Trojaner-Board - GVU sehr hartnäckig

Sooo, beim Fixen hat er mir angezeigt: "Fehler beim erstellen der LOG" und anschliessend hat er mir einen leeren Editor gezeigt. dadurch habe ich diese Log datei leider nicht.
aber aus dem Scan die beiden Logs habe ich hier:

Code:

OTL logfile created on: 03.06.2013 17:23:18 - Run 5

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\wahl2\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 63,94% Memory free

3,85 Gb Paging File | 3,09 Gb Available in Paging File | 80,40% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 200,09 Gb Total Space | 176,42 Gb Free Space | 88,17% Space Free | Partition Type: NTFS

Drive E: | 265,67 Gb Total Space | 265,59 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Drive G: | 380,35 Gb Total Space | 109,06 Gb Free Space | 28,67% Space Free | Partition Type: NTFS

Drive V: | 380,35 Gb Total Space | 109,06 Gb Free Space | 28,67% Space Free | Partition Type: NTFS

 

Computer Name: HR_WAHL_2009 | User Name: wahl2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.05.30 15:17:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\wahl2\Desktop\OTL.exe

PRC - [2010.08.04 10:51:34 | 003,889,064 | ---- | M] (CANON INC.) -- C:\Programme\Canon\DIAS\CnxDIAS.exe

PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.12.20 02:50:00 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe

PRC - [2006.12.20 02:50:00 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe

PRC - [2006.12.20 02:50:00 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe

PRC - [2006.12.20 02:50:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\Mctray.exe

PRC - [2006.11.30 09:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe

PRC - [2006.11.30 09:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2008.10.07 13:33:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll

MOD - [2008.05.02 06:15:37 | 000,010,240 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll

MOD - [2006.12.20 02:50:00 | 000,120,384 | ---- | M] () -- C:\Programme\McAfee\Common Framework\naXML71.dll

MOD - [2006.12.20 02:50:00 | 000,071,232 | ---- | M] () -- C:\Programme\McAfee\Common Framework\naisign.dll

MOD - [2006.11.30 09:50:00 | 000,149,080 | ---- | M] () -- C:\Programme\McAfee\VirusScan Enterprise\VsEvntUI.DLL

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.05.15 15:45:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.08.04 10:51:34 | 003,889,064 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Programme\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)

SRV - [2010.07.08 16:13:38 | 001,841,664 | ---- | M] (KS System GmbH) [Disabled | Stopped] -- C:\Programme\Terminal Download II\GhostDownload2ServV100.exe -- (GhostDownload2Service)

SRV - [2009.05.29 12:33:55 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\jre\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2008.06.24 17:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2006.12.20 02:50:00 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2006.11.30 09:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)

SRV - [2006.11.30 09:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rvxtjwraw.sys -- (qxjdwyf)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2009.06.05 09:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2008.10.13 18:26:10 | 004,879,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2008.04.14 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)

DRV - [2006.11.30 09:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2006.11.30 09:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2006.11.30 09:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2006.11.30 09:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2006.11.30 09:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2006.11.30 09:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Programme\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)

DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.60.1:80

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.60.1:80

 

 

 

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\..\SearchScopes,DefaultScope = {10F64DF7-0E9E-4B9E-A066-6ED38527281D}

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\..\SearchScopes\{10F64DF7-0E9E-4B9E-A066-6ED38527281D}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.60.1:80

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\jre\lib\deploy\jqs\ff [2009.05.29 12:33:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2013.06.03 13:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Mozilla\Extensions

[2013.05.30 10:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions

[2013.05.30 10:09:30 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

O1 HOSTS File: ([2013.05.31 14:00:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\jre\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\jre\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] \\SERVER2011\RedirectedFolders\Wahl2\My Documents\139d2e78.exe File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Backnet Office Pro Synchronisierung.lnk = C:\Bop\bopklient\forms\SyncApp.exe (Backnet E&S)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\..Trusted Domains: dyndns.org ([wahl-back] HTTPS in Local intranet)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369898901955 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.60.1 192.168.60.254 4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wahl.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FB7C888-1C72-4819-AE57-638213E6DFF5}: DhcpNameServer = 192.168.60.1 192.168.60.254 4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F214278F-2202-4950-A9D0-2041A111EDF4}: DhcpNameServer = 192.168.60.1 192.168.60.254 4.2.2.2

