TR/ATRAPS.gen2 Befall (angezeigt durch Avira)

#0
12.07.2012, 11:37
Member

Beiträge: 36
#1 Hallo, seit gestern meldet mir Avira einen Befall mit obigen Schädling, der sich auch nicht entfernen lässt.
Malware zeigt acht Infektionen.
Die Log-Datei von Malware ist im Anhang.

Kann mir jemand helfen, bitte? Es wäre wichtig den Rechner zu retten ...

Seitenanfang Seitenende
12.07.2012, 11:53
Member

Themenstarter

Beiträge: 36
#2 So, habe Malware den Befall entfernen lassen.
Danach HiJackThis Protokoll aufgenommen:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:20, on 12.07.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\SUPERAntiSpyware\SASCORE.EXE
C:\Programme\PhotoshopElementsFileAgent.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Malwarebytes' Anti-MalwareNeu\mbamservice.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
D:\Programme\Zephyr\mysql\bin\mysqld.exe
d:\Programme\Zephyr\apache-tomcat-5.5.28\bin\tomcat5.exe
C:\Programme\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Acer\OrbiCam\CameraAssistant.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programme\VMware\VMware Player\hqtray.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Malwarebytes' Anti-MalwareNeu\mbamgui.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Malwarebytes' Anti-MalwareNeu\mbam.exe
C:\Programme\HiJackThis\HiJackThis204.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [VMware hqtray] "C:\Programme\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programme\Malwarebytes' Anti-MalwareNeu\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Phoenix Backup] C:\PROGRA~1\SYDATEC\PHOENI~1\pbtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Corpar] rundll32.exe "C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Adobe\Update\vidret.dat""
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [{C5ECC9EC-AF98-05A5-37D3-089114B1C27B}] "C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Awluxio\uqraam.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [{CC078BEB-EAC8-2F72-2298-5B1529C1AE52}] "C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Adenw\dukyyw.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware player\vsocklib.dll
O18 - Protocol: HTLFP - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vfsp - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programme\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Programme\PhotoshopElementsFileAgent.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-MalwareNeu\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programme\Skype\Updater\Updater.exe
O23 - Service: Apache Tomcat 6 (Tomcat6) - Apache Software Foundation - C:\Programme\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programme\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: ZephyrDatabase - Unknown owner - D:\Programme\Zephyr\mysql\bin\mysqld.exe
O23 - Service: Zephyr Server (ZephyrServer) - Apache Software Foundation - d:\Programme\Zephyr\apache-tomcat-5.5.28\bin\tomcat5.exe

--
End of file - 13031 bytes


Ich finde es großartig, dass es solche Foren gibt und man nicht alleine gelassen wird. Vielen Dank dafür!! :-)
Seitenanfang Seitenende
12.07.2012, 13:48
Moderator

Beiträge: 5694
Seitenanfang Seitenende
12.07.2012, 14:30
Member

Themenstarter

Beiträge: 36
#4 Mache ich sofort! Merci!
-----------------------------------------------------------------------------------

Schritt 1 - Problembeschreibung

Seit gestern meldet Avira einen Befall von TR/ATRAPS.gen2, der sich nicht löschen lässt.
Malware meldet 8 Probleme (siehe log weiter oben). Diese 8 Fundstellen habe ich von Malware bereinigen lassen. Seit dem ist keine neue Warnung mehr aufgetreten.
Das System hat sich dahingehend verändert, dass die Icons auf dem Desktop nicht mehr angeordnet sind, sondern sich einfach der Reihe nach anordnen.


Schritt 2 - Ergebnisse von OTL

******* OTL.txt *******

OTL logfile created on: 12.07.2012 14:03:12 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\Wilmer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 57,83% Memory free
3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,96% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 66,41 Gb Total Space | 6,66 Gb Free Space | 10,03% Space Free | Partition Type: NTFS
Drive D: | 61,58 Gb Total Space | 23,99 Gb Free Space | 38,96% Space Free | Partition Type: NTFS

