

SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)

SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)

SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (ABBYY.Licensing.FineReader.Corporate.10.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe (ABBYY)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)

SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)

SRV - (SchnapperPro-TimeSync) -- C:\Program Files (x86)\SchnapperPro\TimeSync.exe (Schnapper-Software  Robert Beer)

SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)

DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)

DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)

DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)

DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)

DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)

DRV:64bit: - (NWIM) -- C:\Windows\SysNative\drivers\avmnwim.sys (AVM Berlin)

DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)

DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)

DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)

DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)

DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)

DRV:64bit: - (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/

IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Amazon.de"

FF - prefs.js..browser.startup.homepage: "www.google.at"

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=22af5e55000000000000f46d04214138&tlver=1.4.35.10&affID=100474"

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.06.07 17:36:13 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.09.28 18:09:11 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.11 18:44:26 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.11 18:44:26 | 000,000,000 | -H-D | M]

 

[2011.06.08 20:49:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\administrator\AppData\Roaming\mozilla\Extensions

[2011.11.07 15:57:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\administrator\AppData\Roaming\mozilla\Firefox\Profiles\ya02zq6u.default\extensions

[2011.10.04 15:26:37 | 000,000,000 | -H-D | M] (ColorZilla) -- C:\Users\administrator\AppData\Roaming\mozilla\Firefox\Profiles\ya02zq6u.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}

[2011.11.10 06:40:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.10.21 06:57:45 | 000,000,000 | -H-D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YA02ZQ6U.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

[2011.11.10 06:40:31 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.06.28 18:41:56 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2008.02.22 16:24:06 | 000,095,832 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll

[2011.11.10 06:40:29 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.29 19:51:19 | 000,002,288 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2011.11.10 06:40:29 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.11.10 06:40:29 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.11.10 06:40:29 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.11.10 06:40:29 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.10 06:40:29 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll

CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPPDLicenseHelper.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Skype Click to Call = C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

 

O1 HOSTS File: ([2011.11.12 12:28:55 | 000,003,155 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 3dns.adobe.com

O1 - Hosts: 127.0.0.1 3dns-1.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-4.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com

O1 - Hosts: 127.0.0.1 hh-software.com

O1 - Hosts: 51 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [IoWwDnqsYPU.exe] C:\ProgramData\IoWwDnqsYPU.exe (Rcvr Inc)

O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [SchnapperPro] C:\Program Files (x86)\SchnapperPro\SchnapperPro.exe (Schnapper-Software  Robert Beer)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found

O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found

O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = immorat.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B2F73B6-573C-4960-84BD-83601550168E}: NameServer = 192.168.1.10

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.07.10 03:16:15 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]

O32 - AutoRun File - [2002.10.16 13:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{d07911e4-e39e-11e0-aca7-f46d04214138}\Shell - "" = AutoRun

O33 - MountPoints2\{d07911e4-e39e-11e0-aca7-f46d04214138}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.11.16 19:50:40 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{CD6466BC-B2BF-4F80-8655-D70F49EF1E27}

[2011.11.16 19:18:48 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

[2011.11.16 19:18:14 | 000,380,928 | -H-- | C] (Rcvr Inc) -- C:\ProgramData\W1SWdm8eagvp0l.exe

[2011.11.16 19:18:00 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{C048F634-FE41-4061-A4CC-2EBD7AD1F01B}

[2011.11.16 19:08:40 | 000,491,520 | -H-- | C] (Rcvr Inc) -- C:\ProgramData\IoWwDnqsYPU.exe

[2011.11.13 02:00:14 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{F37E2F6D-6CFE-4413-817F-2D9C959DD0FD}

[2011.11.13 02:00:01 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{C9124E5A-E162-4F0E-A078-53D983518873}

[2011.11.11 18:44:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011.11.11 18:44:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\QuickTime

[2011.11.11 18:42:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.11.11 18:41:50 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes

[2011.11.11 18:41:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\iTunes

[2011.11.11 18:41:50 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod

[2011.11.11 18:39:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour

[2011.11.11 18:39:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Bonjour

[2011.11.11 18:39:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.11.10 16:43:42 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Wireshark

[2011.11.10 16:25:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap

[2011.11.10 16:24:33 | 000,000,000 | -H-D | C] -- C:\Program Files\Wireshark

[2011.11.10 06:40:11 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{48E55336-7A5B-481F-9383-D3FD30FFD04D}