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136 Winlogon: Shell - (cmd.exe) -  File not found

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\wahl2\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.12.16 14:38:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.06.03 17:20:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Windows Search

[2013.06.03 17:12:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\wahl2\Desktop\OTL.exe

[2013.06.03 14:50:32 | 000,000,000 | ---D | C] -- C:\Downloads

[2013.06.03 13:54:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Mozilla

[2013.06.03 12:48:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Windows Desktop Search

[2013.06.01 09:15:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Windows Small Business Server

[2013.05.31 15:06:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013.05.31 15:05:14 | 000,000,000 | ---D | C] -- C:\_OTL

[2013.05.31 13:50:23 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013.05.31 13:13:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013.05.31 13:13:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013.05.31 13:13:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013.05.31 13:13:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013.05.31 12:54:44 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.05.31 12:54:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013.05.30 10:09:32 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service

[2013.05.30 10:09:28 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox

[2013.05.30 09:59:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HitmanPro

[2013.05.30 09:59:44 | 000,000,000 | ---D | C] -- C:\Programme\HitmanPro

[2013.05.30 09:59:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro

[2013.05.30 09:37:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe

[2013.05.30 09:29:12 | 000,015,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui

[2013.05.24 09:42:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp

[2013.05.24 09:42:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hps

[2013.05.24 09:42:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Pixum Fotobuch

[2013.05.24 09:38:53 | 000,000,000 | ---D | C] -- C:\Programme\Pixum

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.06.03 17:18:45 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2013.06.03 17:16:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013.06.03 17:16:04 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys

[2013.06.03 17:14:13 | 000,000,846 | RHS- | M] () -- C:\Dokumente und Einstellungen\wahl2\ntuser.pol

[2013.06.03 16:45:22 | 000,890,839 | ---- | M] () -- C:\Dokumente und Einstellungen\wahl2\Desktop\SecurityCheck.exe

[2013.06.03 16:45:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013.06.03 12:21:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013.06.01 09:15:20 | 000,000,212 | ---- | M] () -- C:\Dokumente und Einstellungen\wahl2\Desktop\Interne Website.lnk

[2013.05.31 14:01:12 | 000,487,922 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2013.05.31 14:01:12 | 000,444,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013.05.31 14:01:12 | 000,095,776 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2013.05.31 14:01:12 | 000,072,476 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013.05.31 14:00:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013.05.31 13:50:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2013.05.30 15:17:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\wahl2\Desktop\OTL.exe

[2013.05.30 10:09:33 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2013.05.30 10:07:19 | 000,001,503 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Browserwahl.lnk

[2013.05.30 09:52:30 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013.05.30 09:43:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013.05.30 09:12:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2013.05.27 13:11:28 | 000,000,432 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI

[2013.05.24 09:42:14 | 000,000,785 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Fotoschau.lnk

[2013.05.24 09:42:13 | 000,000,810 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Pixum Fotobuch.lnk

[2013.05.15 15:45:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013.05.15 15:45:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

 
 ========== Files Created - No Company Name ==========

 

[2013.06.03 16:43:06 | 000,890,839 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\Desktop\SecurityCheck.exe

[2013.06.03 12:40:56 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys

[2013.05.31 13:50:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2013.05.31 13:50:23 | 000,262,448 | RHS- | C] () -- C:\cmldr

[2013.05.31 13:13:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013.05.31 13:13:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013.05.31 13:13:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013.05.31 13:13:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013.05.31 13:13:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013.05.30 10:09:33 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk

[2013.05.30 10:09:33 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2013.05.30 10:07:19 | 000,001,503 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Browserwahl.lnk