Computer Name: LUNA | User Name: Wilmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.07.12 13:57:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wilmer\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-MalwareNeu\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-MalwareNeu\mbamgui.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2012.05.09 20:38:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 20:38:32 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 20:38:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 20:38:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.09 01:16:02 | 006,094,848 | ---- | M] () -- D:\Programme\Zephyr\mysql\bin\mysqld.exe
PRC - [2012.02.09 01:16:02 | 000,057,344 | ---- | M] (Apache Software Foundation) -- d:\Programme\Zephyr\apache-tomcat-5.5.28\bin\tomcat5.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.10.31 12:12:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010.10.16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.10.22 05:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2009.10.22 05:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe
PRC - [2009.10.22 05:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2009.10.22 05:43:30 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\hqtray.exe
PRC - [2009.10.22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009.01.25 00:11:30 | 000,577,024 | ---- | M] (http://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2008.09.16 14:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\PhotoshopElementsFileAgent.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2006.06.26 16:47:48 | 000,331,776 | ---- | M] (Acer) -- C:\Programme\Acer\OrbiCam\CameraAssistant.exe
PRC - [2006.06.23 11:40:58 | 000,086,016 | ---- | M] (Logitech) -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006.06.23 11:39:54 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005.11.28 12:47:12 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2005.11.28 12:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005.11.28 12:41:14 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004.11.01 19:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.05.09 20:38:33 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.02.09 01:16:02 | 006,094,848 | ---- | M] () -- D:\Programme\Zephyr\mysql\bin\mysqld.exe
MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.10.22 05:43:58 | 000,970,288 | ---- | M] () -- C:\Programme\VMware\VMware Player\libxml2.dll
MOD - [2009.10.22 05:43:46 | 000,068,656 | ---- | M] () -- C:\Programme\VMware\VMware Player\zlib1.dll
MOD - [2009.09.04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2009.01.25 00:12:00 | 000,095,744 | ---- | M] () -- C:\Programme\TortoiseSVN\bin\CrashRpt.dll
MOD - [2008.06.15 16:48:08 | 000,094,720 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2006.12.04 10:25:14 | 000,022,723 | R--- | M] () -- C:\WINDOWS\system32\sugs1l3.dll
MOD - [2006.01.19 09:43:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005.11.28 12:59:16 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005.11.28 12:59:16 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.11.28 12:59:16 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-MalwareNeu\mbamservice.exe -- (MBAMService)
SRV - [2012.06.20 12:19:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 20:38:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 20:38:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.09 01:16:02 | 006,094,848 | ---- | M] () [Auto | Running] -- D:\Programme\Zephyr\mysql\bin\mysqld.exe -- (ZephyrDatabase)
SRV - [2012.02.09 01:16:02 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- d:\Programme\Zephyr\apache-tomcat-5.5.28\bin\tomcat5.exe -- (ZephyrServer)
SRV - [2011.10.31 12:12:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.10.16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.10.22 05:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2009.10.22 05:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009.10.22 05:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009.10.22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009.10.12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009.09.15 01:12:18 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.05.14 01:15:04 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Programme\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.09.16 14:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2006.06.23 11:40:58 | 000,086,016 | ---- | M] (Logitech) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.03.09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.09 20:38:33 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 20:38:33 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.31 12:12:41 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.10.31 12:12:40 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.02.24 12:04:09 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.10.22 05:45:06 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009.10.22 05:45:02 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2009.10.22 05:45:00 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2009.10.22 05:45:00 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009.10.22 05:44:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009.10.22 04:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2009.10.22 01:13:32 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009.10.12 15:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2007.11.06 11:08:06 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.10.25 17:26:10 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006.06.23 11:40:58 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2006.06.23 11:40:58 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2006.06.19 13:20:24 | 001,097,728 | R--- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2006.06.19 13:16:16 | 000,039,424 | R--- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006.01.13 18:13:18 | 004,137,984 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.11.28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.11.27 08:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005.11.16 17:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005.09.09 12:21:02 | 001,120,416 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://localhost:8010"
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.2
FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: rubyformatters@seleniumhq.org:1.0.0
FF - prefs.js..extensions.enabledItems: javaformatters@seleniumhq.org:1.0.0
FF - prefs.js..extensions.enabledItems: groovyformatters@seleniumhq.org:1.0.0
FF - prefs.js..extensions.enabledItems: perlformatters@seleniumhq.org:1.0.0
FF - prefs.js..extensions.enabledItems: phpformatters@seleniumhq.org:1.0.0
FF - prefs.js..extensions.enabledItems: pythonformatters@seleniumhq.org:1.0.0
FF - prefs.js..extensions.enabledItems: csharpformatters@seleniumhq.org:1.0.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.08.03 23:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.20 12:19:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.08 12:43:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.06.25 08:55:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.22 18:25:00 | 000,000,000 | ---D | M]

