Virusbefall und Logdateien

Mein Problem bei meinen PC ist, dass er einen Virus hat.
Vorher hatte sich immer beim Desktop eingeforen obwohl keine Programme liefen.
Auch während der Kennwort-Eingabe und im CD-Boot-Menü.

Ich habe eine Reparatur durchgeführt u. das SP 2 installiert. Damit sind die ständigen Fehlermeldungen verschwunden.

Ich habe Malware Bytes Anti-Malware, OTL und Defrogger durchgeführt.
(OTL lief lange wurde aber mit einer Fehlermeldung abgebrochen.)

Ich habe hier die Logdateien, aber was kann ich jetzt machen, soll ich diese Dateien einfach löschen oder in Quarantäne verschieben?

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:20 on 04/11/2012 (xxxNamexxx)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-


OTL logfile created on: 04.11.2012 16:20:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\xxxNamexxx\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 76,88% Memory free
4,23 Gb Paging File | 4,00 Gb Available in Paging File | 94,68% Paging File free
Paging file location(s): c:\pagefile.sys 2686 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 114,48 Gb Total Space | 20,33 Gb Free Space | 17,76% Space Free | Partition Type: NTFS
Drive D: | 525,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 5,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 971,51 Mb Total Space | 962,96 Mb Free Space | 99,12% Space Free | Partition Type: FAT32

Computer Name: xxxNamexxx | User Name: xxxNamexxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.04 16:02:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxNamexxx\Desktop\OTL.exe
PRC - [2012.10.19 02:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.05.29 14:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe
PRC - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
PRC - [2010.07.28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010.07.28 17:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2006.09.14 10:51:54 | 002,162,688 | R--- | M] (Gainward Co.) -- C:\WINDOWS\TBPanel.exe
PRC - [2006.03.23 16:06:50 | 001,398,272 | ---- | M] (Nero AG) -- C:\Programme\Ahead\InCD\InCD.exe
PRC - [2006.03.23 16:06:38 | 000,880,128 | ---- | M] (Nero AG) -- C:\Programme\Ahead\InCD\InCDsrv.exe
PRC - [2003.12.02 13:07:54 | 003,917,824 | ---- | M] (VIA Technologies, Inc.) -- C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
PRC - [2003.04.02 13:00:00 | 001,007,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.27 21:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.06.23 18:12:28 | 007,187,456 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010.06.23 18:11:52 | 000,325,632 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010.06.23 18:11:48 | 001,954,304 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010.06.23 18:11:48 | 000,847,360 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010.06.23 17:38:18 | 000,119,808 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2007.06.28 23:43:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006.08.09 04:52:44 | 000,032,768 | R--- | M] () -- C:\WINDOWS\TBPanelExt.dll
MOD - [2003.11.10 06:53:26 | 000,032,768 | ---- | M] () -- C:\Programme\VIA Technologies, Inc\Audio Deck\ExtendDll.dll
MOD - [1998.10.31 03:55:56 | 000,005,120 | R--- | M] () -- C:\WINDOWS\TBManage.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.28 20:24:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.16 17:58:34 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.10 12:24:19 | 002,309,656 | ---- | M] () [Auto | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012.10.09 20:49:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.09 11:27:15 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012.02.26 23:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater)
SRV - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.07.28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2006.03.23 16:06:38 | 000,880,128 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.04.02 13:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Fxdrv.sys -- (FXDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\fetnd5.sys -- (FETNDIS)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012.10.04 12:07:05 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.12.11 17:38:04 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2010.11.22 21:04:07 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.11.22 21:04:06 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.11.09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.06.23 18:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2006.03.23 16:15:58 | 000,102,016 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006.03.23 16:15:56 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2006.03.23 16:00:28 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2003.10.03 01:45:56 | 000,411,008 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio)
DRV - [2003.08.21 15:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2003.08.05 07:14:32 | 000,077,056 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viasraid.sys -- (viasraid)
DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002.07.27 17:01:06 | 000,005,306 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2002.07.27 17:01:06 | 000,005,306 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2001.12.05 17:00:00 | 000,011,237 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DstVid.sys -- (DstVid)
DRV - [2001.12.05 17:00:00 | 000,008,901 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DstAud.sys -- (DstAud)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{00654977-8F38-7B75-0D30-16600A45EEB7}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtDtCyC0CtB0DtCtD0CzzzzyB0AtCtN0D0Tzu0CtByDyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=230397589