[2011.11.10 06:39:33 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{095D82DB-BEC3-406C-876F-115A68A07165}

[2011.11.08 07:15:15 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{2E7D2F8E-25B3-4472-B247-BDEB8BAAA8DC}

[2011.11.08 07:15:04 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{E21CDBF6-36D3-4E14-8EBF-7FB4820FF64D}

[2011.11.07 19:14:50 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{A6A1FB46-123F-4926-BFF4-A38498332A6C}

[2011.11.07 19:14:14 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{D4CE9191-B8E9-4BD8-871B-70B0694A7A66}

[2011.11.05 03:01:00 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\AVM

[2011.11.05 03:00:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\FRITZ!Fernzugang einrichten

[2011.11.05 02:50:02 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{12FB51E1-0967-4C61-93F6-2638ECD08DD1}

[2011.11.05 02:49:47 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{51425D9D-6C4F-4C88-B57E-E7FC3D011E95}

[2011.11.05 01:28:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVM

[2011.11.05 01:26:09 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang

[2011.11.05 01:26:09 | 000,000,000 | -H-D | C] -- C:\Program Files\FRITZ!Fernzugang

[2011.11.05 01:25:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2011.11.04 22:21:12 | 000,000,000 | -H-D | C] -- C:\Users\administrator\.zenmap

[2011.11.04 22:20:39 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap

[2011.11.04 22:20:25 | 000,000,000 | -H-D | C] -- C:\Program Files\WinPcap

[2011.11.04 22:19:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Nmap

[2011.11.04 22:07:02 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner

[2011.11.04 22:07:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner

[2011.11.04 22:06:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Advanced Port Scanner

[2011.11.04 19:39:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NinjaLite

[2011.11.04 19:39:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\NinjaLite

[2011.10.30 21:49:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Musiphone

[2011.10.30 21:49:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Musiphone

[2011.10.30 21:48:22 | 000,000,000 | -H-D | C] -- C:\Windows\Downloaded Installations

[2011.10.30 17:40:59 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\SchnapperPro

[2011.10.30 17:40:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SchnapperPro

[2011.10.30 17:40:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\SchnapperPro

[2011.10.29 19:51:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\BabylonToolbar

[2011.10.29 19:51:19 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Music Converter

[2011.10.29 19:51:19 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\Babylon

[2011.10.29 19:51:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\FoxTabMusicConverter

[2011.10.29 19:51:18 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Babylon

[2011.10.29 19:51:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Babylon

[2011.10.28 18:19:02 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9}

[2011.10.27 20:31:02 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Audacity

[2011.10.27 20:30:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)

[2011.10.27 20:15:15 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\COWON

[2011.10.27 20:13:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\COWON

[2011.10.27 20:13:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jetAudio

[2011.10.27 20:13:34 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\JetAudio

[2011.10.27 20:12:46 | 039,688,475 | -H-- | C] (Acresso Software Inc.                                        ) -- C:\Users\administrator\Desktop\JAD8016_BASIC.exe

[2011.10.27 19:56:54 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ

[2011.10.27 19:56:50 | 000,000,000 | -H-D | C] -- C:\Users\administrator\Documents\VirtualDJ

[2011.10.27 19:56:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\VirtualDJ

[2011.10.27 19:55:43 | 036,608,000 | -H-- | C] (Microsoft Corporation) -- C:\Users\administrator\Desktop\install_virtualdj_home_v7.0.5.exe

[2011.10.24 14:29:02 | 000,094,208 | -H-- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx

[2011.10.24 14:29:02 | 000,069,632 | -H-- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts

[2011.10.21 15:01:46 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\License Management Information

[2011.10.21 06:57:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2011.10.20 20:23:11 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{7DE06807-ED72-4C11-9493-83D5AF8CB5DB}

[2011.10.20 20:22:35 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{B57E6B1D-6282-4B76-8FBC-CE6173D0072B}

[2011.10.20 20:08:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiPath 3000 Manager C

[2011.10.20 19:38:29 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Siemens

[2011.10.20 19:38:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiPath 3000 Manager E

[2011.10.20 19:37:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\Siemens AG

[2011.10.20 19:37:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Siemens

[2011.10.20 19:35:06 | 000,092,160 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysNative\drivers\ser2pl64.sys

[2011.10.20 19:28:37 | 000,035,892 | -H-- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys

[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.11.16 22:02:23 | 001,513,870 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.11.16 22:02:23 | 000,659,760 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.11.16 22:02:23 | 000,621,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.11.16 22:02:23 | 000,132,032 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.11.16 22:02:23 | 000,108,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.11.16 21:55:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.11.16 21:55:35 | 522,137,599 | -HS- | M] () -- C:\hiberfil.sys

[2011.11.16 19:54:43 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.11.16 19:54:43 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.11.16 19:47:25 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\SchnapperPro-Weckdienst [Administrator].job

[2011.11.16 19:20:30 | 000,000,456 | -H-- | M] () -- C:\ProgramData\W1SWdm8eagvp0l

[2011.11.16 19:18:48 | 000,000,682 | -H-- | M] () -- C:\Users\administrator\Desktop\System Fix.lnk

[2011.11.16 19:18:14 | 000,380,928 | -H-- | M] (Rcvr Inc) -- C:\ProgramData\W1SWdm8eagvp0l.exe

[2011.11.16 19:11:48 | 000,002,002 | -H-- | M] () -- C:\Users\administrator\Documents\Default.rdp

[2011.11.16 19:05:15 | 000,491,520 | -H-- | M] (Rcvr Inc) -- C:\ProgramData\IoWwDnqsYPU.exe

[2011.11.12 12:28:55 | 000,003,155 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella

[2011.11.12 12:28:55 | 000,003,155 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011.11.11 20:26:20 | 000,155,862 | -H-- | M] () -- C:\Users\administrator\Desktop\VoIP Gateway 5188 36.04.80_11.11.11_2026_sipgate.export

[2011.11.11 20:20:23 | 000,000,057 | -H-- | M] () -- C:\Windows\TCOMM32.INI

[2011.11.11 20:01:52 | 000,155,778 | -H-- | M] () -- C:\Users\administrator\Desktop\VoIP Gateway 5188 36.04.80_11.11.11_2002.export

[2011.11.10 20:48:03 | 000,015,973 | -H-- | M] () -- C:\Users\administrator\Desktop\319219_298472610171216_100000254374269_1100091_1903881395_n.jpg

[2011.11.10 03:21:43 | 005,072,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.11.04 22:20:39 | 000,000,996 | -H-- | M] () -- C:\Users\administrator\Desktop\Nmap - Zenmap GUI.lnk

[2011.11.04 19:39:48 | 000,001,988 | -H-- | M] () -- C:\Users\administrator\Desktop\NinjaLite.lnk

[2011.11.03 00:33:11 | 000,018,576 | -H-- | M] () -- C:\arc_noHA.arc

[2011.11.03 00:33:11 | 000,018,576 | -H-- | M] () -- C:\arc_HAED.arc

[2011.11.03 00:33:11 | 000,000,248 | -H-- | M] () -- C:\startarc.arc

[2011.10.29 19:51:19 | 000,001,156 | -H-- | M] () -- C:\Users\administrator\Desktop\FoxTab Music Converter.lnk

[2011.10.27 20:30:43 | 000,001,177 | -H-- | M] () -- C:\Users\administrator\Desktop\Audacity 1.3 Beta (Unicode).lnk

[2011.10.27 20:13:01 | 039,688,475 | -H-- | M] (Acresso Software Inc.                                        ) -- C:\Users\administrator\Desktop\JAD8016_BASIC.exe

[2011.10.27 19:56:56 | 000,001,079 | -H-- | M] () -- C:\Users\administrator\Desktop\VirtualDJ Home FREE.lnk

[2011.10.27 19:55:56 | 036,608,000 | -H-- | M] (Microsoft Corporation) -- C:\Users\administrator\Desktop\install_virtualdj_home_v7.0.5.exe

[2011.10.26 09:16:06 | 000,004,096 | -H-- | M] () -- C:\Users\Public\Documents\000014A1.LCS

[2011.10.24 14:29:02 | 000,094,208 | -H-- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx

[2011.10.24 14:29:02 | 000,069,632 | -H-- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts

[2011.10.20 20:22:11 | 000,414,368 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2011.10.20 20:08:15 | 000,015,617 | -H-- | M] () -- C:\Windows\ASS_150E.INI

[2011.10.20 19:38:01 | 000,015,617 | -H-- | M] () -- C:\Windows\ASS_150E.OLD

 
 ========== Files Created - No Company Name ==========

 

[2011.11.16 19:18:48 | 000,000,682 | -H-- | C] () -- C:\Users\administrator\Desktop\System Fix.lnk

