wpbt0.dll - nach GVU Trojaner

Dieses Thema wpbt0.dll - nach GVU Trojaner im Forum "Viren, Trojaner, Spyware etc." wurde erstellt von tensal47, 30. Jan. 2013.

Thema: wpbt0.dll - nach GVU Trojaner Hallo, eine Bekannte hat sich gestern einen GVU-Trojaner eingefangen. Ich half ihr bislang mittels Telefon und...

  1. Hallo,
    eine Bekannte hat sich gestern einen GVU-Trojaner eingefangen.
    Ich half ihr bislang mittels Telefon und Teamviewer - denke aber, dass das doch ne größere Sache ist.

    Weshalb ich, falls möglich gerne euere Hilfe in Anspruch nehmen würde.

    --
    Erste Maßnahme war die Entfernung mittels HitmanPro Kickstart.

    Beim Windows-Start kommt dann die Meldung wpbt0.dll das angegebene Modul wurde nicht gefunden.
    Wenn man das mit OK bestätigt passiert erstmal nichts weiter.

    Über STRG+ALT+ENTF kann man explorer.exe als neuen Task starten. Die Taskleiste erscheint nicht.

    MBAM hat nichts gefunden.
    SUPER nur Tracking-Cookies.

    Es folgen die OTL-Logs.

    Vorab schonmal herzlichen Dank!



    OTL 1.1

    OTL logfile created on: 30.01.2013 21:27:26 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Name\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    3,87 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,65% Memory free
    7,73 Gb Paging File | 5,93 Gb Available in Paging File | 76,71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 254,14 Gb Total Space | 84,99 Gb Free Space | 33,44% Space Free | Partition Type: NTFS
    Drive D: | 29,00 Gb Total Space | 21,72 Gb Free Space | 74,92% Space Free | Partition Type: NTFS

    Computer Name: Z560 | User Name: Name | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Name\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    PRC - c:\users\Name\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe (TeamViewer GmbH)
    PRC - C:\Users\Name\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
    PRC - C:\Users\Name\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
    PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
    SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe (McAfee, Inc.)
    SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
    SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
    SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
    SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
    SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
    SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
    DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
    DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
    DRV:64bit: - (usbsmi) -- C:\Windows\SysNative\drivers\SMIksdrv.sys (SMI)
    DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
    DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
    DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
    DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
    DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)
    DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
    DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
    DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
    DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
    DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
    DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
     
  2. OTL 1.2

    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...=http://go.microsoft.com/fwlink/?LinkId=69157
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...=http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://lenovo.msn.com
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.7\ytdToolbarIE.dll (Spigot, Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{871C6DB9-6A39-49CD-A2CF-DCD73ACDACF6}: URL = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyOverride = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: Google
    FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.4
    FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.7
    FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.7
    FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 18:41:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.11 18:41:52 | 000,000,000 | ---D | M]

    [2011.02.12 11:55:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Extensions
    [2011.02.12 11:55:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2013.01.28 20:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\dtmy3e16.default\extensions
    [2013.01.18 11:19:40 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\firefox\profiles\dtmy3e16.default\extensions\toolbar@web.de.xpi
    [2011.12.19 16:57:42 | 000,000,933 | ---- | M] () -- C:\Users\Name\AppData\Roaming\mozilla\firefox\profiles\dtmy3e16.default\searchplugins\11-suche.xml
    [2011.12.19 16:57:42 | 000,002,419 | ---- | M] () -- C:\Users\Name\AppData\Roaming\mozilla\firefox\profiles\dtmy3e16.default\searchplugins\englische-ergebnisse.xml
    [2011.12.19 16:57:42 | 000,010,525 | ---- | M] () -- C:\Users\Name\AppData\Roaming\mozilla\firefox\profiles\dtmy3e16.default\searchplugins\gmx-suche.xml
    [2011.12.19 16:57:42 | 000,002,457 | ---- | M] () -- C:\Users\Name\AppData\Roaming\mozilla\firefox\profiles\dtmy3e16.default\searchplugins\lastminute.xml
    [2011.12.19 16:57:42 | 000,005,508 | ---- | M] () -- C:\Users\Name\AppData\Roaming\mozilla\firefox\profiles\dtmy3e16.default\searchplugins\webde-suche.xml
    [2012.10.21 10:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012.09.25 05:47:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012.09.17 20:46:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012.10.21 10:19:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012.02.02 07:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
    [2012.02.02 07:11:41 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
    [2013.01.28 20:37:47 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
    [2013.01.28 20:37:47 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
    [2012.09.25 05:47:34 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012.12.11 18:41:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
    [2012.12.11 18:41:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
    [2012.12.11 18:41:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
    [2012.12.11 18:41:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
    [2012.12.11 18:41:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
    [2012.12.11 18:41:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
    [2012.12.11 18:41:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
    [2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2012.09.25 05:47:20 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2012.09.25 05:47:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012.09.25 05:47:20 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2012.09.25 05:47:20 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
    [2012.09.25 05:47:20 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
    [2012.09.25 05:47:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2012.09.25 05:47:20 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
    [2012.02.15 13:10:38 | 000,000,894 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
     