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Handy - Festnetz - Internet - Mobiles Internet - TV | A1.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Programme\appbario8\prxtbappb.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{00654977-8F38-7B75-0D30-16600A45EEB7}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109958&tt=3712_4&babsrc=SP_ss&mntrId=b4e187a100000000000000016c2d10c8
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826466F726D3D494538535243&st={searchTerms}&clid=87243d50-ec65-4768-bf2e-59b91cf56428&pid=fotofreeware&k=0
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109958&tt=3712_4&babsrc=SP_ss&mntrId=b4e187a100000000000000016c2d10c8
IE - HKCU\..\SearchScopes\{4EDE95F2-12B9-4B6C-8E8B-15A619742C70}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=87243d50-ec65-4768-bf2e-59b91cf56428&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6189BC42-5363-4BC2-B288-C9DAAD3661E9}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=87243d50-ec65-4768-bf2e-59b91cf56428&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435433323237393832&st={searchTerms}&clid=87243d50-ec65-4768-bf2e-59b91cf56428&pid=fotofreeware&k=0
IE - HKCU\..\SearchScopes\{B0BEEAF5-C367-4030-A233-1F5CEE8DAAEF}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=87243d50-ec65-4768-bf2e-59b91cf56428&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{B67DD2CB-13E3-46C0-BC7D-E1D445A1BB0D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=aef76d0d-7acc-418a-8cab-46f551b7ae13&apn_sauid=B9422D57-35B8-4F13-9E55-2380A49D2F6F
IE - HKCU\..\SearchScopes\{D09F767F-5A07-4607-A60C-B9DC1D167C35}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=87243d50-ec65-4768-bf2e-59b91cf56428&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D91B3FD8-F962-4F3B-813C-5B79774CB2F8}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=87243d50-ec65-4768-bf2e-59b91cf56428&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{FB2EB95E-1D36-4923-B2E8-2EAE3865C961}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=87243d50-ec65-4768-bf2e-59b91cf56428&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.startup.homepage: "http://www.google.at/firefox"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.at/firefox"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10263&locale=de_AT&apn_uid=aef76d0d-7acc-418a-8cab-46f551b7ae13&apn_ptnrs=%5EAGU&apn_sauid=B9422D57-35B8-4F13-9E55-2380A49D2F6F&apn_dtid=%5EYYYYYY%5EYY%5EAT&&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.28 20:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.01 13:15:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions\firejump@firejump.net
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\inlinetranslate@inlinetranslate.com: C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions\inlinetranslate@inlinetranslate.com [2012.08.09 11:27:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.10.11 00:12:49 | 000,000,000 | ---D | M]