[2011.11.16 19:18:43 | 000,000,456 | -H-- | C] () -- C:\ProgramData\W1SWdm8eagvp0l

[2011.11.16 10:21:04 | 000,000,454 | -H-- | C] () -- C:\Windows\tasks\SchnapperPro-Weckdienst [Administrator].job

[2011.11.11 20:26:19 | 000,155,862 | -H-- | C] () -- C:\Users\administrator\Desktop\VoIP Gateway 5188 36.04.80_11.11.11_2026_sipgate.export

[2011.11.11 20:01:51 | 000,155,778 | -H-- | C] () -- C:\Users\administrator\Desktop\VoIP Gateway 5188 36.04.80_11.11.11_2002.export

[2011.11.10 20:48:02 | 000,015,973 | -H-- | C] () -- C:\Users\administrator\Desktop\319219_298472610171216_100000254374269_1100091_1903881395_n.jpg

[2011.11.04 22:20:39 | 000,000,996 | -H-- | C] () -- C:\Users\administrator\Desktop\Nmap - Zenmap GUI.lnk

[2011.11.04 19:39:48 | 000,001,988 | -H-- | C] () -- C:\Users\administrator\Desktop\NinjaLite.lnk

[2011.11.03 00:33:11 | 000,018,576 | -H-- | C] () -- C:\arc_noHA.arc

[2011.11.03 00:33:11 | 000,018,576 | -H-- | C] () -- C:\arc_HAED.arc

[2011.11.03 00:33:11 | 000,000,248 | -H-- | C] () -- C:\startarc.arc

[2011.10.29 19:51:19 | 000,001,156 | -H-- | C] () -- C:\Users\administrator\Desktop\FoxTab Music Converter.lnk

[2011.10.27 20:30:43 | 000,001,177 | -H-- | C] () -- C:\Users\administrator\Desktop\Audacity 1.3 Beta (Unicode).lnk

[2011.10.27 19:56:56 | 000,001,079 | -H-- | C] () -- C:\Users\administrator\Desktop\VirtualDJ Home FREE.lnk

[2011.10.20 20:08:09 | 000,015,617 | -H-- | C] () -- C:\Windows\ASS_150E.OLD

[2011.10.20 19:41:30 | 000,000,057 | -H-- | C] () -- C:\Windows\TCOMM32.INI

[2011.10.20 19:38:01 | 000,015,617 | -H-- | C] () -- C:\Windows\ASS_150E.INI

[2011.10.20 19:28:37 | 000,026,719 | -H-- | C] () -- C:\Windows\SysWow64\SERSPL.VXD

[2011.10.08 12:35:20 | 000,000,132 | -H-- | C] () -- C:\Users\administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2011.10.08 12:29:52 | 000,000,022 | -H-- | C] () -- C:\Windows\Artcut6.INI

[2011.10.08 12:29:47 | 000,000,512 | -H-- | C] () -- C:\Windows\SysWow64\WTCY9853.dat

[2011.09.20 17:46:24 | 002,089,984 | -H-- | C] () -- C:\Windows\SysWow64\CustomPic.dll

[2011.09.20 16:38:52 | 000,000,000 | -H-- | C] () -- C:\Windows\EEventManager.INI

[2011.09.17 10:09:21 | 000,000,132 | -H-- | C] () -- C:\Users\administrator\AppData\Roaming\Adobe GIF Format CS5 Prefs

[2011.08.28 12:02:12 | 000,001,456 | -H-- | C] () -- C:\Users\administrator\AppData\Local\Adobe Für Web speichern 12.0 Prefs

[2011.08.01 16:21:38 | 000,852,264 | -H-- | C] () -- C:\Windows\SysWow64\wodCertificate.dll

[2011.07.12 10:07:08 | 000,118,860 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011.06.13 23:05:29 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini

[2011.06.09 06:15:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011.06.08 20:49:30 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat

[2011.06.06 17:59:33 | 001,538,324 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.06.06 17:28:25 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011.06.03 15:47:25 | 000,036,043 | -H-- | C] () -- C:\Windows\Ascd_log.ini