  3. OTL 1.3
    O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.7\ytdToolbarIE.dll (Spigot, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.7\ytdToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\windows\SysNative\WerFault.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra->Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra->Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra->Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra->Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra->Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra->Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra->Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
     
  4. OTL 1.4

    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.4.0)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.4.0)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0A71D25-1CB2-43AF-8EFC-7A84DB467DC8}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\0tbpw.bat) - C:\ProgramData\0tbpw.bat ()
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- %1 %*
    O35:64bit: - HKLM\..exefile [open] -- %1 %*
    O35 - HKLM\..comfile [open] -- %1 %*
    O35 - HKLM\..exefile [open] -- %1 %*
    O37:64bit: - HKLM\...com [@ = comfile] -- %1 %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- %1 %*
    O37 - HKLM\...com [@ = comfile] -- %1 %*
    O37 - HKLM\...exe [@ = exefile] -- %1 %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  5. OTL 1.5

    ========== Files/Folders - Created Within 30 Days ==========

    [2013.01.30 17:35:17 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\SUPERAntiSpyware.com
    [2013.01.30 17:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013.01.30 17:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013.01.30 17:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013.01.30 16:31:34 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\TeamViewer
    [2013.01.30 16:27:09 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\Malwarebytes
    [2013.01.30 16:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013.01.30 16:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013.01.30 16:24:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2013.01.30 16:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013.01.30 16:23:45 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Programs
    [2013.01.30 16:18:16 | 000,000,000 | ---D | C] -- C:\windows\pss
    [2013.01.29 17:24:02 | 000,000,000 | ---D | C] -- C:\windows\Minidump
    [2013.01.29 17:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2013.01.28 20:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
    [2013.01.28 20:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTD Toolbar
    [2013.01.28 20:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
    [2013.01.09 13:56:38 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
    [2013.01.09 13:56:38 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
    [2013.01.09 13:55:43 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
    [2013.01.09 13:55:41 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
    [2013.01.09 13:55:35 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
    [2013.01.09 13:55:35 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
    [2013.01.09 13:55:35 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
    [2013.01.09 13:55:35 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
    [2013.01.09 13:55:35 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
    [2013.01.09 13:55:35 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
    [2013.01.09 13:55:35 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
    [2013.01.09 13:55:35 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
    [2013.01.09 13:55:35 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
    [2013.01.09 13:55:35 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
    [2013.01.09 13:55:35 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
    [2013.01.09 13:55:35 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
    [2013.01.09 13:55:35 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
    [2013.01.09 13:55:35 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
    [2013.01.09 13:55:35 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
    [2013.01.09 13:55:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
    [2013.01.09 13:55:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
    [2013.01.09 13:55:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
    [2013.01.09 13:55:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
    [2013.01.09 13:55:35 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
    [2013.01.09 13:55:35 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
    [2013.01.09 13:55:34 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
    [2013.01.09 13:55:34 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
    [2013.01.09 13:55:34 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
    [2013.01.09 13:55:33 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
    [2013.01.09 13:55:33 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
    [2013.01.09 13:55:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
    [2013.01.09 13:55:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
    [2013.01.09 13:55:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
    [2013.01.09 13:55:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
    [2013.01.09 13:55:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
    [2013.01.09 13:55:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
    [2013.01.09 13:55:05 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
    [2013.01.09 13:55:04 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
    [2013.01.09 13:55:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
    [2013.01.09 13:55:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
    [2013.01.09 13:55:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
    [2013.01.09 13:55:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
    [2013.01.09 13:55:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
    [2013.01.09 13:55:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
    [2013.01.09 13:55:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
    [2013.01.09 13:55:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
    [2013.01.09 13:55:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2013.01.09 13:55:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2013.01.09 13:55:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2013.01.09 13:55:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2013.01.09 13:55:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2013.01.09 13:55:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013.01.09 13:55:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2013.01.09 13:55:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2013.01.09 13:55:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2013.01.09 13:55:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013.01.09 13:55:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2013.01.09 13:55:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2013.01.09 13:55:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2013.01.09 13:55:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013.01.09 13:55:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2013.01.09 13:55:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2013.01.09 13:55:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013.01.09 13:55:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013.01.09 13:55:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013.01.09 13:55:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013.01.09 13:55:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2013.01.09 13:55:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2013.01.09 13:55:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2013.01.09 13:54:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2013.01.09 13:54:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
    [2013.01.09 13:54:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
    [2013.01.09 13:54:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2013.01.09 13:54:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2013.01.09 13:54:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2013.01.09 13:54:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2013.01.09 13:54:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
    [2013.01.09 13:54:42 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
    [1 C:\Users\Name\Desktop\*.tmp files -> C:\Users\Name\Desktop\*.tmp -> ]
     
