Trojaner-Board - Infektion durch system progressive protection

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Infektion durch system progressive protection (https://www.trojaner-board.de/127678-infektion-system-progressive-protection.html)

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Code:

 # AdwCleaner v2.011 - Datei am 05/12/2012 um 17:08:19 erstellt

# Aktualisiert am 02/12/2012 von Xplode

# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)

# Benutzer : *****

# Bootmodus : Normal

# Ausgeführt unter : C:\Dokumente und Einstellungen\****\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Gelöscht mit Neustart : C:\Programme\Gemeinsame Dateien\AVG Secure Search

Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search

Ordner Gelöscht : C:\Dokumente und Einstellungen\****\Anwendungsdaten\AVG Secure Search

Ordner Gelöscht : C:\Programme\AVG Secure Search
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\Software\AVG Secure Search

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v8.0.6001.18702
 

[OK] Die Registrierungsdatenbank ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [4682 octets] - [05/12/2012 16:23:52]

AdwCleaner[S1].txt - [4460 octets] - [05/12/2012 17:08:19]
 

########## EOF - C:\AdwCleaner[S1].txt - [4520 octets] ##########

OTL Logfile:

Code:

OTL logfile created on: 05.12.2012 17:24:58 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Ute\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

767,49 Mb Total Physical Memory | 353,07 Mb Available Physical Memory | 46,00% Memory free

917,96 Mb Paging File | 484,93 Mb Available in Paging File | 52,83% Paging File free

Paging file location(s): C:\pagefile.sys 192 768 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 19,53 Gb Total Space | 4,61 Gb Free Space | 23,59% Space Free | Partition Type: NTFS

Drive D: | 54,99 Gb Total Space | 45,46 Gb Free Space | 82,66% Space Free | Partition Type: NTFS

Drive F: | 807,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 465,64 Gb Total Space | 348,08 Gb Free Space | 74,75% Space Free | Partition Type: FAT32

 

Computer Name: ***** | User Name: **** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools)

PRC - D:\Programme\avgui.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Programme\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Programme\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Programme\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Programme\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Programme\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Programme\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)

PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)

PRC - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

PRC - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()

MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()

MOD - C:\WINDOWS\system32\cpwmon2k.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (vToolbarUpdater13.3.1) -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\13.3.1\ToolbarUpdater.exe File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (AVGIDSAgent) -- D:\Programme\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- D:\Programme\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)

SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)

SRV - (MZCCntrl) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (cpuz132) -- C:\DOKUME~1\****\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys File not found

DRV - (Changer) --  File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)

DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)

DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)

DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)

DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

DRV - (LgBttPort) -- C:\WINDOWS\system32\drivers\lgbtport.sys (LG Electronics Inc.)

DRV - (LGVMODEM) -- C:\WINDOWS\system32\drivers\lgvmodem.sys (LG Electronics Inc.)

DRV - (lgbusenum) -- C:\WINDOWS\system32\drivers\lgbtbus.sys (LG Electronics Inc.)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (MIINPazX) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

DRV - (MACNDIS5) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\..\SearchScopes\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=2923f368-5cbf-4129-b667-649dd8d6e456&apn_sauid=F23DD3CF-361E-4F05-9890-A4ECF6A23C06

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\..\SearchScopes\{B1AF08D0-3F4C-4850-B010-E6A9687AA917}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\****\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )

 

 

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}

CHR - default_search_provider: suggest_url = 

 

O1 HOSTS File: ([2012.12.04 18:57:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)

O4 - HKLM..\Run: [AVG_UI] D:\Programme\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [TrojanScanner] D:\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKLM..\Run: [vProt] "C:\Programme\AVG Secure Search\vprot.exe" File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Lexware Info Service.lnk = C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O7 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found

O15 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\..Trusted Domains: google.de ([www] http in Vertrauenswürdige Sites)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239275688921 (WUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1D6B014-212A-4934-A5BB-4A39837D0D8E}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll File not found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ute\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ute\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.04.09 11:22:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006.02.09 14:59:36 | 000,000,000 | R--D | M] - G:\autorun -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk /r \??\G:)

O34 - HKLM BootExecute: (D:\PROGRA~1\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.05 14:52:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AVG2013

[2012.12.05 14:39:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG

[2012.12.05 14:39:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search

[2012.12.05 14:37:44 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys

[2012.12.05 14:19:09 | 000,000,000 | -H-D | C] -- C:\$AVG

[2012.12.05 14:19:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013

[2012.12.05 14:07:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\MFAData

[2012.12.05 14:07:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2012.12.05 14:07:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Avg2013

[2012.12.05 14:01:13 | 121,907,392 | ---- | C] (AVG Technologies) -- C:\Dokumente und Einstellungen\****\Desktop\avg_free_x86_all_2013_2793a5877.exe

[2012.12.05 09:42:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012.12.04 19:04:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012.12.04 14:36:24 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012.12.04 14:33:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012.12.04 14:33:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012.12.04 14:33:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012.12.04 14:33:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012.12.04 14:33:00 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.12.04 14:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2012.12.04 14:31:58 | 005,009,299 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\****\Desktop\ComboFix.exe

[2012.12.04 14:15:48 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\****\Desktop\tdsskiller.exe

[2012.12.03 11:19:57 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\****\Desktop\aswMBR.exe

[2012.12.01 13:47:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ute\Desktop\Viruslogs

[2012.11.30 13:10:22 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.11.29 13:21:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe

[2012.11.29 12:52:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\Malwarebytes

[2012.11.29 12:52:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.11.29 12:52:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.11.29 12:52:12 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.11.29 12:52:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.11.23 15:05:49 | 000,000,000 | R--D | C] -- C:\Favoriten

[2012.11.21 13:13:35 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\LG PC Suite IV

[2012.11.21 13:13:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\LG Electronics

[2011.03.03 11:30:55 | 003,314,038 | ---- | C] (Avira GmbH) -- C:\Programme\aeheur.dll

[2011.03.03 11:30:55 | 001,282,426 | ---- | C] (Avira GmbH) -- C:\Programme\aescript.dll

[2011.03.03 11:30:55 | 000,635,252 | ---- | C] (Avira GmbH) -- C:\Programme\aerdl.dll

[2011.03.03 11:30:55 | 000,520,566 | ---- | C] (Avira GmbH) -- C:\Programme\aepack.dll

[2011.03.03 11:30:55 | 000,397,683 | ---- | C] (Avira GmbH) -- C:\Programme\aegen.dll

[2011.03.03 11:30:55 | 000,393,589 | ---- | C] (Avira GmbH) -- C:\Programme\aeemu.dll

[2011.03.03 11:30:55 | 000,368,680 | ---- | C] (Avira GmbH) -- C:\Programme\avpack32.dll

[2011.03.03 11:30:55 | 000,254,324 | ---- | C] (Avira GmbH) -- C:\Programme\aesbx.dll

[2011.03.03 11:30:55 | 000,246,134 | ---- | C] (Avira GmbH) -- C:\Programme\aehelp.dll

[2011.03.03 11:30:55 | 000,196,983 | ---- | C] (Avira GmbH) -- C:\Programme\aecore.dll

[2011.03.03 11:30:55 | 000,174,120 | ---- | C] (Avira GmbH) -- C:\Programme\avrep.dll

[2011.03.03 11:30:55 | 000,127,349 | ---- | C] (Avira GmbH) -- C:\Programme\aescn.dll

[2011.03.03 11:30:55 | 000,106,868 | ---- | C] (Avira GmbH) -- C:\Programme\aevdf.dll

[2011.03.03 11:30:55 | 000,077,569 | ---- | C] (ACE Compression Software) -- C:\Programme\unacev2.dll