[2011.04.28 13:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Mozilla\Extensions
[2011.04.28 13:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.17 11:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Mozilla\Firefox\Profiles\tinal60e.default\extensions
[2011.04.27 21:33:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Mozilla\Firefox\Profiles\tinal60e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.17 11:59:05 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Mozilla\Firefox\Profiles\tinal60e.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2012.04.02 17:50:55 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Mozilla\Firefox\Profiles\tinal60e.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011.03.14 23:30:20 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Mozilla\Firefox\Profiles\tinal60e.default\extensions\2020Player@2020Technologies.com
[2012.06.20 12:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.17 11:58:44 | 000,006,543 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\WILMER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TINAL60E.DEFAULT\EXTENSIONS\CSHARPFORMATTERS@SELENIUMHQ.ORG.XPI
[2011.07.27 08:26:48 | 000,003,751 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\WILMER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TINAL60E.DEFAULT\EXTENSIONS\GROOVYFORMATTERS@SELENIUMHQ.ORG.XPI
[2012.06.17 11:58:45 | 000,012,719 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\WILMER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TINAL60E.DEFAULT\EXTENSIONS\JAVAFORMATTERS@SELENIUMHQ.ORG.XPI
[2011.08.11 10:24:03 | 000,246,802 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\WILMER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TINAL60E.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI
[2011.07.27 08:26:49 | 000,003,905 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\WILMER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TINAL60E.DEFAULT\EXTENSIONS\PERLFORMATTERS@SELENIUMHQ.ORG.XPI
[2011.07.27 08:26:50 | 000,004,922 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\WILMER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TINAL60E.DEFAULT\EXTENSIONS\PHPFORMATTERS@SELENIUMHQ.ORG.XPI
[2012.06.17 11:58:45 | 000,006,863 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\WILMER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TINAL60E.DEFAULT\EXTENSIONS\PYTHONFORMATTERS@SELENIUMHQ.ORG.XPI
[2012.06.17 11:58:45 | 000,012,274 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\WILMER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\TINAL60E.DEFAULT\EXTENSIONS\RUBYFORMATTERS@SELENIUMHQ.ORG.XPI
[2012.06.20 12:19:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2009.06.10 12:20:12 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Programme\mozilla firefox\plugins\atgpcdec.dll
[2009.06.10 12:20:20 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Programme\mozilla firefox\plugins\atgpcext.dll
[2009.06.10 12:22:02 | 000,046,408 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\atmccli.dll
[2009.09.23 13:21:31 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Programme\mozilla firefox\plugins\ieatgpc.dll
[2009.06.10 12:20:32 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Programme\mozilla firefox\plugins\npatgpc.dll
[2012.04.02 15:05:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.02 15:05:34 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.02 15:05:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.02 15:05:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.02 15:05:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.02 15:05:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Programme\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2001.08.23 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [EfficientStickyNotes] File not found
O4 - HKLM..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Programme\Acer\OrbiCam\CameraAssistant.exe (Acer)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Programme\Acer\OrbiCam\InstallHelper.exe (Acer)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-MalwareNeu\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Programme\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [{C5ECC9EC-AF98-05A5-37D3-089114B1C27B}] "C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Awluxio\uqraam.exe" File not found
O4 - HKCU..\Run: [{CC078BEB-EAC8-2F72-2298-5B1529C1AE52}] "C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Adenw\dukyyw.exe" File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Corpar] rundll32.exe "C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Adobe\Update\vidret.dat"" File not found
O4 - HKCU..\Run: [Phoenix Backup] C:\PROGRA~1\SYDATEC\PHOENI~1\pbtray.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\Wilmer\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Programme\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Programme\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 (• in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0985236-87B1-4857-BF35-5E21132182DD}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\HTLFP - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vfsp - No CLSID value found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008.11.18 21:21:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{88aafc35-c331-11df-9b02-005056c00008}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{88aafc35-c331-11df-9b02-005056c00008}\Shell\verb\command - "" = F:\installer.exe
O33 - MountPoints2\{94ba0979-a1cd-11de-9ac0-0019d2242b14}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{c7496bd7-f14f-11dd-9a7c-0019d2242b14}\Shell - "" = AutoRun
O33 - MountPoints2\{c7496bd7-f14f-11dd-9a7c-0019d2242b14}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7496bd7-f14f-11dd-9a7c-0019d2242b14}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c7496bd9-f14f-11dd-9a7c-0019d2242b14}\Shell - "" = AutoRun
O33 - MountPoints2\{c7496bd9-f14f-11dd-9a7c-0019d2242b14}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7496bd9-f14f-11dd-9a7c-0019d2242b14}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {33BB6787-61C4-5A1D-3267-0C36B31550A0} - Browseranpassungen
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA3D10D6-828C-3E65-E2D1-DF34794CE638} - Java (Sun)
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.07.12 13:58:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.07.12 13:57:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wilmer\Desktop\OTL.exe
[2012.07.12 13:20:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
[2012.07.12 13:16:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wilmer\Startmenü\Programme\Sophos
[2012.07.12 13:16:04 | 000,000,000 | ---D | C] -- C:\Programme\Sophos
[2012.07.12 11:33:57 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2012.07.12 10:55:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.12 10:55:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.12 10:55:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-MalwareNeu
[2012.07.12 10:46:03 | 000,000,000 | ---D | C] -- C:\Programme\stinger
[2012.07.11 16:27:32 | 000,000,000 | ---D | C] -- C:\Programme\HiJackThis
[2012.07.11 15:35:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D55EFF0004A9E800002484D151FC4E
[2012.07.11 15:35:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Qonenag
[2012.07.11 15:35:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Adenw
[2012.06.25 22:56:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wilmer\Eigene Dateien\NPS
[2012.06.25 22:54:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.06.25 22:54:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\PC Suite
[2012.06.25 22:50:44 | 000,090,624 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2012.06.25 22:50:38 | 000,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2012.06.25 22:50:20 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys
[2012.06.25 22:50:20 | 000,090,112 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys
[2012.06.25 22:50:20 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys
[2012.06.25 22:50:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys
[2012.06.25 22:50:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwh.sys
[2012.06.25 22:50:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys
[2012.06.25 22:50:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcm.sys