  6. OTL 1.6

    ========== Files - Modified Within 30 Days ==========

    [2013.01.30 20:55:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013.01.30 17:35:25 | 000,000,512 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 291d4281-ed11-4e49-bbff-c42dcccf077f.job
    [2013.01.30 17:35:25 | 000,000,512 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 1aa86882-4815-49ac-9277-c482c030ea07.job
    [2013.01.30 17:35:10 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013.01.30 16:27:20 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013.01.30 16:27:19 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013.01.30 16:19:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013.01.30 16:18:55 | 3113,365,504 | -HS- | M] () -- C:\hiberfil.sys
    [2013.01.29 18:13:15 | 000,001,034 | ---- | M] () -- C:\windows\SysNative\.crusader
    [2013.01.29 17:25:12 | 412,507,637 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2013.01.29 17:24:20 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
    [2013.01.28 23:30:17 | 000,000,151 | ---- | M] () -- C:\ProgramData\0tbpw.reg
    [2013.01.28 23:30:17 | 000,000,078 | ---- | M] () -- C:\ProgramData\0tbpw.bat
    [2013.01.26 15:17:08 | 000,001,016 | ---- | M] () -- C:\Users\Name\Desktop\Dropbox.lnk
    [2013.01.14 21:12:19 | 001,617,258 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013.01.14 21:12:19 | 000,695,412 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
    [2013.01.14 21:12:19 | 000,658,040 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013.01.14 21:12:19 | 000,146,452 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
    [2013.01.14 21:12:19 | 000,123,034 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013.01.11 06:58:09 | 000,435,224 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2013.01.09 13:56:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2013.01.09 13:56:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [1 C:\Users\Name\Desktop\*.tmp files -> C:\Users\Name\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013.01.30 17:35:25 | 000,000,512 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 291d4281-ed11-4e49-bbff-c42dcccf077f.job
    [2013.01.30 17:35:25 | 000,000,512 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 1aa86882-4815-49ac-9277-c482c030ea07.job
    [2013.01.30 17:35:10 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013.01.29 18:13:15 | 000,001,034 | ---- | C] () -- C:\windows\SysNative\.crusader
    [2013.01.29 17:23:20 | 412,507,637 | ---- | C] () -- C:\windows\MEMORY.DMP
    [2013.01.28 23:30:17 | 000,000,151 | ---- | C] () -- C:\ProgramData\0tbpw.reg
    [2013.01.28 23:30:17 | 000,000,078 | ---- | C] () -- C:\ProgramData\0tbpw.bat
    [2013.01.28 23:30:16 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad
    [2012.01.09 19:05:45 | 000,003,584 | ---- | C] () -- C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011.02.16 18:50:29 | 000,080,896 | ---- | C] () -- C:\windows\cadkasdeinst01.exe

    ========== ZeroAccess Check ==========

    [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    ThreadingModel = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    ThreadingModel = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    ThreadingModel = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    ThreadingModel = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    ThreadingModel = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >
     
  7. OTL Extra 1

    OTL Extras logfile created on: 30.01.2013 21:27:26 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Name\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    3,87 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,65% Memory free
    7,73 Gb Paging File | 5,93 Gb Available in Paging File | 76,71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 254,14 Gb Total Space | 84,99 Gb Free Space | 33,44% Space Free | Partition Type: NTFS
    Drive D: | 29,00 Gb Total Space | 21,72 Gb Free Space | 74,92% Space Free | Partition Type: NTFS