[2011.06.03 15:46:19 | 000,024,500 | -H-- | C] () -- C:\Windows\Ascd_tmp.ini

[2011.06.03 15:23:09 | 000,001,769 | -H-- | C] () -- C:\Windows\Language_trs.ini

[2011.05.20 21:35:28 | 000,304,744 | -H-- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2010.06.25 18:03:12 | 000,053,299 | -H-- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009.04.02 13:30:14 | 000,010,296 | -H-- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[2003.04.19 16:40:44 | 000,035,328 | -H-- | C] () -- C:\Windows\SysWow64\MP3reader.dll
 

< End of report >

--- --- ---

Danke
LG
Jörg

Hallo,

hier ist das Ergebnis von Combofix:

Combofix Logfile:

Code:

ComboFix 11-11-17.03 - Administrator 17.11.2011  17:31:04.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.6125.4129 [GMT 1:00]

ausgeführt von:: c:\users\administrator\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\UNWISE.EXE

c:\users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

F:\Autorun.inf

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-10-17 bis 2011-11-17  ))))))))))))))))))))))))))))))

.

.

2011-11-17 16:34 . 2011-11-17 16:34        --------        d-----w-        c:\users\User\AppData\Local\temp

2011-11-17 12:16 . 2011-08-12 04:10        8862544        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97E83323-9355-49D0-BE2C-3F398444760E}\mpengine.dll

2011-11-11 17:41 . 2011-11-11 17:42        --------        d--h--w-        c:\program files\iTunes

2011-11-11 17:41 . 2011-11-11 17:42        --------        d--h--w-        c:\program files (x86)\iTunes

2011-11-11 17:41 . 2011-11-11 17:41        --------        d--h--w-        c:\program files\iPod

2011-11-11 17:39 . 2011-11-11 17:39        --------        d--h--w-        c:\program files\Bonjour

2011-11-11 17:39 . 2011-11-11 17:39        --------        d--h--w-        c:\program files (x86)\Bonjour

2011-11-10 15:43 . 2011-11-10 15:43        --------        d--h--w-        c:\users\administrator\AppData\Roaming\Wireshark

2011-11-10 15:24 . 2011-11-10 15:25        --------        d--h--w-        c:\program files\Wireshark

2011-11-09 10:38 . 2011-10-01 05:45        886784        ----a-w-        c:\program files\Common Files\System\wab32.dll

2011-11-09 10:38 . 2011-10-01 04:37        708608        ----a-w-        c:\program files (x86)\Common Files\System\wab32.dll

2011-11-09 10:38 . 2011-09-29 16:29        1923952        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-11-09 10:38 . 2011-09-29 04:03        3144704        ----a-w-        c:\windows\system32\win32k.sys

2011-11-05 02:01 . 2011-11-05 02:01        --------        d--h--w-        c:\users\administrator\AppData\Roaming\AVM

2011-11-05 02:00 . 2011-11-05 02:00        18944        ---ha-r-        c:\users\administrator\AppData\Roaming\Microsoft\Installer\{A79408B0-345D-42E8-8EB6-00597320B9E0}\Icon9E0163791.exe

2011-11-05 02:00 . 2011-11-05 02:01        --------        d--h--w-        c:\program files (x86)\FRITZ!Fernzugang einrichten

2011-11-05 00:28 . 2011-11-05 00:28        --------        d--h--w-        c:\programdata\AVM

2011-11-05 00:26 . 2011-11-05 00:28        --------        d--h--w-        c:\program files\FRITZ!Fernzugang

2011-11-05 00:26 . 2011-11-05 00:26        29184        ---ha-r-        c:\users\administrator\AppData\Roaming\Microsoft\Installer\{62E685A3-1E4F-4A12-B77C-9949DE9E7DFB}\IconA7C606DF.exe

2011-11-05 00:25 . 2011-11-05 01:59        --------        d--h--w-        c:\program files (x86)\Common Files\Wise Installation Wizard

2011-11-04 21:21 . 2011-11-04 21:21        --------        d--h--w-        c:\users\administrator\.zenmap

2011-11-04 21:20 . 2011-11-10 15:25        --------        d--h--w-        c:\program files\WinPcap

2011-11-04 21:19 . 2011-11-04 21:20        --------        d--h--w-        c:\program files (x86)\Nmap

2011-11-04 21:06 . 2011-11-04 21:07        --------        d--h--w-        c:\program files (x86)\Advanced Port Scanner

2011-11-04 18:39 . 2011-11-04 18:39        --------        d--h--w-        c:\program files (x86)\NinjaLite

2011-10-30 20:49 . 2011-10-30 20:49        --------        d--h--w-        c:\program files (x86)\Musiphone