[2012.06.25 22:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2012.06.25 22:49:59 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2012.06.25 22:49:52 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2012.06.25 22:49:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wilmer\Eigene Dateien\My NPS Files
[2012.06.25 22:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Samsung
[2012.06.25 22:49:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Samsung New PC Studio
[2012.06.25 22:49:01 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny
[2012.06.25 22:48:58 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2012.06.25 22:48:18 | 000,000,000 | ---D | C] -- C:\Programme\Samsung
[2012.06.25 22:45:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2012.06.25 16:07:15 | 000,000,000 | ---D | C] -- C:\Programme\Citrix
[2012.06.20 18:30:02 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2012.06.17 13:25:22 | 000,000,000 | ---D | C] -- C:\Programme\WinZip
[2012.06.17 13:25:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinZip
[2008.09.16 14:02:30 | 002,072,576 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\PSViews.dll
[2008.09.16 14:02:30 | 001,851,904 | ---- | C] (Dmitry Streblechenko) -- C:\Programme\psecontact.dll
[2008.09.16 14:02:30 | 000,925,696 | ---- | C] (MainConcept AG (Sonic)) -- C:\Programme\sonicmpgvout.004
[2008.09.16 14:02:30 | 000,923,648 | ---- | C] (MainConcept AG (Sonic)) -- C:\Programme\sonicmpgvout.003
[2008.09.16 14:02:30 | 000,923,648 | ---- | C] (MainConcept AG (Sonic)) -- C:\Programme\sonicmpgvout.002
[2008.09.16 14:02:30 | 000,914,432 | ---- | C] (MainConcept AG (Sonic)) -- C:\Programme\sonicmpgvout.001
[2008.09.16 14:02:30 | 000,745,472 | ---- | C] (STLport Consulting, Inc.) -- C:\Programme\stlport_icl8046.dll
[2008.09.16 14:02:30 | 000,598,016 | ---- | C] (Adobe Systems, Incorporated) -- C:\Programme\registration.dll
[2008.09.16 14:02:30 | 000,532,480 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\ScCore.dll
[2008.09.16 14:02:30 | 000,518,656 | ---- | C] (MainConcept AG (Sonic)) -- C:\Programme\sonicmcmpgdec.dll
[2008.09.16 14:02:30 | 000,516,096 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\PseProxy.exe
[2008.09.16 14:02:30 | 000,332,800 | ---- | C] (MainConcept AG) -- C:\Programme\SonicMCDVD_32.DLL
[2008.09.16 14:02:30 | 000,278,528 | ---- | C] (MainConcept AG (Sonic)) -- C:\Programme\sonicmpgaout.dll
[2008.09.16 14:02:30 | 000,233,472 | ---- | C] (MainConcept AG (Sonic)) -- C:\Programme\sonicmpegin.dll
[2008.09.16 14:02:30 | 000,118,784 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\pspluginsupport.dll
[2008.09.16 14:02:30 | 000,102,400 | ---- | C] (MainConcept AG (Sonic)) -- C:\Programme\sonicmpgmux.dll
[2008.09.16 14:02:30 | 000,098,304 | ---- | C] (MainConcept AG (Sonic)) -- C:\Programme\sonicmpgcap32.dll
[2008.09.16 14:02:30 | 000,024,576 | ---- | C] (MainConcept AG (Sonic)) -- C:\Programme\sonicpcmaout.dll
[2008.09.16 14:02:30 | 000,024,576 | ---- | C] (MainConcept AG (Sonic)) -- C:\Programme\sonicmpgcheck.dll
[2008.09.16 14:02:30 | 000,022,800 | ---- | C] (Microsoft Corporation) -- C:\Programme\shfolder.dll
[2008.09.16 14:02:30 | 000,014,848 | ---- | C] (MainConcept AG (Sonic)) -- C:\Programme\sonicmpgvout.dll
[2008.09.16 14:02:28 | 032,325,632 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\PhotoshopElementsOrganizer.exe
[2008.09.16 14:02:28 | 004,694,016 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\PSArt.dll
[2008.09.16 14:02:28 | 001,724,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\PhotoshopElementsSyncAgent.exe
[2008.09.16 14:02:28 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:\Programme\primosdk.DLL
[2008.09.16 14:02:28 | 000,147,456 | ---- | C] (Adobe Systems, Inc.) -- C:\Programme\platform.DLL
[2008.09.16 14:02:28 | 000,041,984 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\Plugin.dll
[2008.09.16 14:02:26 | 041,873,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\PhotoshopElementsEditor.exe
[2008.09.16 14:02:26 | 000,163,840 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\PhotoshopElementsFileAgent.exe
[2008.09.16 14:02:20 | 004,718,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\PhotoDownloader.exe
[2008.09.16 14:02:20 | 003,798,016 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\MPS.dll
[2008.09.16 14:02:20 | 002,940,928 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\Photoshop Elements 7.0.exe
[2008.09.16 14:02:20 | 002,240,512 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\Photoshop.dll
[2008.09.16 14:02:20 | 001,712,128 | ---- | C] (Microsoft Corporation) -- C:\Programme\GdiPlus.dll
[2008.09.16 14:02:20 | 000,944,584 | ---- | C] (Macrovision Europe Ltd.) -- C:\Programme\FNP_Act_Installer.dll
[2008.09.16 14:02:20 | 000,659,456 | ---- | C] (Adobe systems Incorporated) -- C:\Programme\JP2KLib.dll
[2008.09.16 14:02:20 | 000,647,168 | ---- | C] (Adobe Systems, Incorporated) -- C:\Programme\FileInfo.dll
[2008.09.16 14:02:20 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Programme\MSVCP71.dll
[2008.09.16 14:02:20 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Programme\MSVCR71.dll
[2008.09.16 14:02:20 | 000,221,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\pdfsettings.dll
[2008.09.16 14:02:20 | 000,217,088 | ---- | C] (Sonic Solutions) -- C:\Programme\MainConceptMPADecoder.dll
[2008.09.16 14:02:20 | 000,217,032 | ---- | C] (Macrovision Europe Ltd.) -- C:\Programme\FnpCommsSoap.dll
[2008.09.16 14:02:20 | 000,143,360 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\pdf2img.dll
[2008.09.16 14:02:20 | 000,077,824 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\PdfPres.dll
[2008.09.16 14:02:20 | 000,073,728 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\OperaMgr.dll
[2008.09.16 14:02:20 | 000,057,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\ingestionfileinfo.dll
[2008.09.16 14:02:18 | 002,580,480 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\CoolType.dll
[2008.09.16 14:02:18 | 002,178,560 | ---- | C] (Idee Inc) -- C:\Programme\EspionAlbum.dll
[2008.09.16 14:02:18 | 001,339,392 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\catalogtool.exe
[2008.09.16 14:02:18 | 000,667,648 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\ExtendScript.dll
[2008.09.16 14:02:18 | 000,389,120 | ---- | C] (SEIKO EPSON CORPORATION.) -- C:\Programme\EPPIM2.DLL
[2008.09.16 14:02:18 | 000,303,104 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Programme\EpJpegUtil31.dll
[2008.09.16 14:02:18 | 000,241,664 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Programme\EpTiffUtil31.dll
[2008.09.16 14:02:18 | 000,030,208 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\DiscWriter.dll
[2008.09.16 14:02:16 | 021,549,056 | ---- | C] (Sonic Solutions) -- C:\Programme\AuthorScript.dll
[2008.09.16 14:02:16 | 000,668,160 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AXEDOMCore.dll
[2008.09.16 14:02:16 | 000,596,480 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AXSLE.dll
[2008.09.16 14:02:16 | 000,312,832 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\ARE.dll
[2008.09.16 14:02:16 | 000,276,480 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\Bib.dll
[2008.09.16 14:02:16 | 000,243,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\BIBUtils.dll
[2008.09.16 14:02:16 | 000,168,448 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AXE16SharedExpat.dll
[2008.09.16 14:02:16 | 000,167,936 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AXE8SharedExpat.dll
[2008.09.16 14:02:16 | 000,131,072 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\apdboot.dll
[2008.09.16 14:02:16 | 000,110,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\APDPreferences.dll
[2008.09.16 14:02:16 | 000,028,672 | ---- | C] (Adobe Systems Inc.) -- C:\Programme\asneu.dll
[2008.09.16 14:02:16 | 000,010,752 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\apdhook.dll
[2008.09.16 14:02:14 | 012,283,904 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AdobePSL.dll
[2008.09.16 14:02:14 | 004,653,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AdobePDFL.dll
[2008.09.16 14:02:14 | 003,200,000 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AGM.dll
[2008.09.16 14:02:14 | 002,949,120 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AdobePhotoshopElementsMediaServer.exe
[2008.09.16 14:02:14 | 002,580,480 | ---- | C] (Macrovision Europe Ltd.) -- C:\Programme\AdobeLMOrg_libFNP.dll
[2008.09.16 14:02:14 | 002,580,480 | ---- | C] (Macrovision Europe Ltd.) -- C:\Programme\AdobeLMLnhr_libFNP.dll
[2008.09.16 14:02:14 | 001,019,904 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AdobeOLS.dll