    Computer Name: Z560 | User Name: Name | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- %1 %*
    cmdfile [open] -- %1 %*
    comfile [open] -- %1 %*
    exefile [open] -- %1 %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation)
    InternetShortcut [open] -- C:\Windows\System32\rundll32.exe C:\Windows\System32\ieframe.dll,OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- C:\Windows\System32\rundll32.exe C:\Windows\System32\mshtml.dll,PrintHTML %1 (Microsoft Corporation)
    piffile [open] -- %1 %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- %1
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- %1 /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue %1 ()
    Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue %1 ()
    Directory [Winamp.Bookmark] -- C:\Program Files (x86)\Winamp\winamp.exe /BOOKMARK %1 (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- C:\Program Files (x86)\Winamp\winamp.exe /ADD %1 (Nullsoft, Inc.)
    Directory [Winamp.Play] -- C:\Program Files (x86)\Winamp\winamp.exe %1 (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- %1 %*
    cmdfile [open] -- %1 %*
    comfile [open] -- %1 %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe %1,%* (Microsoft Corporation)
    exefile [open] -- %1 %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation)
    piffile [open] -- %1 %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- %1
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- %1 /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue %1 ()
    Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue %1 ()
    Directory [Winamp.Bookmark] -- C:\Program Files (x86)\Winamp\winamp.exe /BOOKMARK %1 (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- C:\Program Files (x86)\Winamp\winamp.exe /ADD %1 (Nullsoft, Inc.)
    Directory [Winamp.Play] -- C:\Program Files (x86)\Winamp\winamp.exe %1 (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    VistaSp1 = 28 4D B2 76 41 04 CA 01 [binary data]
    AntiVirusOverride = 0
    AntiSpywareOverride = 0
    FirewallOverride = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    DisableNotifications = 0
    EnableFirewall = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    DisableNotifications = 0
    EnableFirewall = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    DisableNotifications = 0
    EnableFirewall = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    {0C4A804D-1AB4-4186-9996-C5F82E1308CD} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    {113811A8-8A96-4CA8-825A-97ADEDB92304} = lport=2869 | protocol=6 | dir=in | app=system |
    {223D22F3-EAD5-40C5-8471-CD73F8B20BEC} = rport=445 | protocol=6 | dir=out | app=system |
    {22BA3776-969F-4970-9470-AF941CC80980} = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    {26717517-68CD-4D12-8CA9-50F931106AD1} = rport=138 | protocol=17 | dir=out | app=system |
    {295356A8-DA79-41FA-97FF-95F325085268} = rport=139 | protocol=6 | dir=out | app=system |
    {2A755BBE-5320-4764-8279-002DC87693BC} = lport=445 | protocol=6 | dir=in | app=system |
    {30821B77-5779-48BE-AE1A-255D32EA228D} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    {32F09E4E-FC29-4747-8362-DB6F00DDB966} = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    {373907C8-CD5B-4498-B89C-EB7E183B7F5F} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    {47C9B3D0-FDD3-4DF7-A7BD-32CB4993B400} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    {50C34347-339F-4004-851C-0B52DCACA9B5} = lport=138 | protocol=17 | dir=in | app=system |
    {58918CA5-351C-453D-AB8A-E5EC949DA502} = lport=137 | protocol=17 | dir=in | app=system |
    {5A518687-EF35-4CDB-97E0-D4365C95233A} = lport=2869 | protocol=6 | dir=in | app=system |
    {5F0F6C50-96F1-43A0-B438-196AB46988CB} = lport=139 | protocol=6 | dir=in | app=system |
    {613FD252-0BD4-4856-B5C2-91F225B55C9A} = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    {75FC0AC6-2F65-4F9C-8C9E-A9D7F464307C} = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    {7A85DB09-B04F-4826-802D-016D42864F82} = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    {9B95B1C6-F031-4FB8-A3CE-DB544466B99F} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    {A29A414E-1063-4767-B234-B5B8E1327EB5} = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    {A381FFDC-0DB9-4707-B80A-FFC7C0D868BA} = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    {B6C9E12A-AE33-4285-861B-62C1CE4284C5} = rport=10243 | protocol=6 | dir=out | app=system |
    {F5EC5130-625B-4B22-A949-B0622BF12335} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    {F640B847-8F4A-4EC6-8614-BD0E9554C556} = lport=10243 | protocol=6 | dir=in | app=system |
    {F7825901-DF0B-4E6A-ACFB-33186050AA52} = rport=137 | protocol=17 | dir=out | app=system |
    {FE08F8F3-1FAB-4C55-BA6C-95D7E325D07F} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    {018FB98C-AB0C-4E5B-BF12-EA4B9D03388B} = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
    {0B090190-02B1-4105-B62B-F961F60F30C4} = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    {0B38122E-0CF2-4312-A0C0-94026E9B8279} = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    {0CEC6EEE-2514-46D5-BEA1-697F06B28304} = dir=out | app=c:\windows\system32\igrssvcs.exe |
    {105F6071-29B4-46C8-A043-1CFE5124F5FF} = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
    {134291FC-CFE1-4A81-850C-781BB52D9FF2} = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    {14A9BC83-8DDF-4E64-943A-81952E9140E3} = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
    {1930045A-4A04-4F6C-8296-A6BACD2C057D} = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    {1950620A-B22C-4D6A-AE74-31AFB1AEE46B} = protocol=6 | dir=out | app=system |
    {2788D115-0BDE-49F0-B2AB-0B67FBF4E31A} = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    {2E35FD0A-FC29-4B17-ADD9-F2492D7259E6} = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    {2ED58F9C-1A26-424F-AF61-09EF4A3DCEF4} = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
    {2FCCEF87-86C8-4278-BEE7-F2224E158BAD} = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
    {34622321-7B67-4F66-9D27-FFB86692BB6D} = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    {3550DD3C-E5AC-45F4-954B-C796EF15DD64} = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    {374BFDAD-1DA8-42E8-900A-D0BD76222F06} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    {38E1B9B4-8F89-465F-BC8B-453D6F074638} = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    {3AA63D2F-A1F9-4CC3-A169-974EC983195C} = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    {431D6E06-3A3C-4B08-9A30-05C9D70005A5} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    {432F8490-29E7-47B7-BF0B-3C29EA39B1D0} = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
    {4C097949-FE68-4907-8675-54F201AB460A} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    {4C174B98-A2A7-41B0-AAC4-FD93FA53995F} = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    {4D193A26-00BE-4844-8756-69B02DFFE520} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    {4E2A8968-1881-4B31-984F-A749A9CBC96F} = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
    {621AD2E5-1DB0-43C1-8B20-69A8ECEF6085} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    {65A3ED19-59EC-4512-BE86-691B828E07A2} = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    {6B011DB9-56FB-4B64-8579-AC6B6FDC478E} = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    {6B0D4364-7658-4FBC-8C13-A23554E71CBE} = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    {706D40F7-8EB7-4C0B-81AD-7FFF643F48B6} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    {7124B556-350C-44C6-971C-F01B1D1A03D4} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    {765E105C-6AE1-4DAA-BE15-33DFC25449F9} = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    {81C6DAD3-2C5D-4117-8CB5-AA6498964BB2} = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
    {8543656D-DE26-46A0-9AB4-B02B63E7AB08} = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe |
    {88847BE9-C8CC-4A4A-A9E5-619812121281} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    {890AC638-A86D-4DF0-AB7F-391E4BC168EF} = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
    {A3A63CAF-2EC1-4F03-B47E-1553537981FE} = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    {A55E5FCA-5486-469C-9834-BC9975CDA8F8} = dir=in | app=c:\windows\system32\igrssvcs.exe |
    {B2841182-97FB-45FA-B720-43D847364745} = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
    {BB7A92B2-9D0D-47B4-965B-FF376CFBC835} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    {C775ED37-1303-4C0F-8E5D-895655585E4A} = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    {CE87D54E-B7FB-4B73-8C78-6BD0B4115811} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    {D179AAA9-77D4-4265-9347-EE055CC6E2B2} = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    {D17C7211-900A-4537-9476-C6FBAB38E437} = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
    {EED30367-3DB7-4838-86E7-A1CC54BEE943} = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    {F36F059F-C94A-44EF-995C-A24F49958FC3} = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    {F71C8F1D-090D-4E8B-8871-0B8E4BABDD4D} = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    TCP Query User{02A15A23-6C8B-4F23-A4F6-1A0237DA0A6A}C:\program files (x86)\winamp\winamp.exe = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    TCP Query User{82C18CFD-EC5A-43B6-B2F6-228CBF67FFA8}C:\program files (x86)\winamp\winamp.exe = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    UDP Query User{2250E930-C38B-40E1-B96D-6E79517F6443}C:\program files (x86)\winamp\winamp.exe = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    UDP Query User{339EA666-4B61-41B2-A335-143088510E7F}C:\program files (x86)\winamp\winamp.exe = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
     