[2011.03.03 11:30:55 | 000,053,618 | ---- | C] (Avira GmbH) -- C:\Programme\aebb.dll

[2010.08.03 13:55:02 | 001,616,984 | ---- | C] (GARMIN Corp.) -- C:\Programme\MapSource_Lang.dll

[2010.03.09 13:16:00 | 002,114,184 | ---- | C] (Facebook, Inc.) -- C:\Programme\Install_Facebook_Plug-In_1.0.3.exe

[2009.10.12 10:45:52 | 016,020,091 | ---- | C] (Arclab Software Technologies                                ) -- C:\Programme\MailList-Controller-Free.exe

[2009.05.05 09:57:44 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Programme\unicows.dll

[2009.05.05 09:57:44 | 000,189,808 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AutoPlay.exe

[2009.05.05 09:45:38 | 001,084,936 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\APEX9_Win_WEB_WWEFG.exe

[2009.04.27 11:12:51 | 000,555,882 | ---- | C] (Next Dimension Studios                                      ) -- C:\Programme\Imagebatch Resizer Setup 1.3.exe

[2009.04.23 13:01:15 | 002,723,208 | ---- | C] (IN MEDIA KG                                                 ) -- C:\Programme\nldsetup-download-tipp.exe

[2009.04.23 12:59:58 | 000,989,176 | ---- | C] (Inprise Corporation) -- C:\Programme\BDEADMIN.EXE

[2009.04.23 12:58:02 | 007,809,864 | ---- | C] (IN MEDIA KG                                                 ) -- C:\Programme\mailout_setup-download-tipp.exe

[2009.04.23 12:43:50 | 016,020,022 | ---- | C] (Arclab Software Technologies                                ) -- C:\Programme\Newsletter.exe

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.05 18:09:06 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.05 17:18:08 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.05 17:17:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.12.05 16:22:14 | 000,540,743 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\adwcleaner.exe

[2012.12.05 14:39:55 | 000,000,532 | ---- | M] () -- D:\Desktop\AVG 2013.lnk

[2012.12.05 14:37:16 | 000,003,544 | ---- | M] () -- C:\WINDOWS\System32\avg-secure-search.xml

[2012.12.05 14:36:27 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys

[2012.12.05 14:02:15 | 121,907,392 | ---- | M] (AVG Technologies) -- C:\Dokumente und Einstellungen\****\Desktop\avg_free_x86_all_2013_2793a5877.exe

[2012.12.05 09:10:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.12.04 19:01:10 | 000,462,750 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.12.04 19:01:10 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.12.04 19:01:10 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.12.04 19:01:09 | 000,085,772 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.12.04 18:57:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012.12.04 14:36:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012.12.04 14:31:58 | 005,009,299 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\****\Desktop\ComboFix.exe

[2012.12.04 14:15:55 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\****\Desktop\tdsskiller.exe

[2012.12.04 13:25:59 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\MBR.dat

[2012.12.03 11:29:42 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\2i9bkfxn.exe

[2012.12.03 11:19:57 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\****\Desktop\aswMBR.exe

[2012.11.29 13:21:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe

[2012.11.29 13:20:45 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe

[2012.11.29 13:19:25 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\tocy4imq.exe

[2012.11.29 12:52:17 | 000,000,646 | ---- | M] () -- D:\Desktop\Malwarebytes Anti-Malware.lnk

[2012.11.23 14:04:45 | 000,001,246 | ---- | M] () -- C:\WINDOWS\pstudio.ini

[2012.11.23 14:04:45 | 000,000,011 | ---- | M] () -- C:\WINDOWS\album.ini

[2012.11.09 15:17:45 | 000,000,077 | ---- | M] () -- C:\Dokumente und Einstellungen\****\default.pls

[2012.11.09 15:17:40 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.05 16:22:13 | 000,540,743 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\adwcleaner.exe

[2012.12.05 14:39:55 | 000,000,532 | ---- | C] () -- D:\Desktop\AVG 2013.lnk

[2012.12.05 14:37:16 | 000,003,544 | ---- | C] () -- C:\WINDOWS\System32\avg-secure-search.xml

[2012.12.04 14:36:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012.12.04 14:36:33 | 000,262,448 | RHS- | C] () -- C:\cmldr

[2012.12.04 14:33:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012.12.04 14:33:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012.12.04 14:33:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012.12.04 14:33:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012.12.04 14:33:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012.12.04 13:25:59 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\MBR.dat

[2012.12.03 11:29:41 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Ute\Desktop\2i9bkfxn.exe

[2012.11.29 13:20:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe

[2012.11.29 13:19:24 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\tocy4imq.exe

[2012.11.29 12:52:17 | 000,000,646 | ---- | C] () -- D:\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.31 14:55:24 | 000,040,683 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Disk2vhd.chm

[2012.10.27 10:17:57 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2012.07.26 17:17:23 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll

[2012.07.26 11:47:03 | 010,405,766 | ---- | C] () -- C:\Programme\SetupAssistant_5.05.013.exe

[2012.02.24 13:53:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.11.18 11:18:05 | 000,002,486 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin

[2011.06.07 15:07:10 | 000,000,578 | ---- | C] () -- C:\WINDOWS\System32\Verknüpfung (2) mit spider.exe.lnk

[2011.06.01 15:03:20 | 000,000,578 | ---- | C] () -- C:\WINDOWS\System32\Verknüpfung mit spider.exe.lnk

[2011.03.22 14:56:48 | 000,000,136 | ---- | C] () -- C:\WINDOWS\UI.INI

[2011.03.11 14:05:03 | 000,014,507 | ---- | C] () -- C:\Programme\illustrator-befehleshortcuts_e-d.ods

[2011.03.09 17:57:02 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011.03.09 14:41:14 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe

[2011.03.05 16:00:11 | 000,000,842 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.recently-used.xbel

[2011.03.05 15:52:16 | 016,357,376 | ---- | C] () -- C:\Programme\gs871w32.exe

[2011.03.03 11:31:36 | 000,019,170 | ---- | C] () -- C:\Programme\vdf.info

[2011.03.03 11:31:02 | 000,159,232 | ---- | C] () -- C:\Programme\vbase018.vdf

[2011.03.03 11:31:02 | 000,157,184 | ---- | C] () -- C:\Programme\vbase013.vdf

[2011.03.03 11:31:02 | 000,148,992 | ---- | C] () -- C:\Programme\vbase019.vdf

[2011.03.03 11:31:02 | 000,140,288 | ---- | C] () -- C:\Programme\vbase016.vdf

[2011.03.03 11:31:02 | 000,128,000 | ---- | C] () -- C:\Programme\vbase015.vdf

[2011.03.03 11:31:02 | 000,124,416 | ---- | C] () -- C:\Programme\vbase017.vdf

[2011.03.03 11:31:02 | 000,120,320 | ---- | C] () -- C:\Programme\vbase014.vdf

[2011.03.03 11:31:02 | 000,023,552 | ---- | C] () -- C:\Programme\vbase031.vdf

[2011.03.03 11:31:02 | 000,002,785 | ---- | C] () -- C:\Programme\vdf.info.gz

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase030.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase029.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase028.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase027.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase026.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase025.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase024.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase023.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase022.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase021.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase020.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase012.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase011.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase010.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase009.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase008.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase007.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase006.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase005.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase004.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase003.vdf

[2011.03.03 11:31:01 | 001,950,720 | ---- | C] () -- C:\Programme\vbase002.vdf

[2011.03.03 11:30:56 | 013,342,208 | ---- | C] () -- C:\Programme\vbase001.vdf

[2011.03.03 11:30:55 | 019,875,328 | ---- | C] () -- C:\Programme\vbase000.vdf

[2011.03.03 11:30:55 | 000,057,440 | ---- | C] () -- C:\Programme\aelidb.dat

[2011.03.03 11:30:55 | 000,002,254 | ---- | C] () -- C:\Programme\aeset.dat

[2011.03.03 11:30:55 | 000,001,749 | ---- | C] () -- C:\Programme\ave2-win32-int.info.gz