2011-10-30 20:48 . 2011-10-30 20:48        --------        d--h--w-        c:\windows\Downloaded Installations

2011-10-30 16:40 . 2011-11-16 18:17        --------        d--h--w-        c:\users\administrator\AppData\Roaming\SchnapperPro

2011-10-30 16:40 . 2011-10-30 16:40        --------        d--h--w-        c:\program files (x86)\SchnapperPro

2011-10-29 18:51 . 2011-10-29 18:51        --------        d--h--w-        c:\program files (x86)\BabylonToolbar

2011-10-29 18:51 . 2011-10-29 18:51        --------        d--h--w-        c:\users\administrator\AppData\Local\Babylon

2011-10-29 18:51 . 2011-10-29 18:51        --------        d--h--w-        c:\program files (x86)\FoxTabMusicConverter

2011-10-29 18:51 . 2011-10-29 18:51        --------        d--h--w-        c:\users\administrator\AppData\Roaming\Babylon

2011-10-29 18:51 . 2011-10-29 18:51        --------        d--h--w-        c:\programdata\Babylon

2011-10-28 17:19 . 2011-10-28 17:19        --------        d--h--w-        c:\users\administrator\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9}

2011-10-27 19:31 . 2011-11-04 18:16        --------        d--h--w-        c:\users\administrator\AppData\Roaming\Audacity

2011-10-27 19:30 . 2011-10-27 19:30        --------        d--h--w-        c:\program files (x86)\Audacity 1.3 Beta (Unicode)

2011-10-27 19:15 . 2011-10-27 19:15        --------        d--h--w-        c:\users\administrator\AppData\Roaming\COWON

2011-10-27 19:13 . 2011-10-27 19:13        --------        d--h--w-        c:\program files (x86)\Common Files\COWON

2011-10-27 19:13 . 2011-10-27 19:17        --------        d--h--w-        c:\program files (x86)\JetAudio

2011-10-27 18:56 . 2011-10-27 18:56        --------        d--h--w-        c:\program files (x86)\VirtualDJ

2011-10-24 13:29 . 2011-10-24 13:29        94208        ---ha-w-        c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 13:29 . 2011-10-24 13:29        69632        ---ha-w-        c:\windows\SysWow64\QuickTime.qts

2011-10-20 18:38 . 2011-10-20 19:08        --------        d--h--w-        c:\users\administrator\AppData\Roaming\Siemens

2011-10-20 18:37 . 2011-10-20 18:37        --------        d--h--w-        c:\program files (x86)\Common Files\Siemens AG

2011-10-20 18:37 . 2011-10-20 19:07        --------        d--h--w-        c:\program files (x86)\Siemens

2011-10-20 18:35 . 2008-10-27 12:59        92160        ----a-w-        c:\windows\system32\drivers\ser2pl64.sys

2011-10-20 18:28 . 2005-08-03 14:05        35892        ---ha-w-        c:\windows\SysWow64\SER9PL.sys

2011-10-20 18:28 . 2005-08-03 14:04        26719        ---ha-w-        c:\windows\SysWow64\SERSPL.VXD

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-14 06:28 . 2011-08-31 19:32        48648        ---ha-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-10-20 19:22 . 2011-06-03 14:52        414368        ---ha-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-11 16:01 . 2011-10-11 16:01        917840        ---h--w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2C4CF93-3331-4806-9F84-D84B48746468}\gapaengine.dll

2011-10-07 04:16 . 2011-06-07 21:35        8570192        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-06 05:12 . 2011-08-31 19:32        771888        ---ha-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-09-10 07:15 . 2011-09-10 07:15        48648        ---ha-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-09-10 07:15 . 2011-09-10 07:15        845632        ---ha-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-09-01 05:24 . 2011-10-14 01:01        2309120        ----a-w-        c:\windows\system32\jscript9.dll

2011-09-01 05:17 . 2011-10-14 01:01        1389056        ----a-w-        c:\windows\system32\wininet.dll

2011-09-01 05:12 . 2011-10-14 01:01        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2011-09-01 02:35 . 2011-10-14 01:01        1798144        ----a-w-        c:\windows\SysWow64\jscript9.dll

2011-09-01 02:28 . 2011-10-14 01:01        1126912        ----a-w-        c:\windows\SysWow64\wininet.dll

2011-09-01 02:22 . 2011-10-14 01:01        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2011-08-30 22:05 . 2011-08-30 22:05        96104        ----a-w-        c:\windows\system32\dns-sd.exe