[2010.11.19 11:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Extensions
[2012.11.02 11:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions
[2012.08.21 20:43:10 | 000,000,000 | ---D | M] (appbario8 Community Toolbar) -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions\{0cc09160-108c-4759-bab1-5c12c216e005}
[2012.08.01 23:17:45 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.05.10 20:19:10 | 000,000,000 | ---D | M] ("Fox Splitter") -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions\foxsplitter@piro.sakura.ne.jp
[2012.08.09 11:27:23 | 000,000,000 | ---D | M] (Translator) -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions\inlinetranslate@inlinetranslate.com
[2012.11.02 10:46:58 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions\toolbar@ask.com
[2012.09.10 18:20:05 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions\toolbar@stumbleupon.com
[2012.08.22 22:11:44 | 000,110,795 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions\extension@preispilot.com.xpi
[2012.07.25 12:01:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.01 23:17:41 | 000,172,310 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.11.02 10:46:58 | 000,002,344 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\searchplugins\askcom.xml
[2012.09.10 18:15:28 | 000,002,212 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\searchplugins\BabylonMngr.xml
[2012.08.09 11:27:37 | 000,001,129 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\searchplugins\bProtect.xml
[2012.08.09 11:27:37 | 000,001,129 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\searchplugins\conduit.xml
[2012.09.10 18:33:30 | 000,002,337 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\searchplugins\Search.xml
[2012.08.09 11:27:37 | 000,004,228 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\searchplugins\sweetim.xml
[2012.08.09 11:27:37 | 000,004,003 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\searchplugins\youtube.xml
[2012.08.09 11:27:37 | 000,002,079 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\searchplugins\{0DD4FC75-9547-4455-932C-E6E05DF66A25}.xml
[2012.08.09 11:27:37 | 000,002,190 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\searchplugins\{A0B712C9-1BE6-4E7D-9359-FB6DEA0D41D1}.xml
[2012.08.09 11:27:37 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\searchplugins\{D5F1BDEA-55AC-4C28-91AC-363A76D08614}.xml
[2012.08.09 11:27:38 | 000,001,096 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Mozilla\Firefox\Profiles\syapmhfc.default\searchplugins\{EF3B0C8C-3BB4-4A98-9083-BD46D58B764A}.xml
[2012.09.07 21:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.28 20:24:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.10.13 23:58:44 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 18:15:00 | 000,002,349 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.10.13 23:58:44 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.10.13 23:58:44 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.13 23:58:44 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.13 23:58:44 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.13 23:58:44 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2003.04.02 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Programme\appbario8\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll File not found
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Programme\appbario8\prxtbappb.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (appbario8 Toolbar) - {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Programme\appbario8\prxtbappb.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDeck] C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Gainward] C:\WINDOWS\TBPanel.exe (Gainward Co.)
O4 - HKLM..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [InstaLAN] C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75FDC008-F81F-4C76-B25F-B5FF4611B06E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22630~1.40\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.19 08:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.04.02 13:00:00 | 000,000,112 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006.12.11 21:03:59 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{45c80641-f3ae-11df-b222-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{45c80641-f3ae-11df-b222-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45c80641-f3ae-11df-b222-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2003.04.02 13:00:00 | 002,580,480 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{e67303f8-175b-11e0-b2c9-00016c2d10c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e67303f8-175b-11e0-b2c9-00016c2d10c8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e67303f8-175b-11e0-b2c9-00016c2d10c8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006.12.07 19:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006.12.07 19:45:13 | 001,095,224 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.04 16:02:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxNamexxx\Desktop\OTL.exe
[2012.11.04 14:23:02 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012.11.04 14:23:02 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012.11.04 14:23:02 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012.11.04 14:20:52 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012.11.04 12:03:23 | 000,274,432 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012.11.03 14:15:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxNamexxx\Lokale Einstellungen\Anwendungsdaten\fontconfig
[2012.11.03 14:15:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxNamexxx\.gimp-2.8
[2012.11.03 14:15:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxNamexxx\Lokale Einstellungen\Anwendungsdaten\gegl-0.2
[2012.11.02 10:52:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Avira
[2012.11.02 10:47:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.11.02 10:46:44 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2012.11.02 10:46:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxNamexxx\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[2012.11.02 10:46:14 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.11.02 10:46:09 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.11.02 10:46:09 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.11.02 10:46:09 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.11.02 10:46:03 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2012.11.02 10:46:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.10.12 20:49:46 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\xxxNamexxx\Eigene Dateien\Dropbox
[2012.10.12 20:46:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Dropbox
[2012.10.08 21:14:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2012.10.08 21:14:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxNamexxx\Lokale Einstellungen\Anwendungsdaten\Panasonic
[2012.10.07 11:56:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Panasonic
[2012.10.07 11:56:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Panasonic
[2012.10.07 11:56:14 | 000,000,000 | ---D | C] -- C:\Programme\Panasonic
[2012.10.07 11:56:01 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2012.10.07 11:56:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.04 16:24:11 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2012.11.04 16:19:47 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\defogger_reenable
[2012.11.04 16:11:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.04 16:03:06 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Desktop\9lunjzgk.exe
[2012.11.04 16:02:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxNamexxx\Desktop\OTL.exe
[2012.11.04 16:02:22 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Desktop\Defogger.exe