[2011.03.03 11:30:55 | 000,001,224 | ---- | C] () -- C:\Programme\aevdf.dat

[2011.03.03 11:30:55 | 000,000,449 | ---- | C] () -- C:\Programme\specvir-win32-int.info.gz

[2011.03.03 11:30:55 | 000,000,000 | ---- | C] () -- C:\Programme\master.idx

[2011.03.03 11:29:30 | 039,865,317 | ---- | C] () -- C:\Programme\vdf_fusebundle.zip

[2011.02.17 17:29:53 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2011.02.17 17:29:53 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2011.02.17 17:29:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2011.02.17 17:29:53 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2011.02.17 13:38:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011.01.12 17:17:12 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2011.01.12 17:17:11 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2010.08.01 18:48:27 | 000,000,514 | ---- | C] () -- C:\Programme\importieren.bin

[2009.08.17 14:36:50 | 000,038,431 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Tabulatorgetrennte Werte (Windows).ADR

[2009.08.17 11:58:05 | 000,038,425 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft Excel.ADR

[2009.05.27 09:17:50 | 000,081,920 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.05.05 09:57:43 | 000,000,055 | ---- | C] () -- C:\Programme\Autorun.inf

[2009.05.05 09:57:41 | 000,017,015 | ---- | C] () -- C:\Programme\Liesmich.htm

[2009.05.05 09:57:41 | 000,015,557 | ---- | C] () -- C:\Programme\ReadMe.htm

[2009.05.05 09:45:38 | 884,256,055 | ---- | C] () -- C:\Programme\APEX9_Win_WEB_WWEFG.7z

[2009.04.23 12:59:58 | 000,880,364 | ---- | C] () -- C:\Programme\JAPAN.BTL

[2009.04.23 12:59:58 | 000,647,168 | ---- | C] () -- C:\Programme\IDDAO32.DLL

[2009.04.23 12:59:58 | 000,601,600 | ---- | C] () -- C:\Programme\IDDA3532.DLL

[2009.04.23 12:59:58 | 000,589,312 | ---- | C] () -- C:\Programme\IDAPI32.DLL

[2009.04.23 12:59:58 | 000,517,810 | ---- | C] () -- C:\Programme\FAREAST.BTL

[2009.04.23 12:59:58 | 000,464,896 | ---- | C] () -- C:\Programme\IDSQL32.DLL

[2009.04.23 12:59:58 | 000,454,144 | ---- | C] () -- C:\Programme\IDDBAS32.DLL

[2009.04.23 12:59:58 | 000,436,224 | ---- | C] () -- C:\Programme\IDODBC32.DLL

[2009.04.23 12:59:58 | 000,422,400 | ---- | C] () -- C:\Programme\IDQBE32.DLL

[2009.04.23 12:59:58 | 000,255,488 | ---- | C] () -- C:\Programme\IDPDX32.DLL

[2009.04.23 12:59:58 | 000,250,896 | ---- | C] () -- C:\Programme\EUROPE.BTL

[2009.04.23 12:59:58 | 000,167,936 | ---- | C] () -- C:\Programme\IDDR32.DLL

[2009.04.23 12:59:58 | 000,144,454 | ---- | C] () -- C:\Programme\CHARSET.CVB

[2009.04.23 12:59:58 | 000,139,264 | ---- | C] () -- C:\Programme\IDBAT32.DLL

[2009.04.23 12:59:58 | 000,122,170 | ---- | C] () -- C:\Programme\CEEUROPE.BTL

[2009.04.23 12:59:58 | 000,116,736 | ---- | C] () -- C:\Programme\IDR20009.DLL

[2009.04.23 12:59:58 | 000,116,224 | ---- | C] () -- C:\Programme\IDASCI32.DLL

[2009.04.23 12:59:58 | 000,101,376 | ---- | C] () -- C:\Programme\bantam.dll

[2009.04.23 12:59:58 | 000,059,950 | ---- | C] () -- C:\Programme\OTHER.BTL

[2009.04.23 12:59:58 | 000,045,568 | ---- | C] () -- C:\Programme\BLW32.DLL

[2009.04.23 12:59:58 | 000,036,458 | ---- | C] () -- C:\Programme\USA.BTL

[2009.04.23 12:59:58 | 000,002,486 | ---- | C] () -- C:\Programme\BDEADMIN.TOC

[2009.04.23 12:59:58 | 000,000,081 | ---- | C] () -- C:\Programme\IDAPI32.CFG

[2009.04.20 10:54:38 | 000,000,077 | ---- | C] () -- C:\Dokumente und Einstellungen\****\default.pls

[2009.04.10 13:00:58 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Ute\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

 
 ========== ZeroAccess Check ==========

 

[2010.12.09 16:15:07 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335}\@

[2010.12.09 16:15:07 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335}\L

[2012.10.03 12:13:07 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335}\U

[2012.07.27 11:12:14 | 000,002,048 | -HS- | M] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335}\@

[2010.12.09 16:15:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335}\L

[2012.10.03 12:47:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335}\U

[2009.04.10 12:57:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

--- --- ---
[/code]

OTL Logfile:

Code:

OTL Extras logfile created on: 05.12.2012 17:26:00 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

767,49 Mb Total Physical Memory | 353,07 Mb Available Physical Memory | 46,00% Memory free

917,96 Mb Paging File | 484,93 Mb Available in Paging File | 52,83% Paging File free

Paging file location(s): C:\pagefile.sys 192 768 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 19,53 Gb Total Space | 4,61 Gb Free Space | 23,59% Space Free | Partition Type: NTFS

Drive D: | 54,99 Gb Total Space | 45,46 Gb Free Space | 82,66% Space Free | Partition Type: NTFS

Drive F: | 807,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 465,64 Gb Total Space | 348,08 Gb Free Space | 74,75% Space Free | Partition Type: FAT32

 

Computer Name: **** | User Name: ****| Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Betrachten mit XnView] -- "G:\Garmin\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"D:\Programme\avgnsx.exe" = D:\Programme\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"D:\Programme\avgdiagex.exe" = D:\Programme\avgdiagex.exe:*:Enabled:AVG-Diagnose 2013 -- (AVG Technologies CZ, s.r.o.)

"D:\Programme\avgmfapx.exe" = D:\Programme\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)

"D:\Programme\avgemcx.exe" = D:\Programme\avgemcx.exe:*:Enabled:Personal E-Mail-Scanner -- (AVG Technologies CZ, s.r.o.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series" = Canon iP4900 series Printer Driver

"{1593510C-943F-444A-AD11-DD9B2ED2CEFD}" = Lexware QuickBooks PLUS 2007

"{17A78BEE-7302-4EB3-9F49-F7E0D8340171}" = Lexware online banking 4.20

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3A14DB5B-8D96-400C-BD97-A5656779099D}" = ArcSoft PhotoStudio 5.5

"{40D5BDFB-D6E9-459E-92A8-118DA5AFBF86}" = Lexware online banking 4.20

"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013

"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers

"{50BC0FF8-F19C-42C3-AB28-55280DA21031}" = Nero 8 Essentials

"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C60A3AC-1E87-45DD-A218-D92735F87E34}" = Lexware QuickBooks PLUS 2007

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6FF8CBD2-0529-40E9-8DE0-5DAFF8C5E6D6}" = funScreenScraping Client Version