2011-08-30 22:05 . 2011-08-30 22:05        85864        ----a-w-        c:\windows\system32\dnssd.dll

2011-08-30 22:05 . 2011-08-30 22:05        61288        ----a-w-        c:\windows\system32\jdns_sd.dll

2011-08-30 22:05 . 2011-08-30 22:05        212840        ----a-w-        c:\windows\system32\dnssdX.dll

2011-08-30 22:05 . 2011-08-30 22:05        83816        ---ha-w-        c:\windows\SysWow64\dns-sd.exe

2011-08-30 22:05 . 2011-08-30 22:05        73064        ---ha-w-        c:\windows\SysWow64\dnssd.dll

2011-08-30 22:05 . 2011-08-30 22:05        50536        ---ha-w-        c:\windows\SysWow64\jdns_sd.dll

2011-08-30 22:05 . 2011-08-30 22:05        178536        ---ha-w-        c:\windows\SysWow64\dnssdX.dll

2011-08-27 05:37 . 2011-10-13 03:43        861696        ----a-w-        c:\windows\system32\oleaut32.dll

2011-08-27 05:37 . 2011-10-13 03:43        331776        ----a-w-        c:\windows\system32\oleacc.dll

2011-08-27 04:26 . 2011-10-13 03:43        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

2011-08-27 04:26 . 2011-10-13 03:43        233472        ----a-w-        c:\windows\SysWow64\oleacc.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2011-09-05 1240992]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

"SchnapperPro"="c:\program files (x86)\SchnapperPro\SchnapperPro.exe" [2011-10-11 806224]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Bonus.SSR.FR10"="c:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-01-18 941320]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 136176]

R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 136176]

R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [x]

S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-18 814344]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]

S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe [2010-03-30 335224]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]

S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe [2010-03-30 143224]

S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [2010-03-30 189304]

S2 SchnapperPro-TimeSync;SchnapperPro-TimeSync;c:\program files (x86)\SchnapperPro\TimeSync.exe [2007-08-30 45664]

S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-24 520040]

S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-09-21 366408]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-11-16 c:\windows\Tasks\SchnapperPro-Weckdienst [Administrator].job

- c:\program files (x86)\SchnapperPro\SchnapperPro.exe [2011-10-11 09:10]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"combofix"="c:\combofix\CF6671.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.at/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html

IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: Interfaces\{7B2F73B6-573C-4960-84BD-83601550168E}: NameServer = 192.168.1.10

FF - ProfilePath - c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ya02zq6u.default\

FF - prefs.js: browser.search.selectedEngine - Amazon.de

FF - prefs.js: browser.startup.homepage - www.google.at

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=22af5e55000000000000f46d04214138&tlver=1.4.35.10&affID=100474

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-artcut german version - C:\UNWISE.EXE

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,3b,1b,f4,c0,6e,

   4b,94,b0,19,0a,af,12,6a,12,b5,57,df,d3

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,28,96,

   5d,f6,83,4c,0e,82,a4,49,59,e1,ae,ec,87

"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,00,59,

   1d,13,c0,f3,05,89,71,81,02,97,d8,22,02

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,ca,

   02,9e,bb,ea,0d,b8,9a,bb,17,8f,6a,fd,d7

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cd,69,

   b4,52,bb,26,07,9f,7f,45,05,ed,52,59,04

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,45,95,

   b4,6f,7d,bd,01,92,77,b0,b7,86,5e,04,83

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e6,

   ae,12,5d,30,06,a7,2e,03,f3,03,ca,42,eb

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,03,82,

   ee,93,89,3a,0f,84,68,27,1d,8d,a2,e0,63

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"Timestamp"=hex:b6,2c,85,d2,13,26,cc,01

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,b5,85,8b,b0,cd,8a,41,9a,a1,38,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,4d,96,70,43,9c,be,41,be,34,27,\

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AVI"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\Photoshop.exe"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\dreamweaver.exe"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.m3u"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M4A"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MOV"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\jetAudio.exe"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\Photoshop.exe"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Outlook.File.pst.14"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-11-17  17:52:16 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-11-17 16:52

.

Vor Suchlauf: 1 Verzeichnis(se), 898.198.671.360 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 911.471.677.440 Bytes frei

.

- - End Of File - - CA9B2292ED66DE8AF22FF3EA86B9D729

--- --- ---

Danke,

LG

Jörg