[2012.11.04 15:02:00 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2012.11.04 15:00:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.04 15:00:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012.11.04 14:29:24 | 000,516,508 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.11.04 14:29:24 | 000,493,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.04 14:29:24 | 000,100,538 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.11.04 14:29:24 | 000,083,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.11.04 14:26:05 | 000,257,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.11.04 14:24:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012.11.04 14:20:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012.11.04 14:20:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012.11.04 14:19:57 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2012.11.04 14:19:34 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012.11.04 14:17:25 | 000,022,864 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.11.04 14:15:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012.11.04 12:13:08 | 000,004,382 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.11.04 00:37:43 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.11.04 00:33:33 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.03 13:16:44 | 000,019,094 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.22 20:58:11 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\.gtk-bookmarks
[2012.10.20 13:22:26 | 000,064,512 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.07 11:57:05 | 000,001,722 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HD Writer AE 3.0.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.04 16:19:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxNamexxx\defogger_reenable
[2012.11.04 16:03:03 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Desktop\9lunjzgk.exe
[2012.11.04 16:02:16 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Desktop\Defogger.exe
[2012.11.04 15:01:56 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Startmenü\Programme\Internet Explorer.lnk
[2012.11.04 14:22:54 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012.11.04 14:22:30 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012.11.04 14:22:21 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012.11.04 14:22:20 | 000,196,666 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012.11.04 14:22:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012.11.04 14:21:17 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012.11.04 14:21:13 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012.11.04 14:21:09 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012.11.04 14:20:55 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012.11.04 14:08:35 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012.11.04 14:08:35 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012.11.04 14:08:35 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012.11.04 14:08:35 | 000,031,405 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012.11.04 14:08:35 | 000,013,898 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012.11.04 14:08:35 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012.11.04 14:08:35 | 000,010,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012.11.04 14:08:35 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012.11.04 14:08:35 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012.11.04 14:08:35 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012.11.04 14:08:34 | 001,904,251 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012.11.04 14:08:34 | 000,483,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012.11.04 12:05:46 | 000,351,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012.11.03 13:16:44 | 000,019,094 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.11.02 10:46:54 | 000,000,248 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.10.22 20:58:11 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxNamexxx\.gtk-bookmarks
[2012.10.07 11:57:05 | 000,001,722 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HD Writer AE 3.0.lnk
[2012.09.20 23:49:02 | 000,007,701 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Neues Dokument 1.2012_09_21_00_49_02.0
[2012.09.20 20:04:38 | 000,006,137 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Unbenanntes Dokument 2.2012_09_20_21_04_38.0
[2012.09.10 18:29:13 | 000,384,844 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Lokale Einstellungen\Anwendungsdaten\funmoods-speeddial.crx
[2012.09.10 18:29:09 | 000,031,465 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Lokale Einstellungen\Anwendungsdaten\funmoods.crx
[2012.08.31 15:14:21 | 000,938,554 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1645522239-606747145-839522115-1004-0.dat
[2012.08.31 15:14:20 | 000,261,482 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.07.21 19:35:56 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2012.04.11 21:28:04 | 000,023,324 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.12.24 19:30:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011.11.17 21:13:00 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2011.10.28 19:34:58 | 000,083,968 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2011.10.28 19:34:19 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2011.10.28 19:34:19 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2011.10.28 19:29:46 | 000,080,384 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2011.07.23 09:59:08 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2011.07.17 13:01:03 | 000,000,276 | ---- | C] () -- C:\WINDOWS\game.ini
[2011.05.08 14:21:54 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2011.04.04 16:42:22 | 000,179,764 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
[2011.04.04 16:42:21 | 000,000,986 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
[2011.04.04 15:39:03 | 000,106,909 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2011.02.21 17:27:57 | 000,179,779 | ---- | C] () -- C:\WINDOWS\hpoins29.dat.temp
[2011.02.21 17:27:57 | 000,000,986 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat.temp
[2011.02.04 23:37:17 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011.02.04 23:37:17 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011.02.04 23:37:15 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011.02.04 23:37:15 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011.02.04 23:37:13 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011.02.04 23:37:13 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011.02.04 23:37:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011.02.04 23:37:12 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011.02.04 23:37:08 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2011.02.04 20:05:04 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.02.04 20:05:01 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.02.04 20:05:01 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.02.04 20:04:38 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.12.06 15:47:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010.12.05 09:38:21 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010.11.23 17:35:49 | 000,138,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.11.23 17:35:39 | 000,234,536 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.11.23 17:31:30 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.11.22 21:04:07 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.11.22 21:04:06 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.11.22 00:15:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2010.11.19 15:27:29 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Ÿ9Ÿ9
[2010.11.19 14:15:54 | 000,064,512 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxNamexxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.19 11:17:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.11.19 10:28:50 | 000,019,556 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010.11.19 09:49:23 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2010.11.19 09:47:11 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.11.19 09:45:22 | 000,032,768 | R--- | C] () -- C:\WINDOWS\TBPanelExt.dll
[2010.11.19 09:45:22 | 000,005,120 | R--- | C] () -- C:\WINDOWS\TBManage.dll
[2010.11.19 09:45:21 | 000,026,624 | R--- | C] () -- C:\WINDOWS\TBZoom.exe
[2010.11.19 09:29:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2010.11.19 08:40:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.11.19 08:37:06 | 000,022,864 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.11.19 08:27:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.11.19 08:26:16 | 000,257,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.10.13 12:33:54 | 000,008,560 | ---- | C] () -- C:\Programme\pcwEmptyFolder.hta