[2008.09.16 14:02:14 | 000,884,736 | ---- | C] (Adobe Systems, Incorporated) -- C:\Programme\AdobeOwl.dll
[2008.09.16 14:02:14 | 000,516,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AdobeUpdater.dll
[2008.09.16 14:02:14 | 000,041,984 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\ahclient.dll
[2008.09.16 14:02:12 | 003,072,000 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AdobeLinguistic.dll
[2008.09.16 14:02:12 | 002,801,664 | ---- | C] (Adobe Systems, Inc.) -- C:\Programme\AdobeLM.dll
[2008.09.16 14:02:12 | 002,580,480 | ---- | C] (Macrovision Europe Ltd.) -- C:\Programme\AdobeLMEdit_libFNP.dll
[2008.09.16 14:02:12 | 002,580,480 | ---- | C] (Macrovision Europe Ltd.) -- C:\Programme\AdobeLM_libFNP.dll
[2008.09.16 14:02:12 | 000,855,040 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\ACE.dll
[2008.09.16 14:02:12 | 000,464,896 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\adobe_epic.dll
[2008.09.16 14:02:12 | 000,359,936 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\adobe_eula.dll
[2008.09.16 14:02:12 | 000,349,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\adobe_personalization.dll
[2008.09.16 14:02:12 | 000,214,528 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\adobe_caps.dll
[6 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\Dokumente und Einstellungen\Wilmer\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Wilmer\Desktop\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.07.12 13:57:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wilmer\Desktop\OTL.exe
[2012.07.12 13:45:03 | 000,001,214 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1606980848-839522115-1003UA.job
[2012.07.12 13:16:20 | 000,002,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Wilmer\Desktop\Sophos Virus Removal Tool.lnk
[2012.07.12 11:44:37 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.07.12 11:43:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.12 10:57:31 | 000,000,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.12 10:45:00 | 000,001,162 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1606980848-839522115-1003Core.job
[2012.07.12 10:33:45 | 000,221,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.12 09:19:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.11 15:44:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.09 11:35:34 | 000,003,106 | ---- | M] () -- C:\Dokumente und Einstellungen\Wilmer\Desktop\index.html
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.01 21:49:22 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.01 17:42:17 | 000,002,363 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickSteuer 2012.lnk
[2012.07.01 17:39:36 | 000,002,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2010.lnk
[2012.06.29 14:36:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.06.25 22:50:55 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012.06.25 22:49:05 | 000,001,855 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung New PC Studio.lnk
[2012.06.25 18:08:00 | 000,000,422 | ---- | M] () -- C:\Dokumente und Einstellungen\Wilmer\Eigene Dateien\ChatLog Zephyr Q_A with PIX Software 2012_06_25 18_08.rtf
[2012.06.25 16:06:32 | 000,060,304 | ---- | M] () -- C:\Dokumente und Einstellungen\Wilmer\g2mdlhlpx.exe
[2012.06.22 12:50:23 | 000,183,557 | ---- | M] () -- C:\Dokumente und Einstellungen\Wilmer\Desktop\Stadtwerke Sommerkino im Landschaftspark Duisburg 14.7. bis 21.8.2011.pdf
[2012.06.20 18:30:11 | 000,001,039 | ---- | M] () -- C:\Dokumente und Einstellungen\Wilmer\Startmenü\Programme\Autostart\Dropbox.lnk
[2012.06.20 18:29:53 | 000,001,033 | ---- | M] () -- C:\Dokumente und Einstellungen\Wilmer\Desktop\Dropbox.lnk
[2012.06.18 11:22:43 | 000,598,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Wilmer\Eigene Dateien\MyStickyNotes.esn
[2012.06.17 15:05:32 | 1311,173,160 | ---- | M] () -- C:\HNBK.zip
[2012.06.17 13:26:08 | 000,001,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WinZip.lnk
[2012.06.13 13:55:31 | 000,495,736 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.13 13:55:31 | 000,475,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.13 13:55:31 | 000,092,668 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.13 13:55:31 | 000,077,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.13 13:23:56 | 000,000,597 | ---- | M] () -- C:\Dokumente und Einstellungen\Wilmer\Desktop\iexplore.lnk
[2012.06.13 09:08:15 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Wilmer\Desktop\license.lic
[6 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\Dokumente und Einstellungen\Wilmer\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Wilmer\Desktop\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.07.12 13:16:20 | 000,002,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilmer\Desktop\Sophos Virus Removal Tool.lnk
[2012.07.12 10:55:27 | 000,000,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.09 11:35:34 | 000,003,106 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilmer\Desktop\index.html
[2012.06.25 22:49:52 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2012.06.25 22:49:52 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2012.06.25 22:49:05 | 000,001,855 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung New PC Studio.lnk
[2012.06.25 18:08:00 | 000,000,422 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilmer\Eigene Dateien\ChatLog Zephyr Q_A with PIX Software 2012_06_25 18_08.rtf
[2012.06.25 16:06:31 | 000,060,304 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilmer\g2mdlhlpx.exe
[2012.06.22 12:39:25 | 000,183,557 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilmer\Desktop\Stadtwerke Sommerkino im Landschaftspark Duisburg 14.7. bis 21.8.2011.pdf
[2012.06.17 15:39:35 | 1311,173,160 | ---- | C] () -- C:\HNBK.zip
[2012.06.17 13:26:08 | 000,001,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WinZip.lnk
[2012.06.13 13:16:52 | 000,000,597 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilmer\Desktop\iexplore.lnk
[2012.06.13 09:08:15 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilmer\Desktop\license.lic
[2011.10.23 22:27:56 | 000,041,504 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.07.27 11:57:50 | 000,000,926 | ---- | C] () -- C:\WINDOWS\posteriza.INI
[2011.06.27 20:30:56 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.01.31 21:54:48 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010.12.04 11:18:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\TETRIS.INI
[2010.10.10 08:44:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.09.19 22:29:03 | 000,022,723 | R--- | C] () -- C:\WINDOWS\System32\sugs1l3.dll
[2010.06.10 00:09:06 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\$_hpcst$.hpc
[2010.02.01 22:35:18 | 000,000,166 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2009.11.04 14:45:57 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2009.09.15 01:15:02 | 000,050,970 | ---- | C] () -- C:\Programme\Photoshop Elements 7.0 Bitte lesen.html
[2009.09.15 01:15:01 | 000,000,025 | ---- | C] () -- C:\Programme\PhotoDownloader.ini
[2008.11.20 12:19:13 | 000,040,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.16 14:02:30 | 006,066,176 | ---- | C] () -- C:\Programme\QtGui4.dll
[2008.09.16 14:02:30 | 001,544,192 | ---- | C] () -- C:\Programme\QtCore4.dll
[2008.09.16 14:02:30 | 000,372,736 | ---- | C] () -- C:\Programme\QtOpenGL4.dll
[2008.09.16 14:02:30 | 000,331,776 | ---- | C] () -- C:\Programme\QtXml4.dll
[2008.09.16 14:02:30 | 000,323,584 | ---- | C] () -- C:\Programme\QtNetwork4.dll
[2008.09.16 14:02:30 | 000,184,320 | ---- | C] () -- C:\Programme\QtSql4.dll
[2008.09.16 14:02:30 | 000,150,416 | ---- | C] () -- C:\Programme\TypeLibrary.tlb
[2008.09.16 14:02:20 | 000,001,139 | ---- | C] () -- C:\Programme\pconfig.dcf
[2008.09.16 14:02:18 | 007,506,708 | ---- | C] () -- C:\Programme\Detector2.bin
[2008.09.16 14:02:18 | 007,420,248 | ---- | C] () -- C:\Programme\Detector1.bin
[2008.09.16 14:02:16 | 003,620,864 | ---- | C] () -- C:\Programme\authplay.dll
[2008.09.16 14:02:14 | 000,393,216 | ---- | C] () -- C:\Programme\AdobeXMP.dll
[2008.09.16 14:02:14 | 000,339,968 | ---- | C] () -- C:\Programme\AdobeXMPFiles.dll
[2008.09.16 14:02:14 | 000,000,485 | ---- | C] () -- C:\Programme\apd.ini
[2001.08.23 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{8eeafbc0-889a-9e7b-65f9-8b26e68b42f5}\@
[2001.08.23 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\{8eeafbc0-889a-9e7b-65f9-8b26e68b42f5}\@