[2013.05.30 09:43:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2013.05.24 09:42:14 | 000,000,785 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Fotoschau.lnk

[2013.05.24 09:42:13 | 000,000,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Pixum Fotobuch.lnk

[2012.02.14 23:17:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.01.13 22:49:13 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2011.11.08 11:07:34 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2011.08.01 11:47:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe

[2011.08.01 11:47:04 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI

[2011.08.01 10:57:44 | 000,000,787 | ---- | C] () -- C:\WINDOWS\UninstBOP.ini

[2011.07.26 11:07:59 | 000,000,846 | RHS- | C] () -- C:\Dokumente und Einstellungen\wahl2\ntuser.pol

[2010.07.26 13:16:16 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.05.29 12:41:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\KeyTools.lck

[2009.05.29 12:41:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\KeyToolHidCom_6006347.lck

[2009.05.29 12:37:34 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\AutoStarter.lck

[2009.05.29 12:34:11 | 000,035,941 | ---- | C] () -- C:\Programme\buildlog.xml

[2009.01.19 14:34:20 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2009.01.19 12:18:22 | 000,013,908 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

 
 ========== ZeroAccess Check ==========

 

[2008.12.16 14:47:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008.10.16 03:00:25 | 001,499,136 | ---- | M] (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

Code:

OTL Extras logfile created on: 03.06.2013 17:23:18 - Run 5

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\wahl2\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 63,94% Memory free

3,85 Gb Paging File | 3,09 Gb Available in Paging File | 80,40% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 200,09 Gb Total Space | 176,42 Gb Free Space | 88,17% Space Free | Partition Type: NTFS

Drive E: | 265,67 Gb Total Space | 265,59 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Drive G: | 380,35 Gb Total Space | 109,06 Gb Free Space | 28,67% Space Free | Partition Type: NTFS

Drive V: | 380,35 Gb Total Space | 109,06 Gb Free Space | 28,67% Space Free | Partition Type: NTFS

 

Computer Name: HR_WAHL_2009 | User Name: wahl2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-1250491402-4247718661-2145709833-1136\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Fotoschau] -- "C:\Programme\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()

Directory [Pixum Fotobuch] -- "C:\Programme\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()

Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]

"Enabled" = 1

"AllowUserPrefMerge" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

"%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance" = %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance -- (Microsoft Corporation)

"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance -- (Microsoft Corporation)

"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"Enabled" = 1

"AllowUserPrefMerge" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]

"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]

"Enabled" = 1

"RemoteAddresses" = LocalSubnet

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]

"Enabled" = 1

"RemoteAddresses" = *

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]

"AllowUserPrefMerge" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]

"AllowUserPrefMerge" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent

"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack

"{891D0B03-05DF-4CD1-B267-268FDA1C1031}" = Nero 8 Essentials

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Backnet Office Pro" = Backnet Office Pro

"CamControl LITE_is1" = CamControl LITE V 4.09

"CCleaner" = CCleaner

"HitmanPro37" = HitmanPro 3.7

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA Drivers" = NVIDIA Drivers

"Pixum Fotobuch" = Pixum Fotobuch

"PROHYBRIDR" = 2007 Microsoft Office system

"Unlocker" = Unlocker 1.8.7

"VDO Downloadterminal II" = VDO Downloadterminal II V1.0.0.10

"VLC media player" = VLC media player 0.9.8a

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 03.06.2013 08:47:36 | Computer Name = HR_WAHL_2009 | Source = EventSystem | ID = 4609

Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 

der internen Verarbeitung erkannt. HRESULT war 80070424 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

 Wenden Sie sich an den Microsoft-Produktsuppor

 

Error - 03.06.2013 08:55:20 | Computer Name = HR_WAHL_2009 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 21.0.0.4879, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 03.06.2013 08:55:50 | Computer Name = HR_WAHL_2009 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 21.0.0.4879, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 03.06.2013 10:43:52 | Computer Name = HR_WAHL_2009 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 21.0.0.4879, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 03.06.2013 11:09:46 | Computer Name = HR_WAHL_2009 | Source = EventSystem | ID = 4609

Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 

der internen Verarbeitung erkannt. HRESULT war 80070424 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

 Wenden Sie sich an den Microsoft-Produktsuppor

 

Error - 03.06.2013 11:09:46 | Computer Name = HR_WAHL_2009 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.