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1

"{8580AAB8-93E3-469E-8534-3C9000FFBBF9}" = Lexware QuickBooks PLUS 2007

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9F5CC15D-BA72-431B-A676-0FE5F2513178}" = AVG 2013

"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch

"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers

"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien

"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C622BDFA-0D1A-458F-984A-7ABD395BD7B1}" = IMG2MS

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D00A9F0B-F761-4EAF-90F1-E02CDF16651B}" = Géorando Corse

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E9501E1A-10E0-4FD0-8078-3DCB761D8644}" = Lexware lohnauskunft Grosskunden 2007

"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser

"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1

"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung

"{EE3263CF-F6F7-4913-AE57-B87707F3C78D}" = QuickBooks PLUS 2007

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F358E676-72D0-40C3-BED7-113DCFAE4F32}" = Lexware QuickBooks PLUS 2007

"{F8EF9F7F-5C73-4908-92F8-4A7F92968520}" = Lexware QuickBooks PLUS 2007

"7-Zip" = 7-Zip 9.20

"AC3Filter_is1" = AC3Filter 2.5b

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"ALZip_is1" = ALZip

"AVG" = AVG 2013

"Bass Audio Decoder" = Bass Audio Decoder (remove only)

"Canon iP4900 series Benutzerregistrierung" = Canon iP4900 series Benutzerregistrierung

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)

"C-Media Audio Driver" = C-Media WDM Audio Driver

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Corel Applications" = Corel(R) Applications

"CutePDF Writer Installation" = CutePDF Writer 2.7

"DCoder Image Source" = DCoder Image Source (remove only)

"DirectVobSub" = DirectVobSub (remove only)

"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"ElsterFormular" = ElsterFormular

"ESET Online Scanner" = ESET Online Scanner v3

"ezMS_is1" = ezMS v1.03

"ffdshow_is1" = ffdshow v1.2.4453 [2012-05-21]

"FFMPEG Core Files" = FFMPEG Core Files (remove only)

"FileZilla Client" = FileZilla Client 3.3.5.1

"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)

"HaaliMkx" = Haali Media Splitter

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Imagebatch Resizer_is1" = Imagebatch Resizer 1.3

"lavfilters_is1" = LAV Filters 0.51.3

"MailOut_is1" = MailOut

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NewsletterDesigner_is1" = NewsletterDesigner

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0

"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)

"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)

"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)

"PatternDesigner 1.0" = PatternDesigner 1.0

"PDF Reader 3" = PDF Reader 3

"psynetic®-ImageConverter" = psynetic®-ImageConverter 3.1

"ST6UNST #1" = Mapdekode

"Trojan Remover_is1" = Trojan Remover 6.8.4

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"ZoomPlayer" = Zoom Player (remove only)

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 01.12.2012 05:19:36 | Computer Name = ****** | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung avnotify.exe, Version 12.3.0.34, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 01.12.2012 06:20:47 | Computer Name = ******| Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung mbam.exe, Version 1.62.0.140, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 04.12.2012 06:23:49 | Computer Name = ****** | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung aswmbr.exe, Version 0.9.9.1707, fehlgeschlagenes

 Modul aswmbr.exe, Version 0.9.9.1707, Fehleradresse 0x00005b76.

 

Error - 05.12.2012 10:42:49 | Computer Name = ***** | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.12.2012 10:45:23 | Computer Name = ***** | Source = Microsoft Office 11 | ID = 2000

Description = Accepted Safe Mode action : Microsoft Office Outlook.

 

Error - 05.12.2012 10:47:17 | Computer Name = ***** | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.12.2012 11:02:57 | Computer Name = **** | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung Trjscan.exe, Version 6.8.4.1317, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.12.2012 12:22:40 | Computer Name =***** | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung notepad.exe, Version 5.1.2600.5512, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.12.2012 12:22:42 | Computer Name = ***** | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung notepad.exe, Version 5.1.2600.5512, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 05.12.2012 10:58:31 | Computer Name = **** | Source = Service Control Manager | ID = 7006

Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden

 Fehlers fehlgeschlagen:   %%5

 

Error - 05.12.2012 10:58:31 | Computer Name = *** | Source = Service Control Manager | ID = 7006

Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden

 Fehlers fehlgeschlagen:   %%5

 

Error - 05.12.2012 10:58:48 | Computer Name = ****** | Source = Service Control Manager | ID = 7022

Description = Der Dienst "Automatic Updates" wurde nicht ordnungsgemäß gestartet.

 

Error - 05.12.2012 11:08:08 | Computer Name = ****** | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst avgwd.

 

Error - 05.12.2012 11:23:31 | Computer Name = **** | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst avgwd.

 

Error - 05.12.2012 12:18:05 | Computer Name = ***** | Source = ParVdm | ID = 458754

Description = Zeiger für Geräteobjekt lässt sich nicht für Anschlussobjekt ermitteln.

 

Error - 05.12.2012 12:19:39 | Computer Name = ****** | Source = Service Control Manager | ID = 7006

Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden

 Fehlers fehlgeschlagen:   %%5

 

Error - 05.12.2012 12:19:39 | Computer Name = ***** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "vToolbarUpdater13.3.1" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%2

 

Error - 05.12.2012 12:19:40 | Computer Name = ***** | Source = Service Control Manager | ID = 7006

Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden

 Fehlers fehlgeschlagen:   %%5

 

Error - 05.12.2012 12:24:22 | Computer Name = ***** | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst avgwd.

 

 

< End of report >

--- --- ---
[/code]

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:OTL

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\..\SearchScopes\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=2923f368-5cbf-4129-b667-649dd8d6e456&apn_sauid=F23DD3CF-361E-4F05-9890-A4ECF6A23C06

:Files

C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335}

C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335}

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Eine bescheidene Frage bitte: Wie lange sollte/darf das denn dauern??
Es arbeitet jetzt bereits seit 5 Stunden, ohne erkennbaren Fortschritt :confused:

Ist das ok??

Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.

Danke, ich versuch es!

Geht nicht mit F8! Gibt es noch eine andere Möglichkeit, in den abgesicherten Modus zu kommen?

Lesen

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Mit F8 tut sich leider gar nichts! Vor 2 Tagen ging es aber noch.

Ich bin jetzt über Start-Ausführen-msconfig rein, nur leider erscheint da das Fenster mit der Auswahl nicht. War falsch? :confused:

Code:

 All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

========== FILES ==========

C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335}\U folder moved successfully.

C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335}\L folder moved successfully.

C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} folder moved successfully.

C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335}\U folder moved successfully.

C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335}\L folder moved successfully.

C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} folder moved successfully.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.

 

Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.

Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.

C:\Dokumente und Einstellungen\***\Desktop\cmd.bat deleted successfully.

C:\Dokumente und Einstellungen\***\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: ***

->Temp folder emptied: 40491649 bytes

->Temporary Internet Files folder emptied: 224425893 bytes

->Java cache emptied: 8715100 bytes

->Flash cache emptied: 25586 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2352202 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3768473 bytes

RecycleBin emptied: 542717 bytes

 

Total Files Cleaned = 267,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

========== FILES ==========

File\Folder C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.

File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.

 

Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.

Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.

C:\Dokumente und Einstellungen\***\Desktop\cmd.bat deleted successfully.

C:\Dokumente und Einstellungen\***\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ***

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

========== FILES ==========

File\Folder C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.

File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.

 

Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.

Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.

C:\Dokumente und Einstellungen\****\Desktop\cmd.bat deleted successfully.

C:\Dokumente und Einstellungen\****\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

========== FILES ==========

File\Folder C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.

File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.

 

Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.

Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.

C:\Dokumente und Einstellungen\***\Desktop\cmd.bat deleted successfully.

C:\Dokumente und Einstellungen\***\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ***

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

========== FILES ==========

File\Folder C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.

File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.

 

Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.

Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.

C:\Dokumente und Einstellungen\***\Desktop\cmd.bat deleted successfully.

C:\Dokumente und Einstellungen\***\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ***

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

========== FILES ==========

File\Folder C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.

File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.

 

Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.

Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.

C:\Dokumente und Einstellungen\***\Desktop\cmd.bat deleted successfully.

C:\Dokumente und Einstellungen\***\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ***

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

========== FILES ==========

File\Folder C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.

File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.

 

Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.

Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.

C:\Dokumente und Einstellungen\***\Desktop\cmd.bat deleted successfully.

C:\Dokumente und Einstellungen\***\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ***

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

========== FILES ==========

File\Folder C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.

File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.

 

Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.

Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.

C:\Dokumente und Einstellungen\***\Desktop\cmd.bat deleted successfully.

C:\Dokumente und Einstellungen\***\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ****

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9520A7E5-FA47-4FC7-BC53-504C72FBB1D9}\ not found.

========== FILES ==========

File\Folder C:\WINDOWS\Installer\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.

File\Folder C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\{d0210576-0d7e-6cb3-b8eb-4e0c90da3335} not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.

 

Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.

Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.

C:\Dokumente und Einstellungen\****\Desktop\cmd.bat deleted successfully.

C:\Dokumente und Einstellungen\****\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ****

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 12062012_154235
 

Files\Folders moved on Reboot...
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Hauptsache der Fix lief durch eine neue Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 06.12.2012 16:27:35 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\****\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

767,49 Mb Total Physical Memory | 373,94 Mb Available Physical Memory | 48,72% Memory free

917,96 Mb Paging File | 456,58 Mb Available in Paging File | 49,74% Paging File free

Paging file location(s): C:\pagefile.sys 192 768 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 19,53 Gb Total Space | 4,45 Gb Free Space | 22,80% Space Free | Partition Type: NTFS

Drive D: | 54,99 Gb Total Space | 45,46 Gb Free Space | 82,66% Space Free | Partition Type: NTFS

Drive F: | 807,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: ******* | User Name: **** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Betrachten mit XnView] -- "G:\Garmin\XnView\xnview.exe" "%1"

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"D:\Programme\avgnsx.exe" = D:\Programme\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"D:\Programme\avgdiagex.exe" = D:\Programme\avgdiagex.exe:*:Enabled:AVG-Diagnose 2013 -- (AVG Technologies CZ, s.r.o.)

"D:\Programme\avgmfapx.exe" = D:\Programme\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)

"D:\Programme\avgemcx.exe" = D:\Programme\avgemcx.exe:*:Enabled:Personal E-Mail-Scanner -- (AVG Technologies CZ, s.r.o.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series" = Canon iP4900 series Printer Driver

"{1593510C-943F-444A-AD11-DD9B2ED2CEFD}" = Lexware QuickBooks PLUS 2007

"{17A78BEE-7302-4EB3-9F49-F7E0D8340171}" = Lexware online banking 4.20

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3A14DB5B-8D96-400C-BD97-A5656779099D}" = ArcSoft PhotoStudio 5.5

"{40D5BDFB-D6E9-459E-92A8-118DA5AFBF86}" = Lexware online banking 4.20

"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013

"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers

"{50BC0FF8-F19C-42C3-AB28-55280DA21031}" = Nero 8 Essentials

"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C60A3AC-1E87-45DD-A218-D92735F87E34}" = Lexware QuickBooks PLUS 2007

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6FF8CBD2-0529-40E9-8DE0-5DAFF8C5E6D6}" = funScreenScraping Client Version

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1

"{8580AAB8-93E3-469E-8534-3C9000FFBBF9}" = Lexware QuickBooks PLUS 2007

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9F5CC15D-BA72-431B-A676-0FE5F2513178}" = AVG 2013

"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch

"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers

"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien

"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C622BDFA-0D1A-458F-984A-7ABD395BD7B1}" = IMG2MS

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D00A9F0B-F761-4EAF-90F1-E02CDF16651B}" = Géorando Corse

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E9501E1A-10E0-4FD0-8078-3DCB761D8644}" = Lexware lohnauskunft Grosskunden 2007

"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser

"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1

"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung

"{EE3263CF-F6F7-4913-AE57-B87707F3C78D}" = QuickBooks PLUS 2007

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F358E676-72D0-40C3-BED7-113DCFAE4F32}" = Lexware QuickBooks PLUS 2007

"{F8EF9F7F-5C73-4908-92F8-4A7F92968520}" = Lexware QuickBooks PLUS 2007

"7-Zip" = 7-Zip 9.20

"AC3Filter_is1" = AC3Filter 2.5b

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"ALZip_is1" = ALZip

"AVG" = AVG 2013

"Bass Audio Decoder" = Bass Audio Decoder (remove only)

"Canon iP4900 series Benutzerregistrierung" = Canon iP4900 series Benutzerregistrierung

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)

"C-Media Audio Driver" = C-Media WDM Audio Driver

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Corel Applications" = Corel(R) Applications

"CutePDF Writer Installation" = CutePDF Writer 2.7

"DCoder Image Source" = DCoder Image Source (remove only)

"DirectVobSub" = DirectVobSub (remove only)

"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"ElsterFormular" = ElsterFormular

"ESET Online Scanner" = ESET Online Scanner v3

"ezMS_is1" = ezMS v1.03

"ffdshow_is1" = ffdshow v1.2.4453 [2012-05-21]

"FFMPEG Core Files" = FFMPEG Core Files (remove only)

"FileZilla Client" = FileZilla Client 3.3.5.1

"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)

"HaaliMkx" = Haali Media Splitter

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Imagebatch Resizer_is1" = Imagebatch Resizer 1.3

"lavfilters_is1" = LAV Filters 0.51.3

"MailOut_is1" = MailOut

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NewsletterDesigner_is1" = NewsletterDesigner

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0

"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)

"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)

"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)

"PatternDesigner 1.0" = PatternDesigner 1.0

"PDF Reader 3" = PDF Reader 3

"psynetic®-ImageConverter" = psynetic®-ImageConverter 3.1

"ST6UNST #1" = Mapdekode

"Trojan Remover_is1" = Trojan Remover 6.8.4

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"ZoomPlayer" = Zoom Player (remove only)

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 05.12.2012 10:45:23 | Computer Name = ****** | Source = Microsoft Office 11 | ID = 2000

Description = Accepted Safe Mode action : Microsoft Office Outlook.

 

Error - 05.12.2012 10:47:17 | Computer Name = ***** | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.12.2012 11:02:57 | Computer Name = ******* | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung Trjscan.exe, Version 6.8.4.1317, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.12.2012 12:22:40 | Computer Name = ****** | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung notepad.exe, Version 5.1.2600.5512, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.12.2012 12:22:42 | Computer Name = ****** | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung notepad.exe, Version 5.1.2600.5512, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.12.2012 14:30:43 | Computer Name = ****** | Source = .NET Runtime Optimization Service | ID = 1101

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Failed to compile: PresentationFramework.Classic, Version=3.0.0.0, Culture=neutral,

 PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020  

 

Error - 05.12.2012 14:43:57 | Computer Name = ******** | Source = MsiInstaller | ID = 11706

Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt

 "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows

 Installer kann nicht fortfahren.

 

Error - 05.12.2012 14:44:01 | Computer Name = ***** | Source = MsiInstaller | ID = 1023

Description = Produkt: Microsoft .NET Framework 1.1 - Update "{8F736E10-8E5C-4399-A532-D0C00A406227}"

 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in

 der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log

 enthalten.