========== ZeroAccess Check ==========

[2011.02.02 11:33:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2003.04.02 13:00:00 | 001,341,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2003.04.02 13:00:00 | 000,565,248 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2003.04.02 13:00:00 | 000,259,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.01.27 23:04:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Affinegy
[2012.09.10 18:14:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2011.01.27 23:02:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Belkin
[2012.10.11 00:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager
[2012.07.27 11:38:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2012.07.22 22:23:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lionhead Studios
[2010.11.19 11:59:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\m2backup
[2012.09.13 23:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.11.19 12:00:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2012.10.08 21:14:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2012.09.05 21:52:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pictomio
[2012.08.04 09:06:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2012.09.10 18:06:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2012.09.01 09:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.11.19 21:29:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.01.20 12:10:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8AB7D599-D73A-4A0C-A96B-44FCD7FD2FA4}
[2011.01.20 12:09:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A98ABCA6-042C-4AA6-A883-BCF6AE2E95D2}
[2011.01.20 12:09:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BEB9F3F2-73A8-4726-8571-1F9179EFDF9B}
[2012.09.10 18:07:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\4Free
[2012.08.08 22:40:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Amazon
[2012.07.27 11:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Anvsoft
[2012.09.13 22:39:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\avidemux
[2012.09.10 18:14:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Babylon
[2012.09.10 18:15:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\BabylonToolbar
[2011.05.16 19:56:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Bioshock
[2011.02.13 11:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Blender Foundation
[2012.09.09 10:13:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\DesktopIconForAmazon
[2012.01.24 18:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\digital publishing
[2012.11.02 11:04:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Dropbox
[2011.02.04 00:42:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\fretsonfire
[2011.06.18 16:34:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\GameSave Manager 2
[2010.11.24 17:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\GetRightToGo
[2012.11.03 13:16:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\gtk-2.0
[2010.12.14 18:15:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\IcoFX
[2012.09.20 19:51:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Inkscape
[2012.07.22 22:30:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Lionhead Studios
[2012.09.13 23:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\MAGIX
[2010.11.19 11:59:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\mquadr.at
[2012.07.21 19:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\OCS
[2010.11.20 10:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\OpenOffice.org
[2012.07.21 19:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Opera
[2012.07.28 15:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Oracle
[2012.09.10 18:06:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Softonic
[2012.09.10 18:20:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\StumbleUpon
[2012.08.01 23:22:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Talkative IRC
[2011.02.02 12:17:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\WeGame