 

Error - 03.06.2013 11:11:05 | Computer Name = HR_WAHL_2009 | Source = EventSystem | ID = 4609

Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 

der internen Verarbeitung erkannt. HRESULT war 80070424 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

 Wenden Sie sich an den Microsoft-Produktsuppor

 

Error - 03.06.2013 11:16:34 | Computer Name = HR_WAHL_2009 | Source = EventSystem | ID = 4609

Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 

der internen Verarbeitung erkannt. HRESULT war 80070424 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

 Wenden Sie sich an den Microsoft-Produktsuppor

 

Error - 03.06.2013 11:16:34 | Computer Name = HR_WAHL_2009 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.

 

Error - 03.06.2013 11:18:45 | Computer Name = HR_WAHL_2009 | Source = EventSystem | ID = 4609

Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 

der internen Verarbeitung erkannt. HRESULT war 80070424 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

 Wenden Sie sich an den Microsoft-Produktsuppor

 

[ Application Events ]

Error - 03.06.2013 08:47:36 | Computer Name = HR_WAHL_2009 | Source = EventSystem | ID = 4609

Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 

der internen Verarbeitung erkannt. HRESULT war 80070424 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

 Wenden Sie sich an den Microsoft-Produktsuppor

 

Error - 03.06.2013 08:55:20 | Computer Name = HR_WAHL_2009 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 21.0.0.4879, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 03.06.2013 08:55:50 | Computer Name = HR_WAHL_2009 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 21.0.0.4879, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 03.06.2013 10:43:52 | Computer Name = HR_WAHL_2009 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 21.0.0.4879, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 03.06.2013 11:09:46 | Computer Name = HR_WAHL_2009 | Source = EventSystem | ID = 4609

Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 

der internen Verarbeitung erkannt. HRESULT war 80070424 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

 Wenden Sie sich an den Microsoft-Produktsuppor

 

Error - 03.06.2013 11:09:46 | Computer Name = HR_WAHL_2009 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.

 

Error - 03.06.2013 11:11:05 | Computer Name = HR_WAHL_2009 | Source = EventSystem | ID = 4609

Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 

der internen Verarbeitung erkannt. HRESULT war 80070424 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

 Wenden Sie sich an den Microsoft-Produktsuppor

 

Error - 03.06.2013 11:16:34 | Computer Name = HR_WAHL_2009 | Source = EventSystem | ID = 4609

Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 

der internen Verarbeitung erkannt. HRESULT war 80070424 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

 Wenden Sie sich an den Microsoft-Produktsuppor

 

Error - 03.06.2013 11:16:34 | Computer Name = HR_WAHL_2009 | Source = VSS | ID = 8193

Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"

 ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.

 

Error - 03.06.2013 11:18:45 | Computer Name = HR_WAHL_2009 | Source = EventSystem | ID = 4609

Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 

der internen Verarbeitung erkannt. HRESULT war 80070424 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

 Wenden Sie sich an den Microsoft-Produktsuppor

 

[ System Events ]

Error - 03.06.2013 11:15:25 | Computer Name = HR_WAHL_2009 | Source = Service Control Manager | ID = 7034

Description = Dienst "McAfee Framework Service" wurde unerwartet beendet. Dies ist

 bereits 1 Mal passiert.

 

Error - 03.06.2013 11:15:25 | Computer Name = HR_WAHL_2009 | Source = Service Control Manager | ID = 7034

Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies

 ist bereits 1 Mal passiert.

 

Error - 03.06.2013 11:15:25 | Computer Name = HR_WAHL_2009 | Source = Service Control Manager | ID = 7034

Description = Dienst "McAfee Task Manager" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 03.06.2013 11:15:25 | Computer Name = HR_WAHL_2009 | Source = Service Control Manager | ID = 7034

Description = Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 03.06.2013 11:16:07 | Computer Name = HR_WAHL_2009 | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "ntuser.ini" auf Volume "HarddiskVolume1"

 ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000022" aufgetreten.