  8. OTL Extra 2

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    {071c9b48-7c32-4621-a0ac-3f809523288f} = Microsoft Visual C++ 2005 Redistributable (x64)
    {0E5D76AD-A3FB-48D5-8400-8903B10317D3} = iTunes
    {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series = Canon MP560 series MP Drivers
    {1280E900-35DA-4E08-A700-B79A5B2B8532} = Microsoft Antimalware Service DE-DE Language Pack
    {26A24AE4-039D-4CA4-87B4-2F86416023FF} = Java(TM) 6 Update 23 (64-bit)
    {26A24AE4-039D-4CA4-87B4-2F86417004FF} = Java(TM) 7 Update 4 (64-bit)
    {46F4D124-20E5-4D12-BE52-EC177A7A4B42} = Lenovo OneKey Recovery
    {6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} = Bonjour
    {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight
    {90140000-002A-0000-1000-0000000FF1CE} = Microsoft Office Office 64-bit Components 2010
    {90140000-002A-0407-1000-0000000FF1CE} = Microsoft Office Shared 64-bit MUI (German) 2010
    {95120000-00B9-0409-1000-0000000FF1CE} = Microsoft Application Error Reporting
    {9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD} = Microsoft SQL Server Native Client
    {9E9D49A4-1DF4-4138-B7DB-5D87A893088E} = Lenovo Bluetooth with Enhanced Data Rate Software
    {ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} = Microsoft Visual C++ 2005 Redistributable (x64)
    {B636C9B9-A3F2-4DCE-ADCC-72E095018385} = Microsoft SQL Server VSS Writer
    {B6E3757B-5E77-3915-866A-CCFC4B8D194C} = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    {C78D3032-9DFD-41D0-9DE9-58EAE750CBA4} = Microsoft Security Client
    {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} = SUPERAntiSpyware
    {D70884EA-E2CE-4539-91DB-4766CC1E5F5F} = Apple Mobile Device Support
    {DC911ADF-7B60-40F2-A112-FB1EB6402D07} = Microsoft Security Client DE-DE Language Pack
    0A4175B489A1B4A6E07E11B063A6263480C51D71 = Windows-Treiberpaket - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
    3BA80AB4C7E9F8497C115C844953A3D4BEB84D21 = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1 = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    6B8550A319DDC8B17F35F4A89988705E4592349B = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
    CNXT_AUDIO_HDA = Conexant HD Audio
    Lenovo EasyCamera = Lenovo EasyCamera
    Microsoft .NET Framework 4 Client Profile = Microsoft .NET Framework 4 Client Profile
    Microsoft Security Client = Microsoft Security Essentials
    NVIDIA Drivers = NVIDIA Drivers
    SynTPDeinstKey = Synaptics Pointing Device Driver
    WinRAR archiver = WinRAR