 

Error - 05.12.2012 14:44:11 | Computer Name = ******* | Source = NativeWrapper | ID = 5000

Description = 

 

Error - 06.12.2012 11:44:32 | Computer Name = ***** | Source = .NET Runtime Optimization Service | ID = 1101

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Failed to compile: System.AddIn, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

 . Error code = 0x80070020  

 

[ System Events ]

Error - 06.12.2012 10:46:18 | Computer Name = ***** | Source = Service Control Manager | ID = 7001

Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 06.12.2012 10:46:18 | Computer Name = ***** | Source = Service Control Manager | ID = 7001

Description = Der Dienst "AVGIDSAgent" ist vom Dienst "AVGIDSDriver" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 06.12.2012 10:46:18 | Computer Name = ****** | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   AFD  AVGIDSDriver  AVGIDSShim  Avgldx86  Avgtdix  Fips  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd

Rdbss

Tcpip

WS2IFSL

 

Error - 06.12.2012 10:46:54 | Computer Name = ******* | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 06.12.2012 10:49:56 | Computer Name = ****** | Source = ParVdm | ID = 458754

Description = Zeiger für Geräteobjekt lässt sich nicht für Anschlussobjekt ermitteln.

 

Error - 06.12.2012 10:52:32 | Computer Name = *******| Source = Service Control Manager | ID = 7006

Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden

 Fehlers fehlgeschlagen:   %%5

 

Error - 06.12.2012 10:52:32 | Computer Name = ********* | Source = Service Control Manager | ID = 7006

Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden

 Fehlers fehlgeschlagen:   %%5

 

Error - 06.12.2012 10:52:32 | Computer Name = ****** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "vToolbarUpdater13.3.1" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%2

 

Error - 06.12.2012 10:54:21 | Computer Name = ***** | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst

 auf Anwendungsebene.

 

Error - 06.12.2012 10:54:23 | Computer Name = ****** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1053

 

 

< End of report >

--- --- ---
[/code]

Zitat:

Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Warum nur die Extras.txt?!

Ach verdammt!:headbang:
OTL Logfile:

Code:

OTL logfile created on: 06.12.2012 16:27:35 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

767,49 Mb Total Physical Memory | 373,94 Mb Available Physical Memory | 48,72% Memory free

917,96 Mb Paging File | 456,58 Mb Available in Paging File | 49,74% Paging File free

Paging file location(s): C:\pagefile.sys 192 768 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 19,53 Gb Total Space | 4,45 Gb Free Space | 22,80% Space Free | Partition Type: NTFS

Drive D: | 54,99 Gb Total Space | 45,46 Gb Free Space | 82,66% Space Free | Partition Type: NTFS

Drive F: | 807,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: ***** | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)

PRC - D:\Programme\avgui.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Programme\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Programme\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Programme\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Programme\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Programme\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Programme\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)

PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)

PRC - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

PRC - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)

PRC - c:\Programme\Gemeinsame Dateien\Lexware\LxWebAccess\LxWebAccess.exe (Lexware GmbH & Co. KG)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()

MOD - C:\WINDOWS\system32\cpwmon2k.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (vToolbarUpdater13.3.1) -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\13.3.1\ToolbarUpdater.exe File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (AVGIDSAgent) -- D:\Programme\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- D:\Programme\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)

SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)

SRV - (MZCCntrl) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (cpuz132) -- C:\DOKUME~1\***\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys File not found

DRV - (Changer) --  File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)

DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)

DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)

DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)

DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

DRV - (LgBttPort) -- C:\WINDOWS\system32\drivers\lgbtport.sys (LG Electronics Inc.)

DRV - (LGVMODEM) -- C:\WINDOWS\system32\drivers\lgvmodem.sys (LG Electronics Inc.)

DRV - (lgbusenum) -- C:\WINDOWS\system32\drivers\lgbtbus.sys (LG Electronics Inc.)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (MIINPazX) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

DRV - (MACNDIS5) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\..\SearchScopes,DefaultScope = {B1AF08D0-3F4C-4850-B010-E6A9687AA917}

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\..\SearchScopes\{B1AF08D0-3F4C-4850-B010-E6A9687AA917}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de

IE - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )

 

 

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}

CHR - default_search_provider: suggest_url = 

 

O1 HOSTS File: ([2012.12.06 15:43:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)

O4 - HKLM..\Run: [AVG_UI] D:\Programme\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [TrojanScanner] D:\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKLM..\Run: [vProt] "C:\Programme\AVG Secure Search\vprot.exe" File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Lexware Info Service.lnk = C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O7 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found

O15 - HKU\S-1-5-21-839522115-1645522239-1606980848-1004\..Trusted Domains: google.de ([www] http in Vertrauenswürdige Sites)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239275688921 (WUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1D6B014-212A-4934-A5BB-4A39837D0D8E}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll File not found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ute\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ute\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.04.09 11:22:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk /r \??\G:)

O34 - HKLM BootExecute: (D:\PROGRA~1\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.06 10:21:45 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.12.06 10:18:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth

[2012.12.05 14:52:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AVG2013

[2012.12.05 14:39:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG

[2012.12.05 14:39:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search

[2012.12.05 14:37:44 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys

[2012.12.05 14:19:09 | 000,000,000 | -H-D | C] -- C:\$AVG

[2012.12.05 14:19:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013

[2012.12.05 14:07:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\MFAData

[2012.12.05 14:07:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2012.12.05 14:07:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Avg2013

[2012.12.05 14:01:13 | 121,907,392 | ---- | C] (AVG Technologies) -- C:\Dokumente und Einstellungen\***\Desktop\avg_free_x86_all_2013_2793a5877.exe

[2012.12.05 09:42:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012.12.04 19:04:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012.12.04 14:36:24 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012.12.04 14:33:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012.12.04 14:33:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012.12.04 14:33:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012.12.04 14:33:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012.12.04 14:33:00 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.12.04 14:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2012.12.04 14:31:58 | 005,009,299 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe

[2012.12.04 14:15:48 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***\Desktop\tdsskiller.exe

[2012.12.03 11:19:57 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\***\Desktop\aswMBR.exe

[2012.12.01 13:47:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\Viruslogs

[2012.11.30 13:10:22 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.11.29 13:21:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2012.11.29 12:52:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2012.11.29 12:52:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.11.29 12:52:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.11.29 12:52:12 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.11.29 12:52:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.11.23 15:05:49 | 000,000,000 | R--D | C] -- C:\Favoriten

[2012.11.21 13:13:35 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\LG PC Suite IV

[2012.11.21 13:13:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\LG Electronics

[2011.03.03 11:30:55 | 003,314,038 | ---- | C] (Avira GmbH) -- C:\Programme\aeheur.dll

[2011.03.03 11:30:55 | 001,282,426 | ---- | C] (Avira GmbH) -- C:\Programme\aescript.dll

[2011.03.03 11:30:55 | 000,635,252 | ---- | C] (Avira GmbH) -- C:\Programme\aerdl.dll

[2011.03.03 11:30:55 | 000,520,566 | ---- | C] (Avira GmbH) -- C:\Programme\aepack.dll

[2011.03.03 11:30:55 | 000,397,683 | ---- | C] (Avira GmbH) -- C:\Programme\aegen.dll

[2011.03.03 11:30:55 | 000,393,589 | ---- | C] (Avira GmbH) -- C:\Programme\aeemu.dll

[2011.03.03 11:30:55 | 000,368,680 | ---- | C] (Avira GmbH) -- C:\Programme\avpack32.dll

[2011.03.03 11:30:55 | 000,254,324 | ---- | C] (Avira GmbH) -- C:\Programme\aesbx.dll

[2011.03.03 11:30:55 | 000,246,134 | ---- | C] (Avira GmbH) -- C:\Programme\aehelp.dll

[2011.03.03 11:30:55 | 000,196,983 | ---- | C] (Avira GmbH) -- C:\Programme\aecore.dll