[color=#E56717]========== LOP Check ==========[/color]

[2010.09.20 23:22:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.07.18 22:11:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.06.09 20:22:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Encryptomatic, LLC
[2012.07.11 15:42:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D55EFF0004A9E800002484D151FC4E
[2012.03.11 18:20:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2009.09.30 12:06:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2012.06.25 22:54:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.02.01 22:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2012.07.12 13:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
[2012.06.17 13:25:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011.01.22 18:40:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.10.06 15:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012.07.12 11:40:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Adenw
[2012.04.13 08:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Awluxio
[2010.09.20 23:22:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Canneverbe Limited
[2012.07.12 11:45:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Dropbox
[2011.07.05 17:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Efficient Sticky Notes
[2011.06.09 20:22:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Encryptomatic, LLC
[2012.04.12 22:11:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Fet
[2012.07.10 23:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\FileZilla
[2009.12.10 21:07:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\IcoFX
[2010.03.12 15:27:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\ImgBurn
[2011.02.20 15:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Jeyo
[2010.01.20 22:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Lexware
[2012.07.09 17:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Notepad++
[2012.06.25 22:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\PC Suite
[2011.06.09 20:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\PSTViewer
[2012.07.12 11:16:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Qonenag
[2012.06.25 22:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Samsung
[2009.02.13 12:24:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Subversion
[2011.04.28 17:01:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\TeamViewer
[2011.04.28 13:55:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Thunderbird
[2009.09.14 22:37:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Vocup
[2009.09.23 13:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\webex
[2009.12.30 13:15:11 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1254305667.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2009.08.16 13:48:10 | 000,000,000 | ---D | M] -- C:\3a23ce8efd047de3e50fc5
[2009.05.17 01:02:36 | 000,000,000 | ---D | M] -- C:\9d2c41aa38712bbd7fe06f91dc90
[2012.04.02 17:45:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2009.09.30 11:15:29 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.07.12 11:34:01 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2012.07.12 13:16:04 | 000,000,000 | R--D | M] -- C:\Programme
[2008.11.18 22:14:40 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2008.11.19 20:09:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.07.12 11:51:18 | 000,000,000 | R--D | M] -- C:\temp
[2012.07.12 13:58:41 | 000,000,000 | ---D | M] -- C:\WINDOWS