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:73BDADA8
< End of report >


OTL Extras logfile created on: 04.11.2012 16:20:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\xxxNamexxx\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 76,88% Memory free
4,23 Gb Paging File | 4,00 Gb Available in Paging File | 94,68% Paging File free
Paging file location(s): c:\pagefile.sys 2686 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 114,48 Gb Total Space | 20,33 Gb Free Space | 17,76% Space Free | Partition Type: NTFS
Drive D: | 525,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 5,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 971,51 Mb Total Space | 962,96 Mb Free Space | 99,12% Space Free | Partition Type: FAT32

Computer Name: xxxNamexxx | User Name: xxxNamexxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile

Editiert:

---

-- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile

Editiert:

---

-- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Messenger\Msmsgs.exe" = C:\Programme\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\PC-Spiele\Anno1701.exe" = C:\Programme\PC-Spiele\Anno1701.exe:*:Enabled:Anno 1701
"C:\Programme\PC-Spiele\Battlefield 2\BF2.exe" = C:\Programme\PC-Spiele\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\WINDOWS\Temp\Installer.exe" = C:\WINDOWS\Temp\Installer.exe:*:Enabled:Installer -- (mquadr.at software engineering & consulting GmbH - Web: mquadr.at :: Self-Service Connectivity Software for Internet Access Providers - Mail: office@mquadr.at)
"C:\Programme\aon\aonController\aonController.exe" = C:\Programme\aon\aonController\aonController.exe:*:Enabled:Controller -- (mquadr.at software engineering and consulting GmbH, web: mquadr.at :: Self-Service Connectivity Software for Internet Access Providers, mail: office@mquadr.at)
"C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire
"C:\Programme\PC-Spiele\Timeshift\bin\TimeShift.exe" = C:\Programme\PC-Spiele\Timeshift\bin\TimeShift.exe:*isabled:TimeShift
"C:\Programme\Steam\SteamApps\chris188715\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\chris188715\team fortress 2\hl2.exe:*:Enabled:hl2
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Programme\PC-Spiele\Age of Empires II\EMPIRES2.EXE" = C:\Programme\PC-Spiele\Age of Empires II\EMPIRES2.EXE:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Programme\Steam\SteamApps\chris188715\team fortress classic\hl.exe" = C:\Programme\Steam\SteamApps\chris188715\team fortress classic\hl.exe:*:Enabled:Team Fortress Classic -- (Valve)
"C:\Programme\Steam\SteamApps\chris188715\half-life\hl.exe" = C:\Programme\Steam\SteamApps\chris188715\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabledienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Steam\SteamApps\common\Max Payne 2 The Fall of Max Payne\maxpayne2.exe" = C:\Programme\Steam\SteamApps\common\Max Payne 2 The Fall of Max Payne\maxpayne2.exe:*:Enabled:Max Payne 2: The Fall of Max Payne -- (Remedy Entertainment)
"C:\Programme\Steam\SteamApps\common\Max Payne\maxpayne.exe" = C:\Programme\Steam\SteamApps\common\Max Payne\maxpayne.exe:*:Enabled:Max Payne -- (Remedy Entertainment)
"C:\Programme\Steam\SteamApps\common\earthworm jim\Earthworm Jim 1\runme.exe" = C:\Programme\Steam\SteamApps\common\earthworm jim\Earthworm Jim 1\runme.exe:*:Enabled:Earthworm Jim -- ()
"C:\Programme\Steam\SteamApps\common\earthworm jim\Earthworm Jim 2\runme.exe" = C:\Programme\Steam\SteamApps\common\earthworm jim\Earthworm Jim 2\runme.exe:*:Enabled:Earthworm Jim 2 -- ()
"C:\Programme\Steam\SteamApps\common\earthworm jim\Earthworm Jim 3D\EarthwormJim3D.exe" = C:\Programme\Steam\SteamApps\common\earthworm jim\Earthworm Jim 3D\EarthwormJim3D.exe:*:Enabled:Earthworm Jim 3D -- ()
"C:\Programme\Steam\SteamApps\chris188715\opposing force\hl.exe" = C:\Programme\Steam\SteamApps\chris188715\opposing force\hl.exe:*:Enabled:Half-Life: Opposing Force -- (Valve)
"C:\Programme\Steam\SteamApps\common\Vampire The Masquerade - Bloodlines\vampire.exe" = C:\Programme\Steam\SteamApps\common\Vampire The Masquerade - Bloodlines\vampire.exe:*:Enabled:Vampire: The Masquerade - Bloodlines -- ()
"C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Programme\mIRC\uninstall.exe _=C\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\uninstall.exe _=C\Programme\mIRC\mirc.exe:*:Enabled:mIRC
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager
"C:\Programme\Talkative IRC\Talkative IRC.exe" = C:\Programme\Talkative IRC\Talkative IRC.exe:*:Enabled:Talkative IRC -- (infiero)
"C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\xxxNamexxx\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabledropbox


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{27D7F575-4AA0-4C12-AA68-128E1C8979F7}" = Scarface: The World is Yours
"{284CF4B8-4055-4D2E-BC04-5ADD7AA10E3D}" = The Movies(TM) 1.1 Patch
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}" = MAGIX Video deluxe 2013
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7061301A-0D44-432F-859D-AF705DA2C81F}_is1" = 4Free Video Converter 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3A1D6DC-7CB4-4894-8E54-3A48493EF488}" = MAGIX Speed burnR (MSI)
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7709081-CE4E-4339-A727-F88E648F92FA}_is1" = Oblivion Improved 1.41
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C84149C6-0CF4-4003-BF6F-B9E70E3ACB90}_is1" = InlineTranslate für Firefox
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC8F2E3-AC9A-357C-BFCB-BFAC37C4AC50}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D75915D3-6CFF-445F-A346-18ED6EF2F618}" = Microsoft IntelliType Pro 6.01
"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Mythology 1.0" = Age of Mythology
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"appbario8 Toolbar" = appbario8 Toolbar
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.6" = Avidemux 2.6 (32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"BabylonToolbar" = Babylon toolbar on IE
"Battle.net" = Battle.net
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Blender" = Blender (remove only)
"BTmod" = Oblivion - BTmod 2.20
"Call of Duty" = Call of Duty
"Controller" = Controller
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"D-Fend Reloaded" = D-Fend Reloaded 1.0.2 (deinstallieren)
"Frets on Fire" = Frets On Fire
"Gainward" = EXPERTool
"GameSave Manager_2.0" = GameSave Manager
"Golden Age of Racing/DE-German_is1" = Golden Age of Racing
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IcoFX_is1" = IcoFX 1.6.4
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"Inkscape" = Inkscape 0.46
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"InstallShield_{27D7F575-4AA0-4C12-AA68-128E1C8979F7}" = Scarface: The World is Yours
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"IrfanView" = IrfanView (remove only)
"MAGIX_{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}" = MAGIX Video deluxe 2013
"MAGIX_{A3A1D6DC-7CB4-4894-8E54-3A48493EF488}" = MAGIX Speed burnR (MSI)
"memoFOTO" = memoFOTO 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Painkiller Black Edition" = Painkiller Black Edition
"PhotoPad" = PhotoPad Image Editor
"PhotoStage" = PhotoStage Slideshow Producer
"Pictomio" = Pictomio
"RollerCoaster Tycoon Setup" = Roll
"RPG Maker 2000 Vampires" = RPG Maker 2000 - Vampires Dawn
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SearchAnonymizer" = SearchAnonymizer
"Shop for HP Supplies" = Shop for HP Supplies
"Softonic" = Softonic toolbar on IE
"Steam App 105600" = Terraria
"Steam App 12140" = Max Payne
"Steam App 12150" = Max Payne 2: The Fall of Max Payne
"Steam App 130" = Half-Life: Blue Shift
"Steam App 20" = Team Fortress Classic
"Steam App 2600" = Vampire: The Masquerade - Bloodlines
"Steam App 38480" = Earthworm Jim
"Steam App 440" = Team Fortress 2
"Steam App 50" = Half-Life: Opposing Force
"Steam App 70" = Half-Life
"Talkative IRC_is1" = Talkative IRC 0.4.4.16
"Ultima IX" = Ultima IX
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.5
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"CodeBlocks" = CodeBlocks
"OnlineFestplatte" = aon Online Festplatte (entfernen)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04.11.2012 11:17:08 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:11 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:13 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:16 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:18 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:21 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:24 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:33 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:18:15 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:20:25 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