[2011.03.03 11:30:55 | 000,174,120 | ---- | C] (Avira GmbH) -- C:\Programme\avrep.dll

[2011.03.03 11:30:55 | 000,127,349 | ---- | C] (Avira GmbH) -- C:\Programme\aescn.dll

[2011.03.03 11:30:55 | 000,106,868 | ---- | C] (Avira GmbH) -- C:\Programme\aevdf.dll

[2011.03.03 11:30:55 | 000,077,569 | ---- | C] (ACE Compression Software) -- C:\Programme\unacev2.dll

[2011.03.03 11:30:55 | 000,053,618 | ---- | C] (Avira GmbH) -- C:\Programme\aebb.dll

[2010.08.03 13:55:02 | 001,616,984 | ---- | C] (GARMIN Corp.) -- C:\Programme\MapSource_Lang.dll

[2010.03.09 13:16:00 | 002,114,184 | ---- | C] (Facebook, Inc.) -- C:\Programme\Install_Facebook_Plug-In_1.0.3.exe

[2009.10.12 10:45:52 | 016,020,091 | ---- | C] (Arclab Software Technologies                                ) -- C:\Programme\MailList-Controller-Free.exe

[2009.05.05 09:57:44 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Programme\unicows.dll

[2009.05.05 09:57:44 | 000,189,808 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AutoPlay.exe

[2009.05.05 09:45:38 | 001,084,936 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\APEX9_Win_WEB_WWEFG.exe

[2009.04.27 11:12:51 | 000,555,882 | ---- | C] (Next Dimension Studios                                      ) -- C:\Programme\Imagebatch Resizer Setup 1.3.exe

[2009.04.23 13:01:15 | 002,723,208 | ---- | C] (IN MEDIA KG                                                 ) -- C:\Programme\nldsetup-download-tipp.exe

[2009.04.23 12:59:58 | 000,989,176 | ---- | C] (Inprise Corporation) -- C:\Programme\BDEADMIN.EXE

[2009.04.23 12:58:02 | 007,809,864 | ---- | C] (IN MEDIA KG                                                 ) -- C:\Programme\mailout_setup-download-tipp.exe

[2009.04.23 12:43:50 | 016,020,022 | ---- | C] (Arclab Software Technologies                                ) -- C:\Programme\Newsletter.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.06 16:09:04 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.06 16:05:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012.12.06 15:50:43 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.06 15:49:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.12.06 15:43:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2012.12.06 10:11:35 | 003,692,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.12.05 19:47:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.12.05 19:02:48 | 000,462,750 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.12.05 19:02:48 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.12.05 19:02:48 | 000,085,772 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.12.05 19:02:48 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.12.05 16:22:14 | 000,540,743 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\adwcleaner.exe

[2012.12.05 14:39:55 | 000,000,532 | ---- | M] () -- D:\Desktop\AVG 2013.lnk

[2012.12.05 14:37:16 | 000,003,544 | ---- | M] () -- C:\WINDOWS\System32\avg-secure-search.xml

[2012.12.05 14:36:27 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys

[2012.12.05 14:02:15 | 121,907,392 | ---- | M] (AVG Technologies) -- C:\Dokumente und Einstellungen\***\Desktop\avg_free_x86_all_2013_2793a5877.exe

[2012.12.05 09:10:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.12.04 14:31:58 | 005,009,299 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\****\Desktop\ComboFix.exe

[2012.12.04 14:15:55 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\****\Desktop\tdsskiller.exe

[2012.12.04 13:25:59 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\MBR.dat

[2012.12.03 11:29:42 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\2i9bkfxn.exe

[2012.12.03 11:19:57 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\****\Desktop\aswMBR.exe

[2012.11.29 13:21:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe

[2012.11.29 13:20:45 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe

[2012.11.29 13:19:25 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\tocy4imq.exe

[2012.11.29 12:52:17 | 000,000,646 | ---- | M] () -- D:\Desktop\Malwarebytes Anti-Malware.lnk

[2012.11.23 14:04:45 | 000,001,246 | ---- | M] () -- C:\WINDOWS\pstudio.ini

[2012.11.23 14:04:45 | 000,000,011 | ---- | M] () -- C:\WINDOWS\album.ini

[2012.11.09 15:17:45 | 000,000,077 | ---- | M] () -- C:\Dokumente und Einstellungen\Ute****\default.pls

[2012.11.09 15:17:40 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

 
 ========== Files Created - No Company Name ==========

 

[2012.12.05 16:22:13 | 000,540,743 | ---- | C] () -- C:\Dokumente und Einstellungen\Ute\Desktop\adwcleaner.exe

[2012.12.05 14:39:55 | 000,000,532 | ---- | C] () -- D:\Desktop\AVG 2013.lnk

[2012.12.05 14:37:16 | 000,003,544 | ---- | C] () -- C:\WINDOWS\System32\avg-secure-search.xml

[2012.12.04 14:36:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012.12.04 14:36:33 | 000,262,448 | RHS- | C] () -- C:\cmldr

[2012.12.04 14:33:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012.12.04 14:33:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012.12.04 14:33:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012.12.04 14:33:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012.12.04 14:33:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012.12.04 13:25:59 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\MBR.dat

[2012.12.03 11:29:41 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Ute\Desktop\2i9bkfxn.exe

[2012.11.29 13:20:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe

[2012.11.29 13:19:24 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\tocy4imq.exe

[2012.11.29 12:52:17 | 000,000,646 | ---- | C] () -- D:\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.31 14:55:24 | 000,040,683 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Disk2vhd.chm

[2012.10.27 10:17:57 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2012.07.26 17:17:23 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll

[2012.07.26 11:47:03 | 010,405,766 | ---- | C] () -- C:\Programme\SetupAssistant_5.05.013.exe

[2012.02.24 13:53:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.11.18 11:18:05 | 000,002,486 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin

[2011.06.07 15:07:10 | 000,000,578 | ---- | C] () -- C:\WINDOWS\System32\Verknüpfung (2) mit spider.exe.lnk

[2011.06.01 15:03:20 | 000,000,578 | ---- | C] () -- C:\WINDOWS\System32\Verknüpfung mit spider.exe.lnk

[2011.03.22 14:56:48 | 000,000,136 | ---- | C] () -- C:\WINDOWS\UI.INI

[2011.03.11 14:05:03 | 000,014,507 | ---- | C] () -- C:\Programme\illustrator-befehleshortcuts_e-d.ods

[2011.03.09 17:57:02 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011.03.09 14:41:14 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe

[2011.03.05 16:00:11 | 000,000,842 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.recently-used.xbel

[2011.03.05 15:52:16 | 016,357,376 | ---- | C] () -- C:\Programme\gs871w32.exe

[2011.03.03 11:31:36 | 000,019,170 | ---- | C] () -- C:\Programme\vdf.info

[2011.03.03 11:31:02 | 000,159,232 | ---- | C] () -- C:\Programme\vbase018.vdf

[2011.03.03 11:31:02 | 000,157,184 | ---- | C] () -- C:\Programme\vbase013.vdf

[2011.03.03 11:31:02 | 000,148,992 | ---- | C] () -- C:\Programme\vbase019.vdf

[2011.03.03 11:31:02 | 000,140,288 | ---- | C] () -- C:\Programme\vbase016.vdf

[2011.03.03 11:31:02 | 000,128,000 | ---- | C] () -- C:\Programme\vbase015.vdf

[2011.03.03 11:31:02 | 000,124,416 | ---- | C] () -- C:\Programme\vbase017.vdf

[2011.03.03 11:31:02 | 000,120,320 | ---- | C] () -- C:\Programme\vbase014.vdf

[2011.03.03 11:31:02 | 000,023,552 | ---- | C] () -- C:\Programme\vbase031.vdf

[2011.03.03 11:31:02 | 000,002,785 | ---- | C] () -- C:\Programme\vdf.info.gz

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase030.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase029.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase028.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase027.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase026.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase025.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase024.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase023.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase022.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase021.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase020.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase012.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase011.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase010.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase009.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase008.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase007.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase006.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase005.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase004.vdf