 Die Volumeüberwachung wurde angehalten.

 

Error - 03.06.2013 11:16:34 | Computer Name = HR_WAHL_2009 | Source = W32Time | ID = 39452676

Description = Der Zeitanbieter "NtpClient" wurde aufgrund des folgenden Fehlers 

nicht gestartet: Das System kann die angegebene Datei nicht finden. (0x80070002)

 

Error - 03.06.2013 11:16:34 | Computer Name = HR_WAHL_2009 | Source = W32Time | ID = 39452693

Description = Der Zeitdienst wurde für die Verwendung eines oder mehrerer Eingabeanbieter

konfiguriert.

 Es konnte jedoch keiner der Anbieter gestartet werden.  Der Zeitdienst verfügt über

 keine Quelle mit genauer Zeit.

 

Error - 03.06.2013 11:16:34 | Computer Name = HR_WAHL_2009 | Source = Service Control Manager | ID = 7023

Description = Der Dienst "WebClient" wurde mit folgendem Fehler beendet:   %%2

 

Error - 03.06.2013 11:16:34 | Computer Name = HR_WAHL_2009 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "helpsvc" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 03.06.2013 11:16:53 | Computer Name = HR_WAHL_2009 | Source = Service Control Manager | ID = 7023

Description = Der Dienst "SharedAccess" wurde mit folgendem Fehler beendet:   %%1060

 

 

< End of report >

Hallo Leo, gestern hatte ich leider keine Zeit zum antworten, dafür heute. Die Updates Java und Acrobat habe ich durchgeführt, genauso wie den Fix und den Scan.
Hier die Logs:

vom Fix:

Code:

All processes killed

========== OTL ==========

Service qxjdwyf stopped successfully!

Service qxjdwyf deleted successfully!

File C:\WINDOWS\system32\drivers\rvxtjwraw.sys not found.

Registry value HKEY_USERS\S-1-5-21-1250491402-4247718661-2145709833-1136\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1250491402-4247718661-2145709833-1136\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:cmd.exe deleted successfully.

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: admin

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

 

User: administrator.WAHL

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Nutzer

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: TEMP.WAHL.004

->Temporary Internet Files folder emptied: 0 bytes

 

User: wahl2

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 8348391 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 15755970 bytes

->Flash cache emptied: 492 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 118992919 bytes

RecycleBin emptied: 1590 bytes

 

Total Files Cleaned = 137,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 06042013_102955
 

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

vom Scan:

Code:

OTL logfile created on: 05.06.2013 10:36:19 - Run 6

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\wahl2\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,77 Gb Available Physical Memory | 38,73% Memory free

3,85 Gb Paging File | 2,79 Gb Available in Paging File | 72,41% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 200,09 Gb Total Space | 175,43 Gb Free Space | 87,67% Space Free | Partition Type: NTFS

Drive D: | 353,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Drive E: | 265,67 Gb Total Space | 265,59 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Drive F: | 380,35 Gb Total Space | 104,96 Gb Free Space | 27,59% Space Free | Partition Type: NTFS

Drive G: | 380,35 Gb Total Space | 104,96 Gb Free Space | 27,59% Space Free | Partition Type: NTFS

Drive R: | 380,35 Gb Total Space | 104,96 Gb Free Space | 27,59% Space Free | Partition Type: NTFS

Drive V: | 380,35 Gb Total Space | 104,96 Gb Free Space | 27,59% Space Free | Partition Type: NTFS

 

Computer Name: HR_WAHL_2009 | User Name: wahl2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.06.04 10:47:40 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe

PRC - [2013.05.30 15:17:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\wahl2\Desktop\OTL.exe

PRC - [2013.05.12 00:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2010.08.04 10:51:34 | 003,889,064 | ---- | M] (CANON INC.) -- C:\Programme\Canon\DIAS\CnxDIAS.exe

PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.12.20 02:50:00 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe

PRC - [2006.12.20 02:50:00 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe

PRC - [2006.11.30 09:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe

PRC - [2006.11.30 09:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.05.12 00:26:24 | 003,128,728 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2008.10.07 13:33:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll

MOD - [2008.05.02 06:15:37 | 000,010,240 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll

MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2006.12.20 02:50:00 | 000,120,384 | ---- | M] () -- C:\Programme\McAfee\Common Framework\naXML71.dll

MOD - [2006.12.20 02:50:00 | 000,071,232 | ---- | M] () -- C:\Programme\McAfee\Common Framework\naisign.dll

MOD - [2006.11.30 09:50:00 | 000,149,080 | ---- | M] () -- C:\Programme\McAfee\VirusScan Enterprise\VsEvntUI.DLL

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.06.04 10:47:40 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2013.05.15 15:45:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.08.04 10:51:34 | 003,889,064 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Programme\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)

SRV - [2010.07.08 16:13:38 | 001,841,664 | ---- | M] (KS System GmbH) [Disabled | Stopped] -- C:\Programme\Terminal Download II\GhostDownload2ServV100.exe -- (GhostDownload2Service)

SRV - [2008.06.24 17:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2006.12.20 02:50:00 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2006.11.30 09:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)

SRV - [2006.11.30 09:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2013.02.12 02:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)

DRV - [2009.06.05 09:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2008.10.13 18:26:10 | 004,879,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2006.11.30 09:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2006.11.30 09:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2006.11.30 09:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2006.11.30 09:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2006.11.30 09:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2006.11.30 09:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Programme\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)

DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.60.1:80

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.60.1:80

 

 

 

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\..\SearchScopes,DefaultScope = {10F64DF7-0E9E-4B9E-A066-6ED38527281D}

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\..\SearchScopes\{10F64DF7-0E9E-4B9E-A066-6ED38527281D}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2013.06.03 13:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Mozilla\Extensions

[2013.06.04 10:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.05.30 10:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions

[2013.05.30 10:09:30 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

O1 HOSTS File: ([2013.05.31 14:00:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Backnet Office Pro Synchronisierung.lnk = C:\Bop\bopklient\forms\SyncApp.exe (Backnet E&S)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKU\S-1-5-21-1250491402-4247718661-2145709833-1136\..Trusted Domains: dyndns.org ([wahl-back] HTTPS in Local intranet)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369898901955 (WUWebControl Class)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.60.1 192.168.60.254 4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wahl.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FB7C888-1C72-4819-AE57-638213E6DFF5}: DhcpNameServer = 192.168.60.1 192.168.60.254 4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F214278F-2202-4950-A9D0-2041A111EDF4}: DhcpNameServer = 192.168.60.1 192.168.60.254 4.2.2.2

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\wahl2\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.12.16 14:38:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.06.05 10:31:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2013.06.04 17:08:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$

[2013.06.04 17:08:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

[2013.06.04 16:55:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP

[2013.06.04 16:55:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013.06.04 16:05:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2013.06.04 15:35:32 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2013.06.04 15:35:32 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2013.06.04 15:35:31 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll

[2013.06.04 15:34:26 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2013.06.04 10:57:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\ElevatedDiagnostics

[2013.06.04 10:57:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows PowerShell 1.0

[2013.06.04 10:57:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

[2013.06.04 10:49:42 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe

[2013.06.04 10:49:42 | 000,000,000 | ---D | C] -- C:\Programme\Adobe

[2013.06.04 10:48:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun

[2013.06.04 10:48:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java

[2013.06.04 10:47:33 | 000,000,000 | ---D | C] -- C:\Programme\Java

[2013.06.04 10:43:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\wahl2\Desktop\Alte Firefox-Daten

[2013.06.04 10:36:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2013.06.03 17:20:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Windows Search

[2013.06.03 17:12:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\wahl2\Desktop\OTL.exe