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    {01FB4998-33C4-4431-85ED-079E3EEFE75D} = CyberLink YouCam
    {0CE226F3-EB27-4ECD-BBF5-F088716779FD} = Energy Management
    {17542DBF-E17C-4562-BC4D-FA3EF3076C45} = Lenovo ReadyComm 5
    {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = YTD Video Downloader 3.9
    {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    {205C6BDD-7B73-42DE-8505-9A093F35A238} = Windows Live-Uploadtool
    {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} = MSVCRT
    {26A24AE4-039D-4CA4-87B4-2F83216035FF} = Java(TM) 6 Update 37
    {2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    {2BA722D1-48D1-406E-9123-8AE5431D63EF} = Windows Live Fotogalerie
    {3B4E636E-9D65-4D67-BA61-189800823F52} = Windows Live Communications Platform
    {3E29EE6C-963A-4aae-86C1-DC237C4A49FC} = Intel(R) Rapid Storage Technology
    {3EFEF049-23D4-4B46-8903-4592FEA51018} = Windows Live Movie Maker
    {40BF1E83-20EB-11D8-97C5-0009C5020658} = Power2Go
    {41E654A9-26D0-4EAC-854B-0FA824FFFABB} = Windows Live Messenger
    {4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
    {4cb9f93c-9edc-4be9-ae61-af128ddbecfa} = Business Contact Manager für Outlook 2007 SP2
    {50120000-1105-0000-0000-0000000FF1CE} = Microsoft Office 2007 Primary Interop Assemblies
    {52B97218-98CB-4B8B-9283-D213C85E1AA4} = Windows Live Anmelde-Assistent
    {53F5C3EE-05ED-4830-994B-50B2F0D50FCE} = Microsoft SQL Server Setup Support Files (English)
    {5FC68772-6D56-41C6-9DF1-24E868198AE6} = Windows Live Call
    {65153EA5-8B6E-43B6-857B-C6E4FC25798A} = Intel(R) Management Engine Components
    {65DA2EC9-0642-47E9-AAE2-B5267AA14D75} = Activation Assistant for the 2007 Microsoft Office suites
    {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} = Microsoft Visual C++ 2005 Redistributable
    {76618402-179D-4699-A66B-D351C59436BC} = Windows Live Sync
    {76C66170-C538-4E77-B54D-48E136B5B533} = Lenovo ReadyComm 5.0 Service
    {770657D0-A123-3C07-8E44-1C83EC895118} = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} = Apple Software Update
    {86CE85E6-DBAC-3FFD-B977-E4B79F83C909} = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    {8833FFB6-5B0C-4764-81AA-06DFEED9A476} = Realtek Ethernet Controller Driver For Windows 7
    {8991E763-21F5-4DEA-A938-5D9D77DCB488} = Broadcom 802.11 Wireless Driver
    {8A74E887-8F0F-4017-AF53-CBA42211AAA5} = Microsoft Sync Framework Runtime Native v1.0 (x86)
    {90140000-0011-0000-0000-0000000FF1CE} = Microsoft Office Professional Plus 2010
    {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-0015-0407-0000-0000000FF1CE} = Microsoft Office Access MUI (German) 2010
    {90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-0016-0407-0000-0000000FF1CE} = Microsoft Office Excel MUI (German) 2010
    {90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-0018-0407-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (German) 2010
    {90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-0019-0407-0000-0000000FF1CE} = Microsoft Office Publisher MUI (German) 2010
    {90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-001A-0407-0000-0000000FF1CE} = Microsoft Office Outlook MUI (German) 2010
    {90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-001B-0407-0000-0000000FF1CE} = Microsoft Office Word MUI (German) 2010
    {90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-001F-0407-0000-0000000FF1CE} = Microsoft Office Proof (German) 2010
    {90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2010
    {90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2010
    {90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-001F-0410-0000-0000000FF1CE} = Microsoft Office Proof (Italian) 2010
    {90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-002C-0407-0000-0000000FF1CE} = Microsoft Office Proofing (German) 2010
    {90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-0044-0407-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (German) 2010
    {90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-006E-0407-0000-0000000FF1CE} = Microsoft Office Shared MUI (German) 2010
    {90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-00A1-0407-0000-0000000FF1CE} = Microsoft Office OneNote MUI (German) 2010
    {90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90140000-00BA-0407-0000-0000000FF1CE} = Microsoft Office Groove MUI (German) 2010
    {90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601} = Microsoft Office 2010 Service Pack 1 (SP1)
    {90A40407-6000-11D3-8CFE-0150048383C9} = Microsoft Office 2003 Web Components
    {96AE7E41-E34E-47D0-AC07-1091A8127911} = Realtek USB 2.0 Card Reader
    {9BE518E6-ECC6-35A9-88E4-87755C07200F} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    {A617953D-210A-4523-B63B-0E34D5C93A27} = YTD Toolbar v6.7
    {A939D341-5A04-4E0A-BB55-3E65B386432D} = Microsoft Office Small Business Connectivity Components
    {AC76BA86-7AD7-1031-7B44-A90100000001} = Adobe Reader 9.0.1 - Deutsch
    {AC76BA86-7AD7-5670-0000-900000000003} = Korean Fonts Support For Adobe Reader 9
    {AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A} = QuickTime
    {B2164CCB-C002-4B80-8550-7535D80DF237} = Lenovo DirectShare
    {B3DAF54F-DB25-4586-9EF1-96D24BB14088} = Windows Movie Maker 2.6
    {B4089055-D468-45A4-A6BA-5A138DD715FC} = Bing Bar
    {BD64AF4A-8C80-4152-AD77-FCDDF05208AB} = Microsoft Sync Framework Services Native v1.0 (x86)
    {C4D738F7-996A-4C81-B8FA-C4E26D767E41} = Windows Live Mail
    {CCE825DB-347A-4004-A186-5F4A6FDD8547} = Apple Application Support
    {D6C630BF-8DBB-4042-8562-DC9A52CB6E7E} = Intel(R) Turbo Boost Technology Driver
    {DFB19121-0609-49C1-92B1-546E5A940FE8} = Onekey Theater
    {E0A4805D-280A-4DD7-9E74-3A5F85E302A1} = Windows Live Writer
    {E2DFE069-083E-4631-9B6C-43C48E991DE5} = Junk Mail filter update
    {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} = Microsoft SQL Server 2005 Compact Edition [ENU]
    {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    {F0E12BBA-AD66-4022-A453-A1C8A0C4D570} = Microsoft Choice Guard
    {F8A9085D-4C7A-41a9-8A77-C8998A96C421} = Intel(R) Control Center
    {F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} = Windows Live Essentials
    {FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D} = Lenovo EasyCamera
    Activation Assistant for the 2007 Microsoft Office suites = Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player Plugin = Adobe Flash Player 11 Plugin
    AudibleManager = AudibleManager
    Avira AntiVir Desktop = Avira Antivirus Premium
    Business Contact Manager = Business Contact Manager für Outlook 2007 SP2
    Canon MP560 series Benutzerregistrierung = Canon MP560 series Benutzerregistrierung
    CanonMyPrinter = Canon Utilities My Printer
    CanonSolutionMenu = Canon Utilities Solution Menu
    Easy-PhotoPrint EX = Canon Utilities Easy-PhotoPrint EX
    InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} = CyberLink YouCam
    InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42} = Lenovo OneKey Recovery
    InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237} = Lenovo DirectShare
    Malwarebytes' Anti-Malware_is1 = Malwarebytes Anti-Malware Version 1.70.0.1100
    McAfee Security Scan = McAfee Security Scan Plus
    Microsoft SQL Server 2005 = Microsoft SQL Server 2005
    Mozilla Firefox 15.0.1 (x86 de) = Mozilla Firefox 15.0.1 (x86 de)
    MozillaMaintenanceService = Mozilla Maintenance Service
    MP Navigator EX 3.0 = Canon MP Navigator EX 3.0
    Office14.PROPLUS = Microsoft Office Professional Plus 2010
    VeriFace = VeriFace
    VLC media player = VLC media player 1.1.7
    Winamp = Winamp
    WinLiveSuite_Wave3 = Windows Live Essentials
    XMind = XMind


    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    Dropbox = Dropbox
    Winamp Detect = Winamp Erkennungs-Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10.03.2012 10:44:22 | Computer Name = Z560 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 11263

    Error - 10.03.2012 10:44:22 | Computer Name = Z560 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 11263

    Error - 10.03.2012 10:44:23 | Computer Name = Z560 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10.03.2012 10:44:23 | Computer Name = Z560 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 12262

    Error - 10.03.2012 10:44:23 | Computer Name = Z560 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 12262

    Error - 10.03.2012 10:44:24 | Computer Name = Z560 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10.03.2012 17:17:16 | Computer Name = Z560 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 13401

    Error - 10.03.2012 17:17:16 | Computer Name = Z560 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 13401

    Error - 11.03.2012 06:54:12 | Computer Name = Z560 | Source = SideBySide | ID = 16842787
    Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files
    (x86)\Windows Live\Photo Gallery\MovieMaker.Exe. Fehler in Manifest- oder Richtliniendatei
    C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL in Zeile 8. Die
    im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
    überein. Verweis: WLMFDS,processorArchitecture=AMD64,type=win32,version=1.0.0.1.
    Definition:
    WLMFDS,processorArchitecture=x86,type=win32,version=1.0.0.1. Verwenden Sie
    das Programm sxstrace.exe für eine detaillierte Diagnose.

    Error - 11.03.2012 06:54:14 | Computer Name = Z560 | Source = SideBySide | ID = 16842787
    Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files
    (x86)\Windows Live\Photo Gallery\MovieMaker.Exe. Fehler in Manifest- oder Richtliniendatei
    C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL in Zeile 8. Die
    im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
    überein. Verweis: WLMFDS,processorArchitecture=AMD64,type=win32,version=1.0.0.1.
    Definition:
    WLMFDS,processorArchitecture=x86,type=win32,version=1.0.0.1. Verwenden Sie
    das Programm sxstrace.exe für eine detaillierte Diagnose.

    [ System Events ]
    Error - 30.01.2013 11:17:39 | Computer Name = Z560 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst Avira Email Schutz ist vom Dienst Avira Echtzeit-Scanner
    abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066

    Error - 30.01.2013 11:17:39 | Computer Name = Z560 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst Avira Browser-Schutz ist vom Dienst Avira Echtzeit-Scanner
    abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066

    Error - 30.01.2013 11:17:49 | Computer Name = Z560 | Source = DCOM | ID = 10016
    Description =

    Error - 30.01.2013 11:19:10 | Computer Name = Z560 | Source = Service Control Manager | ID = 7024
    Description = Der Dienst Avira Planer wurde mit folgendem dienstspezifischem Fehler
    beendet: %%305.

    Error - 30.01.2013 11:19:10 | Computer Name = Z560 | Source = Service Control Manager | ID = 7024
    Description = Der Dienst Avira Echtzeit-Scanner wurde mit folgendem dienstspezifischem
    Fehler beendet: %%303.

    Error - 30.01.2013 11:20:01 | Computer Name = Z560 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst Avira Email Schutz ist vom Dienst Avira Echtzeit-Scanner
    abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066

    Error - 30.01.2013 11:20:01 | Computer Name = Z560 | Source = Service Control Manager | ID = 7001
    Description = Der Dienst Avira Browser-Schutz ist vom Dienst Avira Echtzeit-Scanner
    abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066

    Error - 30.01.2013 11:20:11 | Computer Name = Z560 | Source = DCOM | ID = 10016
    Description =

    Error - 30.01.2013 11:22:11 | Computer Name = Z560 | Source = Service Control Manager | ID = 7000
    Description = Der Dienst ReadyComm.DirectRouter wurde aufgrund folgenden Fehlers
    nicht gestartet: %%2

    Error - 30.01.2013 12:14:13 | Computer Name = Z560 | Source = bowser | ID = 8003
    Description =


    < End of report >
     
  9. HJT-Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:31:06, on 30.01.2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Users\name\Downloads\HiJackThis204.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://lenovo.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...=http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.7\ytdToolbarIE.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.7\ytdToolbarIE.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (file missing)
    O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.7\ytdToolbarIE.dll
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] C:\Program Files (x86)\Windows Live\Installer\wlstart.exe /nosearch /nohomepage (User->SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] C:\Program Files (x86)\Windows Live\Installer\wlstart.exe /nosearch /nohomepage (User->Default user')
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra->Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra->Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra->Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O9 - Extra->Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: Avira Email Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
    O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    O23 - Service: Dienst Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
    O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11211 bytes
     
  10. System neu aufsetzen, Antivirus installieren und updaten, Datensicherung zurückspielen.

    Alles andere ist grob fahrlässig! Wer weiß, was sich auf dem Rechner sonst noch so tummelt und über das Internet vielleicht sogar andere Rechner angreift.
    Von den Problemen, die ein Entfernen von Schadsoftware mit sich bringen kann (siehe aktuelle Symptome) mal ganz abgesehen.

    Anschließend ein Image der Systempartition machen - spart ggf. das nächste Mal viel Zeit!
    Imagedatei getrennt vom PC sicher verwahren.
     
Die Seite wird geladen...

wpbt0.dll - nach GVU Trojaner - Ähnliche Themen

Forum Datum
EXE-Dateien nach einer Zeit nicht mehr ausführbar Windows 8 Forum Gestern um 21:21 Uhr
Sperrbildschirm springt nach 3 min an Windows 10 Forum 18. Nov. 2016
Schwarzer Bildschirm nach Update auf Windows 10 Version 1607 Windows 10 Forum 4. Nov. 2016
nach eine Komplette Hardware-Wechsel kann ich meine Win 10Pro Lizenz wider aktivieren? Windows 10 Forum 20. Okt. 2016
Bug (nach Windows 10 update) Windows 10 Forum 5. Okt. 2016