[2011.03.03 11:31:02 | 000,002,048 | ---- | C] () -- C:\Programme\vbase003.vdf

[2011.03.03 11:31:01 | 001,950,720 | ---- | C] () -- C:\Programme\vbase002.vdf

[2011.03.03 11:30:56 | 013,342,208 | ---- | C] () -- C:\Programme\vbase001.vdf

[2011.03.03 11:30:55 | 019,875,328 | ---- | C] () -- C:\Programme\vbase000.vdf

[2011.03.03 11:30:55 | 000,057,440 | ---- | C] () -- C:\Programme\aelidb.dat

[2011.03.03 11:30:55 | 000,002,254 | ---- | C] () -- C:\Programme\aeset.dat

[2011.03.03 11:30:55 | 000,001,749 | ---- | C] () -- C:\Programme\ave2-win32-int.info.gz

[2011.03.03 11:30:55 | 000,001,224 | ---- | C] () -- C:\Programme\aevdf.dat

[2011.03.03 11:30:55 | 000,000,449 | ---- | C] () -- C:\Programme\specvir-win32-int.info.gz

[2011.03.03 11:30:55 | 000,000,000 | ---- | C] () -- C:\Programme\master.idx

[2011.03.03 11:29:30 | 039,865,317 | ---- | C] () -- C:\Programme\vdf_fusebundle.zip

[2011.02.17 17:29:53 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2011.02.17 17:29:53 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2011.02.17 17:29:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2011.02.17 17:29:53 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2011.02.17 13:38:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011.01.12 17:17:12 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2011.01.12 17:17:11 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2010.08.01 18:48:27 | 000,000,514 | ---- | C] () -- C:\Programme\importieren.bin

[2009.08.17 14:36:50 | 000,038,431 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Tabulatorgetrennte Werte (Windows).ADR

[2009.08.17 11:58:05 | 000,038,425 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft Excel.ADR

[2009.05.27 09:17:50 | 000,081,920 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.05.05 09:57:43 | 000,000,055 | ---- | C] () -- C:\Programme\Autorun.inf

[2009.05.05 09:57:41 | 000,017,015 | ---- | C] () -- C:\Programme\Liesmich.htm

[2009.05.05 09:57:41 | 000,015,557 | ---- | C] () -- C:\Programme\ReadMe.htm

[2009.05.05 09:45:38 | 884,256,055 | ---- | C] () -- C:\Programme\APEX9_Win_WEB_WWEFG.7z

[2009.04.23 12:59:58 | 000,880,364 | ---- | C] () -- C:\Programme\JAPAN.BTL

[2009.04.23 12:59:58 | 000,647,168 | ---- | C] () -- C:\Programme\IDDAO32.DLL

[2009.04.23 12:59:58 | 000,601,600 | ---- | C] () -- C:\Programme\IDDA3532.DLL

[2009.04.23 12:59:58 | 000,589,312 | ---- | C] () -- C:\Programme\IDAPI32.DLL

[2009.04.23 12:59:58 | 000,517,810 | ---- | C] () -- C:\Programme\FAREAST.BTL

[2009.04.23 12:59:58 | 000,464,896 | ---- | C] () -- C:\Programme\IDSQL32.DLL

[2009.04.23 12:59:58 | 000,454,144 | ---- | C] () -- C:\Programme\IDDBAS32.DLL

[2009.04.23 12:59:58 | 000,436,224 | ---- | C] () -- C:\Programme\IDODBC32.DLL

[2009.04.23 12:59:58 | 000,422,400 | ---- | C] () -- C:\Programme\IDQBE32.DLL

[2009.04.23 12:59:58 | 000,255,488 | ---- | C] () -- C:\Programme\IDPDX32.DLL

[2009.04.23 12:59:58 | 000,250,896 | ---- | C] () -- C:\Programme\EUROPE.BTL

[2009.04.23 12:59:58 | 000,167,936 | ---- | C] () -- C:\Programme\IDDR32.DLL

[2009.04.23 12:59:58 | 000,144,454 | ---- | C] () -- C:\Programme\CHARSET.CVB

[2009.04.23 12:59:58 | 000,139,264 | ---- | C] () -- C:\Programme\IDBAT32.DLL

[2009.04.23 12:59:58 | 000,122,170 | ---- | C] () -- C:\Programme\CEEUROPE.BTL

[2009.04.23 12:59:58 | 000,116,736 | ---- | C] () -- C:\Programme\IDR20009.DLL

[2009.04.23 12:59:58 | 000,116,224 | ---- | C] () -- C:\Programme\IDASCI32.DLL

[2009.04.23 12:59:58 | 000,101,376 | ---- | C] () -- C:\Programme\bantam.dll

[2009.04.23 12:59:58 | 000,059,950 | ---- | C] () -- C:\Programme\OTHER.BTL

[2009.04.23 12:59:58 | 000,045,568 | ---- | C] () -- C:\Programme\BLW32.DLL

[2009.04.23 12:59:58 | 000,036,458 | ---- | C] () -- C:\Programme\USA.BTL

[2009.04.23 12:59:58 | 000,002,486 | ---- | C] () -- C:\Programme\BDEADMIN.TOC

[2009.04.23 12:59:58 | 000,000,081 | ---- | C] () -- C:\Programme\IDAPI32.CFG

[2009.04.20 10:54:38 | 000,000,077 | ---- | C] () -- C:\Dokumente und Einstellungen\Ute\default.pls

[2009.04.10 13:00:58 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

 
 ========== ZeroAccess Check ==========

 

[2009.04.10 12:57:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

--- --- ---
[/code]

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Laut Malwarebites keine infizierten Dateien.

Nach 21 stündigem Scan, hier der ESET LOg:

Code:

 ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=11c123bd87118f44a854c495e253ee0d

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-30 01:34:15

# local_time=2012-11-30 02:34:15 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1792 16777175 100 0 12807666 12807666 0 0

# compatibility_mode=8192 67108863 100 0 4422 4422 0 0

# scanned=31426

# found=0

# cleaned=0

# scan_time=4217

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=11c123bd87118f44a854c495e253ee0d

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-01 06:31:21

# local_time=2012-12-01 07:31:21 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1792 16777175 100 0 12811959 12811959 0 0

# compatibility_mode=8192 67108863 100 0 8715 8715 0 0

# scanned=494081

# found=2

# cleaned=0

# scan_time=60967

D:\RECYCLER\S-1-5-21-839522115-1645522239-1606980848-1004\Dd1.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

G:\ElsterFormular\SoftonicDownloader38556.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=11c123bd87118f44a854c495e253ee0d

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-07 10:24:02

# local_time=2012-12-07 11:24:02 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# scanned=28478

# found=0

# cleaned=0

# scan_time=3083

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=11c123bd87118f44a854c495e253ee0d

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-07 11:19:45

# local_time=2012-12-07 12:19:45 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# scanned=28483

# found=0

# cleaned=0

# scan_time=3033

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=11c123bd87118f44a854c495e253ee0d

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-07 12:01:50

# local_time=2012-12-07 01:01:50 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# scanned=28485

# found=0

# cleaned=0

# scan_time=2359

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=11c123bd87118f44a854c495e253ee0d

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-08 09:14:30

# local_time=2012-12-08 10:14:30 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# scanned=488597

# found=0

# cleaned=0

# scan_time=76021

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?