[2013.06.03 14:50:32 | 000,000,000 | ---D | C] -- C:\Downloads

[2013.06.03 13:54:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Mozilla

[2013.06.03 12:48:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Windows Desktop Search

[2013.06.01 09:15:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Windows Small Business Server

[2013.05.31 15:06:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013.05.31 15:05:14 | 000,000,000 | ---D | C] -- C:\_OTL

[2013.05.31 13:50:23 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013.05.31 13:13:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013.05.31 13:13:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013.05.31 13:13:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013.05.31 13:13:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013.05.31 12:54:44 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.05.31 12:54:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013.05.30 10:09:32 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service

[2013.05.30 10:09:28 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox

[2013.05.30 09:59:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HitmanPro

[2013.05.30 09:59:44 | 000,000,000 | ---D | C] -- C:\Programme\HitmanPro

[2013.05.30 09:59:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro

[2013.05.24 09:42:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp

[2013.05.24 09:42:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hps

[2013.05.24 09:42:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Pixum Fotobuch

[2013.05.24 09:38:53 | 000,000,000 | ---D | C] -- C:\Programme\Pixum

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.06.05 10:45:42 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013.06.05 10:45:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013.06.05 10:35:11 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013.06.05 10:35:11 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak

[2013.06.05 10:33:59 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2013.06.05 10:20:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013.06.05 10:20:23 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys

[2013.06.05 10:20:23 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013.06.04 17:15:43 | 000,489,970 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2013.06.04 17:15:43 | 000,446,246 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013.06.04 17:15:43 | 000,096,876 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2013.06.04 17:15:43 | 000,073,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013.06.04 16:41:49 | 000,000,846 | RHS- | M] () -- C:\Dokumente und Einstellungen\wahl2\ntuser.pol

[2013.06.04 15:36:25 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2013.06.04 15:33:30 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2013.06.04 15:33:29 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2013.06.04 15:33:29 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2013.06.04 15:33:21 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2013.06.04 15:31:32 | 000,023,588 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

[2013.06.04 15:30:25 | 000,000,282 | -HS- | M] () -- C:\boot.ini

[2013.06.04 15:17:20 | 000,294,243 | ---- | M] () -- C:\WINDOWS\setupapi.old

[2013.06.04 14:46:18 | 000,013,908 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

[2013.06.04 11:09:14 | 000,002,881 | ---- | M] () -- C:\Dokumente und Einstellungen\wahl2\Desktop\sharedaccess.reg

[2013.06.04 10:50:14 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk

[2013.06.03 16:45:22 | 000,890,839 | ---- | M] () -- C:\Dokumente und Einstellungen\wahl2\Desktop\SecurityCheck.exe

[2013.06.01 09:15:20 | 000,000,212 | ---- | M] () -- C:\Dokumente und Einstellungen\wahl2\Desktop\Interne Website.lnk

[2013.05.31 14:00:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013.05.30 15:17:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\wahl2\Desktop\OTL.exe

[2013.05.30 10:09:33 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2013.05.30 10:07:19 | 000,001,503 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Browserwahl.lnk

[2013.05.30 09:12:55 | 000,000,211 | -HS- | M] () -- C:\Boot.bak

[2013.05.27 13:11:28 | 000,000,432 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI

[2013.05.24 09:42:14 | 000,000,785 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Fotoschau.lnk

[2013.05.24 09:42:13 | 000,000,810 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Pixum Fotobuch.lnk

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.06.04 16:25:59 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys

[2013.06.04 15:35:25 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll

[2013.06.04 15:35:05 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex

[2013.06.04 15:34:56 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2013.06.04 15:34:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe

[2013.06.04 15:34:54 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex

[2013.06.04 15:34:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll

[2013.06.04 15:34:44 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex

[2013.06.04 15:34:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll

[2013.06.04 15:34:28 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll

[2013.06.04 15:17:43 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat

[2013.06.04 15:17:43 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat

[2013.06.04 15:17:42 | 002,039,179 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT

[2013.06.04 15:17:42 | 001,246,537 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT

[2013.06.04 15:17:42 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT

[2013.06.04 15:17:42 | 000,631,338 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT

[2013.06.04 15:17:42 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT

[2013.06.04 15:17:42 | 000,105,926 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat

[2013.06.04 15:17:42 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT

[2013.06.04 15:17:42 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat

[2013.06.04 15:17:42 | 000,033,765 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT

[2013.06.04 15:17:42 | 000,021,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat

[2013.06.04 15:17:42 | 000,016,825 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT

[2013.06.04 15:17:42 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT

[2013.06.04 15:17:42 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT

[2013.06.04 15:17:42 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT

[2013.06.04 15:17:42 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT

[2013.06.04 15:17:42 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT

[2013.06.04 11:09:14 | 000,002,881 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\Desktop\sharedaccess.reg

[2013.06.04 10:50:14 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk

[2013.06.03 16:43:06 | 000,890,839 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\Desktop\SecurityCheck.exe

[2013.05.31 13:50:26 | 000,000,211 | -HS- | C] () -- C:\Boot.bak

[2013.05.31 13:50:23 | 000,262,448 | RHS- | C] () -- C:\cmldr

[2013.05.31 13:13:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013.05.31 13:13:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013.05.31 13:13:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013.05.31 13:13:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013.05.31 13:13:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013.05.30 10:09:33 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk

[2013.05.30 10:09:33 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2013.05.30 10:07:19 | 000,001,503 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Browserwahl.lnk

[2013.05.30 09:43:17 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2013.05.30 09:28:48 | 000,294,243 | ---- | C] () -- C:\WINDOWS\setupapi.old

[2013.05.24 09:42:14 | 000,000,785 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Fotoschau.lnk

[2013.05.24 09:42:13 | 000,000,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Pixum Fotobuch.lnk

[2012.02.14 23:17:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.01.13 22:49:13 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2011.11.08 11:07:34 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2011.08.01 11:47:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe

[2011.08.01 11:47:04 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI

[2011.08.01 10:57:44 | 000,000,787 | ---- | C] () -- C:\WINDOWS\UninstBOP.ini

[2011.07.26 11:07:59 | 000,000,846 | RHS- | C] () -- C:\Dokumente und Einstellungen\wahl2\ntuser.pol

[2010.07.26 13:16:16 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.05.29 12:41:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\KeyTools.lck

[2009.05.29 12:41:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\KeyToolHidCom_6006347.lck

[2009.05.29 12:37:34 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\AutoStarter.lck

[2009.05.29 12:34:11 | 000,035,941 | ---- | C] () -- C:\Programme\buildlog.xml

[2009.01.19 14:34:20 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\wahl2\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2009.01.19 12:18:22 | 000,013,908 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

 
 ========== ZeroAccess Check ==========

 

[2008.12.16 14:47:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2011.06.21 20:18:34 | 001,510,400 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2013.05.30 11:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\QuickScan

[2008.12.16 14:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Windows Desktop Search

[2013.05.30 09:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Windows Small Business Server

[2008.12.16 14:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search

[2011.12.28 10:44:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Search

[2009.07.22 12:58:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\administrator.WAHL\Anwendungsdaten\Continental Trading GmbH

[2008.12.16 14:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\administrator.WAHL\Anwendungsdaten\Windows Desktop Search

[2011.09.05 13:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\administrator.WAHL\Anwendungsdaten\Windows Small Business Server

[2011.05.05 11:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canon

[2013.05.30 10:04:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro

[2010.12.15 12:11:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Terminal Download II

[2013.06.04 12:05:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp

[2008.12.16 14:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Windows Desktop Search

[2008.12.16 14:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nutzer\Anwendungsdaten\Windows Desktop Search

[2013.06.04 10:57:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\ElevatedDiagnostics

[2013.06.03 12:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Windows Desktop Search

[2013.06.03 17:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Windows Search

[2013.06.01 09:15:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\wahl2\Anwendungsdaten\Windows Small Business Server

 
 ========== Purity Check ==========

 

 
 

< End of report >