[ Application Events ]
Error - 04.11.2012 11:17:08 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:11 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:13 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:16 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:18 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:21 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:24 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:17:33 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:18:15 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 04.11.2012 11:20:25 | Computer Name = xxxNamexxx | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

[ System Events ]
Error - 04.11.2012 11:14:09 | Computer Name = xxxNamexxx | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Browser
Manager.

Error - 04.11.2012 11:14:09 | Computer Name = xxxNamexxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Browser Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 04.11.2012 11:14:09 | Computer Name = xxxNamexxx | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Microsoft
.NET Framework NGEN v4.0.30319_X86.

Error - 04.11.2012 11:14:09 | Computer Name = xxxNamexxx | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
folgendem dienstspezifischem Fehler beendet: 2147952506 (0x8007277A).

Error - 04.11.2012 11:14:09 | Computer Name = xxxNamexxx | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet: %%10106

Error - 04.11.2012 11:14:09 | Computer Name = xxxNamexxx | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst SearchAnonymizer.

Error - 04.11.2012 11:14:09 | Computer Name = xxxNamexxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SearchAnonymizer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 04.11.2012 11:14:09 | Computer Name = xxxNamexxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1083

Error - 04.11.2012 11:15:27 | Computer Name = xxxNamexxx | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.

Error - 04.11.2012 11:15:27 | Computer Name = xxxNamexxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
FltMgr
< End of report >


Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.09.29.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Hoffer xxxNamexxx :: xxxNamexxx [Administrator]

Schutz: Aktiviert

04.11.2012 17:28:19
mbam-log-2012-11-04 (17-47-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204947
Laufzeit: 18 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 23
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\SVKP (Trojan.Agent) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Keine Aktion durchgeführt.
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Daten: c92b9fa1b7c79a31ff1a6f6430bf6053 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Dokumente und Einstellungen\Hoffer xxxNamexxx\Lokale Einstellungen\Temp\softonic_ssk_conduit.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\WINDOWS\system32\SVKP.sys (Trojan.Agent) -> Keine Aktion durchgeführt.
(Ende)

Bitte helft mir. Mein System XP Home SP2 AMD Athlon XP 2600 1.9 Ghz, 1,7 Gb RAM, 7600 GT 256 MB,

---

---

 

Hy,

kannst du mir vielleicht noch sagen ob die Möglichkeit besteht, das der Virus einer meiner privaten Dateien vielleicht kopiert haben könnte? Also das ein anderer Nutzer diese nun hat?

by

 

Ja, war sehr gut beschrieben.

Was mir noch aufällt ist beim AntiVir, dass er bei mir 26 versteckte Objekte findet.

Was sind versteckte Objekte, sind die gefährlich?

Außerdem hat er bei mir das hier angezeigt.
C:\System Volume Information\_restore{99A994AD-37ED-4B42-96A3-8D6C47D3082A}\RP49\A0029617.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!

Diese Datei gehört zu Antivir selber oder? Soll ich sie löschen?