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
[2008.09.16 14:02:14 | 002,949,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\AdobePhotoshopElementsMediaServer.exe
[2008.09.16 14:02:18 | 001,339,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\catalogtool.exe
[2008.09.16 14:02:20 | 004,718,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\PhotoDownloader.exe
[2008.09.16 14:02:20 | 002,940,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Photoshop Elements 7.0.exe
[2008.09.16 14:02:26 | 041,873,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\PhotoshopElementsEditor.exe
[2008.09.16 14:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\PhotoshopElementsFileAgent.exe
[2008.09.16 14:02:28 | 032,325,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\PhotoshopElementsOrganizer.exe
[2008.09.16 14:02:28 | 001,724,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\PhotoshopElementsSyncAgent.exe
[2008.09.16 14:02:30 | 000,516,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\PseProxy.exe
Invalid Environment Variable: LOCALAPPDATA

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\d6e3dc2f83dced7b895c659826dc16b1\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2004.08.04 01:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 08:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 08:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\SoftwareDistribution\Download\d6e3dc2f83dced7b895c659826dc16b1\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\d6e3dc2f83dced7b895c659826dc16b1\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-MalwareNeu\Chameleon\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\d6e3dc2f83dced7b895c659826dc16b1\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-07-12 07:19:44

< End of report >

********** Extras.txt *************

OTL Extras logfile created on: 12.07.2012 14:03:12 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\Wilmer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 57,83% Memory free
3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,96% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 66,41 Gb Total Space | 6,66 Gb Free Space | 10,03% Space Free | Partition Type: NTFS
Drive D: | 61,58 Gb Total Space | 23,99 Gb Free Space | 38,96% Space Free | Partition Type: NTFS

Computer Name: LUNA | User Name: Wilmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Dokumente und Einstellungen\Wilmer\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27968397-2FC3-4D79-BD5D-E6AC44A263FE}" = TortoiseSVN 1.5.7.15182 (32 bit)
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java(TM) SE Development Kit 6 Update 11
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = UMTS USB Modem Manager
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D4E68D0-31A7-40E8-B993-3713847B558D}" = Subversion
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam-Software
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D491FEB0-3D6A-49DE-8C97-8D4D0036E07E}" = WebEx Meeting Manager for Firefox/Netscape/Chrome
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"3069-1244-9928-3021" = JIRA 5.0.5
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"9454-8337-5140-1868" = Zephyr 4.0
"AcerOrbiCamDrv" = Acer OrbiCam-Treiber
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Airport Mania: First Flight" = Airport Mania: First Flight
"Anti-Twin 2012-04-02 17.49.39" = Anti-Twin (Installation 02.04.2012)
"Apache Tomcat 6.0" = Apache Tomcat 6.0 (remove only)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Efficient Sticky Notes_is1" = Efficient Sticky Notes 1.67
"FileZilla Client" = FileZilla Client 3.0.11
"Gzip-1.3.12-1_is1" = GnuWin32: Gzip-1.3.12-1
"HijackThis" = HijackThis 2.0.2
"HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series
"IcoFX_is1" = IcoFX 1.6.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE4Dev" = Microsoft Script Debugger
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IntelliJ IDEA 9.0 Beta" = IntelliJ IDEA 9.0 Beta
"Jeyo Mobile Companion 2.1_is1" = Jeyo Mobile Companion 2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"ProInst" = Intel(R) PROSet/Wireless Software
"Psi" = Psi (remove only)
"PuTTY_is1" = PuTTY version 0.60
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"Twist 1.1.0.7169" = Twist 1.1.0.7169
"VLC media player" = VLC media player 1.0.2
"VMware_Player" = VMware Player
"Vocup_is1" = Vocup 1.3.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Mobile Device Handbook" = Windows Mobile®-MDA Compact V Handbuch
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-7
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"xampp" = XAMPP 1.4.17
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12.07.2012 02:36:13 | Computer Name = LUNA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 46820188

Error - 12.07.2012 02:36:15 | Computer Name = LUNA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12.07.2012 02:36:15 | Computer Name = LUNA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 46822141

Error - 12.07.2012 02:36:15 | Computer Name = LUNA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 46822141

Error - 12.07.2012 06:14:21 | Computer Name = LUNA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12.07.2012 06:14:21 | Computer Name = LUNA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 12.07.2012 06:14:21 | Computer Name = LUNA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 12.07.2012 06:14:23 | Computer Name = LUNA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12.07.2012 06:14:23 | Computer Name = LUNA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3922

Error - 12.07.2012 06:14:23 | Computer Name = LUNA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3922

[ System Events ]
Error - 23.06.2012 12:28:38 | Computer Name = LUNA | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.0.93 über die
Netzwerkkarte mit der Netzwerkadresse 0016D3546CA6 ist verloren gegangen.

Error - 27.06.2012 08:16:29 | Computer Name = LUNA | Source = DCOM | ID = 10010
Description = Der Server "{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 28.06.2012 04:06:09 | Computer Name = LUNA | Source = DCOM | ID = 10010
Description = Der Server "{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 09.07.2012 15:05:14 | Computer Name = LUNA | Source = Service Control Manager | ID = 7034
Description = Dienst "Zephyr Server " wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 11.07.2012 09:45:36 | Computer Name = LUNA | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060

Error - 11.07.2012 09:45:39 | Computer Name = LUNA | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst NVSvc.

Error - 11.07.2012 13:31:20 | Computer Name = LUNA | Source = Service Control Manager | ID = 7034
Description = Dienst "Zephyr Server " wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 12.07.2012 04:35:15 | Computer Name = LUNA | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060

Error - 12.07.2012 05:44:39 | Computer Name = LUNA | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060

Error - 12.07.2012 06:36:46 | Computer Name = LUNA | Source = DCOM | ID = 10010
Description = Der Server "{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


< End of report >
Seitenanfang Seitenende
12.07.2012, 15:15
Member

Themenstarter

Beiträge: 36
#5 Interessanter Effekt: mit dem Start von gmer startete der Rechner neu. Danach lief gmer einwandfrei. Protokoll kommt, sobald der scan durchgelaufen ist.
Seitenanfang Seitenende
12.07.2012, 18:22
Member

Themenstarter

Beiträge: 36
#6 ***** GMER Ergebnis *****

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-12 18:20:52
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541616J9SA00 rev.SB4OC70P
Running: b6pvtw8d.exe; Driver: C:\DOKUME~1\Wilmer\LOKALE~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT BA73FDFC ZwClose
SSDT BA73FDB6 ZwCreateKey
SSDT BA73FE06 ZwCreateSection
SSDT BA73FDAC ZwCreateThread
SSDT BA73FDBB ZwDeleteKey
SSDT BA73FDC5 ZwDeleteValueKey
SSDT BA73FDF7 ZwDuplicateObject
SSDT BA73FDCA ZwLoadKey
SSDT BA73FD98 ZwOpenProcess
SSDT BA73FD9D ZwOpenThread
SSDT BA73FE1F ZwQueryValueKey
SSDT BA73FDD4 ZwReplaceKey
SSDT BA73FE10 ZwRequestWaitReplyPort
SSDT BA73FDCF ZwRestoreKey
SSDT BA73FE0B ZwSetContextThread
SSDT BA73FE15 ZwSetSecurityObject
SSDT BA73FDC0 ZwSetValueKey
SSDT BA73FE1A ZwSystemDebugControl
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6CCA640]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB95DD380, 0x2188BD, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[2040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DE2E40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\Explorer.EXE[2040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DE2C10] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\Explorer.EXE[2040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DE2C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\Explorer.EXE[2040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DE2C20] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Dokumente und Einstellungen\Wilmer\Desktop\b6pvtw8d.exe[4012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Dokumente und Einstellungen\Wilmer\Desktop\b6pvtw8d.exe[4012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Dokumente und Einstellungen\Wilmer\Desktop\b6pvtw8d.exe[4012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Dokumente und Einstellungen\Wilmer\Desktop\b6pvtw8d.exe[4012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\00000090 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\00000091 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\00000093 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\00000094 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\00000095 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
12.07.2012, 19:14
Moderator

Beiträge: 5694
#7 Schritt 1

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
O4 - HKCU..\Run: [{C5ECC9EC-AF98-05A5-37D3-089114B1C27B}] "C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Awluxio\uqraam.exe" File not found
O4 - HKCU..\Run: [{CC078BEB-EAC8-2F72-2298-5B1529C1AE52}] "C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Adenw\dukyyw.exe" File not found
O4 - HKCU..\Run: [Corpar] rundll32.exe "C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Adobe\Update\vidret.dat"" File not found
O4 - HKCU..\Run: [Phoenix Backup] C:\PROGRA~1\SYDATEC\PHOENI~1\pbtray.exe File not found
O4 - HKLM..\Run: [EfficientStickyNotes] File not found
O33 - MountPoints2\{88aafc35-c331-11df-9b02-005056c00008}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{88aafc35-c331-11df-9b02-005056c00008}\Shell\verb\command - "" = F:\installer.exe
O33 - MountPoints2\{94ba0979-a1cd-11de-9ac0-0019d2242b14}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{c7496bd7-f14f-11dd-9a7c-0019d2242b14}\Shell - "" = AutoRun
O33 - MountPoints2\{c7496bd7-f14f-11dd-9a7c-0019d2242b14}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7496bd7-f14f-11dd-9a7c-0019d2242b14}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c7496bd9-f14f-11dd-9a7c-0019d2242b14}\Shell - "" = AutoRun
O33 - MountPoints2\{c7496bd9-f14f-11dd-9a7c-0019d2242b14}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7496bd9-f14f-11dd-9a7c-0019d2242b14}\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

Schritt 2

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.
Seitenanfang Seitenende
12.07.2012, 22:10
Member

Themenstarter

Beiträge: 36
#8 Vielen Dank für die Hilfe bis hierher.
Ich habe OTL mit dem Skript gestartet. In der Statuszeile steht nun "Killin processes: DO NOT INTERRUPT ..."
Dies allerdings schon seit gut einer Stunde ... Ist das richtig so und wie lang kann das dauern?
Danke schon mal und viele Grüße.
Seitenanfang Seitenende
12.07.2012, 22:28
Moderator

Beiträge: 5694
#9 Nein, hast Du genau den Inhalt in der Textbox hier in die Textbox im Programm kopiert?? Schau dass nicht noch vor und nach dem Log Sonderzeichen stehen.
Seitenanfang Seitenende
12.07.2012, 23:35
Member

Themenstarter

Beiträge: 36
#10 Hmmm ... hab's abgebrochen und neu gestartet. Gleiches Ergebnis ...
Irgendeine Idee?

Gibt es einen Unterschied zwischen dem Button "Fix" und "Bereinigen"?
Dieser Beitrag wurde am 13.07.2012 um 07:34 Uhr von Forsch editiert.
Seitenanfang Seitenende
13.07.2012, 08:02
Moderator

Beiträge: 5694
#11 JA. Fixen musst Du Bereinigen löscht sämtliche Tools. Ich denke Du gehst nicht genau nach Anleitung vor! Kopiere den Text ins Textfeld und mache einen Screenshot für mich. Der Text im Textfeld muss genau SO aussehen wie hier im Thread.
Seitenanfang Seitenende
13.07.2012, 08:27
Member

Themenstarter

Beiträge: 36
#12 Nach allem, was ich erkennen kann, mache ich das. Screenshot habe ich angehängt.

Meine Vorgehensweise:
- Neustart
- Alle Programme schließen
- OTL starten
- Script kopieren
- Fix klicken

Merci für's Kontrollieren ... :-)

Anhang: otl.png
Seitenanfang Seitenende
13.07.2012, 08:51
Moderator

Beiträge: 5694
#13 Und wenn Du auf fix klickst dann kommt was?
Seitenanfang Seitenende
13.07.2012, 09:01
Member

Themenstarter

Beiträge: 36
#14 Nur die meldung in der statuszeile. Killing prozesses. DO NOT INTERRUPT ...
:-(
Der Rechner steht dann und kann nur durch reset gestartet werden.. der mauszeiger ist da, man kann aber nichts damit machen ...
Seitenanfang Seitenende
13.07.2012, 13:23
Member

Themenstarter

Beiträge: 36
#15 Hmmm, ich habe mir mal das OTL Skript näher angeschaut. Bis auf zwei Enträge ist das, was gelöscht werden soll irgendwelcher alter Schrott. Wichtig scheinen mir die Einträge

O4 - HKCU..\Run: [{C5ECC9EC-AF98-05A5-37D3-089114B1C27B}] "C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Awluxio\uqraam.exe" File not found
O4 - HKCU..\Run: [{CC078BEB-EAC8-2F72-2298-5B1529C1AE52}] "C:\Dokumente und Einstellungen\Wilmer\Anwendungsdaten\Adenw\dukyyw.exe" File not found

Eigentlich sollte man dies und alles andere doch auch per Hand in der Registry entfernen können, bzw. CCleaner sollte gute Dienste leisten.

Was hältst Du davon, wenn ich wie folgt weiter vorgehe:
- Registry Analyse mit CCleaner
- alle von OTL bemängelten Einträge rauswerfen
- Neustart
- dann noch mal OTL Scan laufen lassen

Freue mich auf Antwort von Dir :-)
Forsch
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: