Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 06.01.2012, 23:33   #1
mauzinchen
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



Liebes Trojaner-Board-Team!
Leider habe ich mir den Trojaner eingefangen, der den Bildschirm schwärzt und um die Zahlung von 50€ bittet (Aus Sicherheitsgründen wurde ihr Windows-System gesperrt usw.)
Ich bin jetzt im abgesicherten Modus unterwegs. Eine Systemwiederherstellung habe ich bereits probiert, nach dem Neustart wurde mir jedoch angezeigt, dass diese gescheitert sei. Auch ein zweiter Versuch brachte nichts. Avira hat auch nichts gefunden.
Nur seid ihr meine Hoffnung. Meine Daten habe ich gesichert, aber ich würde lieber von einer Neuinstallation von Windows absehen, da ich einige Programm-CDs nicht hier habe (Die sind ja hier im "Programme-Ordner, aber ich weiß nicht, ob das was nützt?) Außerdem hab ich keine Recovery CD, sondern eine Partition und ich weiß ebenfalls nicht, wie man das benutzt...
Da wohl schon viele andere das Problem hatten, könnt ihr mir vielleicht helfen :-)
P.S: Ich nutze Windows Vista

Alt 07.01.2012, 00:34   #2
Larusso
/// Selecta Jahrusso
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich innerhalb der nächsten 3 Tage keine Antwort, auf diesen sowie allen weiteren Antworten, von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.


Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Downloade dir bitte srep.exe und speichere diese auf einen USB Stick.
Wichtig: Nicht in einen Ordner speichern.
  • Starte den infizierten Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste. Danach solltest Du einige Optionen zur Auswahl haben. Navigiere mit den Pfeiltasten zu Abgesicherter Modus mit Eingabeaufforderung und drücke Enter
    ** Hinweis: Es kann sein, dass eine andere F Taste gedrückt werden muss, um in die Startoptionen zu kommen.
  • Logge dich nun in das infizierte Benutzerkonto ein.
  • Schließe den USB Stick an den infizierten Rechner an.
  • Nun ist etwas Handarbeit gefragt.
    • Du musst zuerst heraus finden, welchen Laufwerksbuchstaben der USB Stick hat.
    • Dazu gib bitte einfach E: ein und drücke Enter. Sollte folgende Meldung kommen.
      Zitat:
      Das System kann das angegeben Laufwerk nicht finden
      versuche einen anderen Laufwerksbuchstaben. ( zB F: )
  • Sobald Du den richtigen Laufwerksbuchstaben gefunden hast, gib folgendes ein und drücke Enter.
    start srep.exe
  • Drücke nun auf Scan.
  • Lass das Tool in Ruhe laufen. Der Rechner wird automatisch neu starten.
Auf deinen USB Stick befindet sich eine shell.txt. Bitte poste diese in deiner nächsten Antwort.

Hinweis: Es ist gut möglich, dass du bereits nach dem Scan wieder auf deinen Rechner zugreifen kannst.
__________________

__________________

Alt 07.01.2012, 00:45   #3
mauzinchen
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



Danke Daniel, ich werde das gleich morgen Vormittag durchführen.
Ich bin ja schon im abgesicherten Modus, der funktioniert soweit. Um die Datei runterzuladen und am Stick zu speichern, muss ich da in den normalen Modus wechseln oder kann ich das gleich so machen? Der normale Modus geht halt nur ohne Internet.
Edit: Du schreibst abgesicherter Modus mit Eingabeaufforderung. Kann ich auch den mit Netzwerk wählen? Der funktioniert soweit und schein recht benutzerfreundlich zu sein :-)
__________________

Alt 07.01.2012, 00:50   #4
Larusso
/// Selecta Jahrusso
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



Abgesicherter Modus mit Netzwerktreibern. Nimm das mal und wenn der läuft, vergiss die Anleitung von oben.


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Wenn der Scan beendet wurde, wird sich ein Textdokument öffnen.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 07.01.2012, 11:58   #5
mauzinchen
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



Morgen :-)

Habe Otl durchlaufen lassen und die beiden Dateien geöffnet. Kann ich die dateien hier auch anhängen? Der Inhalt ist ja vllt etwas sehr lang.


Alt 07.01.2012, 12:09   #6
mauzinchen
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



Ah ich sehe, probiere mal das Code-Tag.
Hier die OTL:
Code:
ATTFilter
OTL logfile created on: 07.01.2012 11:39:26 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 83,37% Memory free
6,18 Gb Paging File | 5,87 Gb Available in Paging File | 95,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,45 Gb Total Space | 46,99 Gb Free Space | 34,44% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,77 Gb Free Space | 57,68% Space Free | Partition Type: NTFS
 
Computer Name: SARAHS-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.07 11:33:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL (1).exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.05.11 00:50:00 | 000,017,024 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\ViewerPS.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011.06.29 02:20:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 20:01:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.05 22:23:48 | 000,222,568 | ---- | M] (Teruten) [Auto | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.11.27 16:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.09.11 11:27:39 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.04.28 15:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.11.12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.04.19 14:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.29 02:20:51 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 02:20:51 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.12.21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 06:55:02 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010.12.21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.12.21 06:55:02 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010.12.21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.12.21 06:55:02 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.13 09:13:52 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2009.07.12 04:16:00 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.06.23 13:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.05.04 10:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.03.06 08:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.11.12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=5080911
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.westernunion.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 EF 78 2B 64 F7 C9 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.westernunion.de/"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - user.js..browser.startup.homepage: "hxxp://www.westernunion.de/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.07 17:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.11 13:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.18 22:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.18 22:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.10.18 22:10:51 | 000,000,000 | ---D | M]
 
[2010.09.08 10:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2010.09.08 10:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008.09.22 15:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\extensions
[2008.09.22 15:44:17 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.12.03 22:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\3qib48nw.default\extensions
[2010.06.27 14:05:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\3qib48nw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.03 22:47:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\3qib48nw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.20 19:22:18 | 000,002,101 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\3qib48nw.default\searchplugins\googlede.xml
[2011.12.11 13:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.11 13:25:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.11 13:25:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.11 13:25:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.11 13:25:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.11 13:25:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.11 13:25:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.11 13:25:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: AT_AnnaSui = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_0\
CHR - Extension: Google-Suche = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Lincmediaplayer) - {fbaa6932-b59b-4854-8041-27a233394ba3} - C:\Program Files\screensaver\screensaver\adxloader.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {b6bb2c0a-8d74-4664-a1cd-103bd9a69de9} - C:\Program Files\screensaver\screensaver\adxloader.dll File not found
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLX3180_Scan2Pc] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Omnipage] C:\Programme\ScanSoft\TextBridgePro11.0\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{ECA90706-7FF8-11DD-BB15-806E6F6E6963}] C:\Users\Sarah\AppData\Roaming\Microsoft\loadhst.exe (The Pidgin developer community)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D5F74B4-90F3-4138-9F8C-56DEB244F45D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79EEE1DB-BBCA-443D-8726-D8FE9380097C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0625642-A9E2-4B40-BA6F-97350C96DF31}: DhcpNameServer = 193.254.160.1 10.74.83.22
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08e9d38c-cc4b-11de-ac3c-00219bdd3f74}\Shell - "" = AutoRun
O33 - MountPoints2\{08e9d38c-cc4b-11de-ac3c-00219bdd3f74}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{5636feed-16c3-11de-b601-00219bdd3f74}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O33 - MountPoints2\{70c0d010-95f1-11e0-b836-00219bdd3f74}\Shell - "" = AutoRun
O33 - MountPoints2\{70c0d010-95f1-11e0-b836-00219bdd3f74}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{70c0d051-95f1-11e0-b836-00219bdd3f74}\Shell - "" = AutoRun
O33 - MountPoints2\{70c0d051-95f1-11e0-b836-00219bdd3f74}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk - C:\Programme\Dell\QuickSet\quickset.exe - (Dell Inc.)
MsConfig - StartUpFolder: C:^Users^Sarah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - C:\Programme\Dell\DellDock\DellDock.exe - (Stardock Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= -  File not found
MsConfig - StartUpReg: dscactivate - hkey= - key= -  File not found
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\DELL\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: Google Quick Search Box - hkey= - key= -  File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: lxczbmgr.exe - hkey= - key= - C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.07 11:33:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL (1).exe
[2011.12.31 19:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2011.12.31 19:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\simfy
[2011.12.22 16:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2008.09.21 17:46:50 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2008.09.21 17:46:50 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2008.09.21 17:46:50 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2008.09.21 17:46:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2008.09.21 17:46:49 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2008.09.21 17:46:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2008.09.21 17:46:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2008.09.21 17:46:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2008.09.21 17:46:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2008.09.21 17:46:48 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2008.09.21 17:46:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2008.09.21 17:46:48 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2008.09.21 17:46:48 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2008.09.21 17:46:48 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2008.09.21 17:46:47 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.07 11:34:22 | 000,625,804 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.07 11:34:22 | 000,593,614 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.07 11:34:22 | 000,125,804 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.07 11:34:22 | 000,103,428 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.07 11:33:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL (1).exe
[2012.01.07 11:30:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.07 11:26:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 11:26:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.07 11:26:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 11:26:51 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.01.07 11:26:43 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.01.06 23:12:47 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373455535-416975833-342867069-1000UA.job
[2012.01.06 23:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.06 22:30:40 | 000,389,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.06 22:20:13 | 000,001,356 | ---- | M] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2012.01.06 12:46:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.01.05 23:14:36 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373455535-416975833-342867069-1000Core.job
[2012.01.05 17:35:29 | 000,002,631 | ---- | M] () -- C:\Users\Sarah\Desktop\Microsoft Office Word 2007.lnk
[2012.01.05 15:03:59 | 000,012,056 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\SmarThruOptions.xml
[2011.12.31 19:47:32 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk
[2011.12.31 16:42:50 | 000,296,645 | ---- | M] () -- C:\Users\Sarah\Documents\Rechnung Dezember R-Call.pdf
[2011.12.22 16:36:22 | 000,001,655 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.12.22 16:36:22 | 000,001,640 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2011.12.16 19:30:00 | 000,002,044 | ---- | M] () -- C:\Users\Sarah\Desktop\Google Chrome.lnk
[2011.12.11 13:22:45 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.31 16:42:50 | 000,296,645 | ---- | C] () -- C:\Users\Sarah\Documents\Rechnung Dezember R-Call.pdf
[2011.12.22 16:36:22 | 000,001,655 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.12.22 16:36:22 | 000,001,640 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2011.11.17 14:30:07 | 000,012,056 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\SmarThruOptions.xml
[2011.11.17 14:29:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2011.11.17 14:28:20 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2011.11.17 14:28:15 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2011.11.17 14:22:50 | 000,482,408 | ---- | C] () -- C:\Windows\SSndii.exe
[2011.11.17 14:20:26 | 000,124,792 | ---- | C] () -- C:\Windows\Wiainst.exe
[2011.06.22 10:43:30 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sst2cl3.dll
[2011.04.29 03:48:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2011.04.29 03:48:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2011.04.29 03:48:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2011.04.29 03:48:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2011.01.07 16:17:24 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.01.07 16:17:24 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.01.04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.10.21 20:49:20 | 000,000,583 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.06.26 23:14:07 | 000,000,600 | ---- | C] () -- C:\Users\Sarah\AppData\Local\PUTTY.RND
[2010.04.11 19:27:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.03 22:29:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.02 09:17:13 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.09.11 13:00:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 13:00:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.17 10:04:38 | 000,001,356 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2008.09.21 17:46:50 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2008.09.21 17:46:50 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2008.09.20 16:40:38 | 000,000,100 | ---- | C] () -- C:\Windows\lexstat.ini
[2008.09.18 16:10:22 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2008.09.18 16:10:22 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2008.09.18 16:10:22 | 000,000,149 | ---- | C] () -- C:\Windows\KPCMS.INI
[2008.09.17 18:12:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.09.17 18:12:30 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.09.16 15:05:29 | 000,037,888 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.16 14:58:41 | 000,001,248 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
[2008.09.16 14:35:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.11 20:55:43 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.09.11 20:55:42 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.09.11 20:55:42 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.09.11 20:55:42 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.09.11 20:55:42 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.09.11 20:55:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.02.06 07:51:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.01.21 08:15:58 | 000,625,804 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,125,804 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.02.07 17:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007.01.22 08:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006.12.09 04:54:38 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugg1l3.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,389,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,593,614 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,428 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.06.07 13:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006.03.27 11:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006.03.07 11:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006.01.10 17:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006.01.10 17:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[1999.01.23 02:46:26 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2009.02.21 19:30:16 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canneverbe_Limited
[2011.06.03 22:43:13 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Cocoon Software
[2011.12.03 22:47:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoft
[2011.12.03 22:47:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.28 12:36:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Epudnu
[2009.10.03 18:10:30 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\GlarySoft
[2011.06.03 22:59:09 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\gtk-2.0
[2010.12.04 15:30:19 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ICQ
[2011.06.03 23:09:14 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\IrfanView
[2011.05.25 13:03:43 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\PCDr
[2011.06.03 22:30:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\RawTherapee
[2011.01.07 16:14:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Samsung
[2010.10.21 20:50:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ScanSoft
[2011.07.25 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Simfy
[2009.12.02 19:00:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TeamViewer
[2008.09.16 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Template
[2010.09.08 10:04:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird
[2011.10.21 11:24:38 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Uznyud
[2011.02.14 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WordToPDF
[2012.01.07 11:26:51 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011.12.11 13:22:45 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.01.06 22:54:26 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.07 11:26:43 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.09.16 14:18:36 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.06.25 15:57:01 | 000,000,000 | ---D | M] -- C:\aa4de2fe928cdcab241f81
[2011.03.31 02:41:58 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.12.31 19:47:33 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2008.09.16 15:52:42 | 000,000,000 | ---D | M] -- C:\DELL
[2008.03.10 14:17:18 | 000,000,000 | ---D | M] -- C:\doctemp
[2008.09.16 14:14:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.09.21 17:42:32 | 000,000,000 | ---D | M] -- C:\Drivers
[2008.10.04 16:12:06 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2008.09.18 16:10:22 | 000,000,000 | ---D | M] -- C:\KPCMS
[2009.04.20 19:07:33 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.31 19:47:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.01 19:44:45 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.09.16 14:14:05 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.06 22:53:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.05 20:35:01 | 000,000,000 | ---D | M] -- C:\temp
[2008.09.16 14:17:10 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.06 22:58:47 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-06 11:23:35
 
<           >

< End of report >
         
Und Extras:
Code:
ATTFilter
OTL Extras logfile created on: 07.01.2012 11:39:26 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 83,37% Memory free
6,18 Gb Paging File | 5,87 Gb Available in Paging File | 95,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,45 Gb Total Space | 46,99 Gb Free Space | 34,44% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,77 Gb Free Space | 57,68% Space Free | Partition Type: NTFS
 
Computer Name: SARAHS-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032338F6-2E61-4CA9-B002-AE5540775455}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{2714E2ED-7608-4B1F-B241-3CEE1B0BF916}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{398F0288-5038-4F43-8B14-ACB705F56703}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{72DD82F3-8D84-4B0E-9EF9-DED81984D4E7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{932783C2-71BA-49CB-8C19-E4DEB2C3E260}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AB39AED5-967B-4907-A3E1-E581926A2884}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AFCCFB05-D4B1-4082-9124-A67E2695EFCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C311CA07-B4A4-4471-B9F4-421BE5AD54EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D17E21AB-970C-420C-9608-968BA37B9F4F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0672C694-A01F-4C62-A8C4-BD6C1DC3F62F}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{0B283CBE-AFD2-4702-B83E-58E621785384}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\local\temp\insb27a\setup\bin\maininst.exe | 
"{12566401-C2F5-4569-82D2-B552E0F240D5}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{20DE5B43-C8DB-4AA5-B797-6E02112CA846}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{210E026D-A7F2-4F01-A0D5-C9E84CC4F297}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3180\sscan2io.exe | 
"{21376087-2FB0-4409-9EB8-D64ECF438641}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{27DCF0B2-F2EF-4A4E-B768-3EA97BA4241E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3173B81B-EBF6-46D3-8D9D-B634BC841F02}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5AD4F6CC-6BF8-464B-B835-B583DE7D352D}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3180\sscan2io.exe | 
"{5EAB0DA7-0C74-4EAE-9E3E-9201AA316258}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3180\scan2pc.exe | 
"{65B17E1D-3B88-427A-B5A4-281066500367}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe | 
"{72660AB1-588C-47CC-8F3B-D80FDB79CE8E}" = protocol=6 | dir=in | app=c:\program files\scan assistant\usdagent.exe | 
"{81776548-03B0-4D5A-964C-312BC84598A7}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\local\temp\insb27a\setup\bin\maininst.exe | 
"{8584D45F-F1DE-48DE-94DF-CE2FA7237D67}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{8D848421-928A-44D1-8B5E-0E133C24722A}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{8ED08F09-3D41-4BFC-BFC0-7C619C8E5D20}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D91E14A-696F-48DF-8C33-0795D922465F}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9DED20CA-A80E-4D96-B439-14F28FFF3763}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A13311C2-7589-4B01-9B5A-653670AC0AB2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{B4C5A24E-59C3-4FA5-A3F6-2CA62ED65564}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{BA697C97-BCD2-411C-9FCF-1C8F80172677}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3180\scan2pc.exe | 
"{BEA623F5-6067-4047-BC78-953A604FC770}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C59BB2CC-F181-4576-8AD7-357ABF3630DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D2046B22-B40C-4F51-AC85-88CE9397E175}" = protocol=17 | dir=in | app=c:\program files\scan assistant\usdagent.exe | 
"{D4F7649D-7F98-401C-B668-FFFDFB89C216}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{D6DF0C0C-8F2A-45E8-8040-B637EFC5391B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D7A1E2C1-6A3F-447A-89C4-F6032F4FDEB1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{D9AF0B52-AD0F-4220-8F2B-0253986B9D4D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{E0BF0144-FD56-499F-893E-976ED206C527}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E5FE6134-3727-4266-B1F3-40141DA369BE}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{ECCBA913-217B-4DC7-A881-4253B97B2BDA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe | 
"{F34E7412-40D6-4698-BD43-F1618CF12553}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{1F52E775-BEA6-4BA4-851A-2718B5A59F9C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2673A41E-435F-4E29-8EAE-C1A7C68DEACA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{40E7A5DF-EEE7-4BA6-91A5-A202F3B12023}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{64558183-9674-45CA-978B-7D1D31E53AD3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{8B24DE95-8703-47C4-A0CE-4209F6DA9602}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{9E5A1780-6D66-4078-B9CB-C8671CDE00D0}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{EC2CA10E-6DBB-4F8F-8AD6-7F6ACBB1B0F4}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{FCAC23C1-3B78-476F-9B7D-5FC668FE6B4F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{0ED87BFA-A344-4359-AD67-E58EE5C7E59B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{3E1086A1-D9DC-4B84-8D35-6E48C37CD871}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{935CDB31-B206-4006-B471-E7577DDD46B3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{9FBD93BA-0449-45B1-9C00-9CA88DAAC7CE}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{BC7A1918-F38F-4C1A-852C-1B9EDE8582DE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{CC662A34-DDBC-4ED8-8D8E-F0A595994B14}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{EB0DBD58-E51C-468B-815E-D924756D8930}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{EC16F05E-7F62-4424-8F34-ED53175EB4C3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F574BD4-0F5E-47FB-9B25-E9C529710096}" = TextBridge Pro 11.0
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{36E15666-43C1-91A7-0281-498F9D383B2C}" = simfy
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C7B8E06E-EBBC-4210-93AB-DFC8760E3FC9}" = Works Suite-Betriebssystem-Pack
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 4.64
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Dell Support Center" = Dell Support Center
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"etope Lister_is1" = 1.25
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"Glary Utilities_is1" = Glary Utilities 2.16.0.758
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"PhotoFiltre" = PhotoFiltre
"RealVNC_is1" = VNC Free Edition 4.1.3
"Samsung CLX-3180 Series" = Wartung Samsung CLX-3180 Series
"Samsung Scan Assistant" = Samsung Scan Assistant
"Shockwave" = Shockwave
"Simfy" = simfy
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Works2001Setup" = Microsoft Works 2001-Setup-Start
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QUICKMEDIACONVERTER" = Quick Media Converter
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.09.2011 04:10:31 | Computer Name = Sarahs-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.09.2011 04:10:42 | Computer Name = Sarahs-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.09.2011 04:14:29 | Computer Name = Sarahs-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 6.0.2.4262 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 958  Anfangszeit: 01cc7e7f337cb150  Zeitpunkt der Beendigung:
 16
 
Error - 29.09.2011 04:21:13 | Computer Name = Sarahs-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 6.0.2.4262 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 17dc  Anfangszeit: 01cc7e7fd28cffc0  Zeitpunkt der Beendigung:
 16
 
Error - 29.09.2011 04:26:01 | Computer Name = Sarahs-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 29.09.2011 04:26:02 | Computer Name = Sarahs-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 29.09.2011 04:27:14 | Computer Name = Sarahs-PC | Source = PC-Doctor | ID = 1
Description = (5652) Asapi: (10:27:14:4070)(5652) DEFECT.LOCALIZATION - Error --
 Missing String: 9f8591c3-5048-42f7-9553-387b30449f54-0b26b1b3-6704-4eda-91d4-4dd27d06dbc3
 : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc

 
Error - 29.09.2011 04:27:14 | Computer Name = Sarahs-PC | Source = PC-Doctor | ID = 1
Description = (5652) Asapi: (10:27:14:8440)(5652) DEFECT.LOCALIZATION - Error --
 Missing String: 8a6735b1-c078-4648-9416-b6bb29ec3dc1-73fdd448-4cd1-4d2f-86e3-82118f142adf
 : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc

 
Error - 29.09.2011 04:27:19 | Computer Name = Sarahs-PC | Source = PC-Doctor | ID = 1
Description = (5652) Asapi: (10:27:19:3050)(5652) DEFECT.LOCALIZATION - Error --
 Missing String: 5dc4b59a-1f5d-427b-9110-b820c717226b-ea99f498-b3c1-4a2b-9d4b-6d47b924982d
 : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc

 
Error - 29.09.2011 04:27:19 | Computer Name = Sarahs-PC | Source = PC-Doctor | ID = 1
Description = (5652) Asapi: (10:27:19:4460)(5652) DEFECT.LOCALIZATION - Error --
 Missing String: 07439fd5-7039-4014-b635-5bf088a1465b-a714733b-603b-4dbe-8f4f-78a8e338fb7b
 : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc

 
[ OSession Events ]
Error - 29.09.2009 04:19:30 | Computer Name = Sarahs-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.01.2012 06:28:16 | Computer Name = Sarahs-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.01.2012 06:28:16 | Computer Name = Sarahs-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.01.2012 06:30:06 | Computer Name = Sarahs-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.01.2012 um 11:28:36 unerwartet heruntergefahren.
 
Error - 07.01.2012 06:30:21 | Computer Name = Sarahs-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.01.2012 06:30:31 | Computer Name = Sarahs-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.01.2012 06:30:33 | Computer Name = Sarahs-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.01.2012 06:30:32 | Computer Name = Sarahs-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 07.01.2012 06:31:31 | Computer Name = Sarahs-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 07.01.2012 06:31:31 | Computer Name = Sarahs-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.01.2012 06:33:20 | Computer Name = Sarahs-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         

Alt 07.01.2012, 12:12   #7
mauzinchen
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



Ah ich sehe, probiere mal das Code-Tag.
Hier die OTL:
Code:
ATTFilter
OTL logfile created on: 07.01.2012 11:39:26 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 83,37% Memory free
6,18 Gb Paging File | 5,87 Gb Available in Paging File | 95,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,45 Gb Total Space | 46,99 Gb Free Space | 34,44% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,77 Gb Free Space | 57,68% Space Free | Partition Type: NTFS
 
Computer Name: SARAHS-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.07 11:33:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL (1).exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.05.11 00:50:00 | 000,017,024 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\ViewerPS.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011.06.29 02:20:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 20:01:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.05 22:23:48 | 000,222,568 | ---- | M] (Teruten) [Auto | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.11.27 16:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.09.11 11:27:39 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.04.28 15:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.11.12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.04.19 14:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.29 02:20:51 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 02:20:51 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.12.21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 06:55:02 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010.12.21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.12.21 06:55:02 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010.12.21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.12.21 06:55:02 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.13 09:13:52 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2009.07.12 04:16:00 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.06.23 13:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.05.04 10:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.03.06 08:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.11.12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=5080911
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.westernunion.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 EF 78 2B 64 F7 C9 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.westernunion.de/"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - user.js..browser.startup.homepage: "hxxp://www.westernunion.de/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.07 17:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.11 13:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.18 22:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.18 22:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.10.18 22:10:51 | 000,000,000 | ---D | M]
 
[2010.09.08 10:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2010.09.08 10:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008.09.22 15:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\extensions
[2008.09.22 15:44:17 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.12.03 22:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\3qib48nw.default\extensions
[2010.06.27 14:05:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\3qib48nw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.03 22:47:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\3qib48nw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.20 19:22:18 | 000,002,101 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\3qib48nw.default\searchplugins\googlede.xml
[2011.12.11 13:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.11 13:25:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.11 13:25:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.11 13:25:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.11 13:25:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.11 13:25:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.11 13:25:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.11 13:25:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: AT_AnnaSui = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_0\
CHR - Extension: Google-Suche = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Lincmediaplayer) - {fbaa6932-b59b-4854-8041-27a233394ba3} - C:\Program Files\screensaver\screensaver\adxloader.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {b6bb2c0a-8d74-4664-a1cd-103bd9a69de9} - C:\Program Files\screensaver\screensaver\adxloader.dll File not found
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLX3180_Scan2Pc] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Omnipage] C:\Programme\ScanSoft\TextBridgePro11.0\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{ECA90706-7FF8-11DD-BB15-806E6F6E6963}] C:\Users\Sarah\AppData\Roaming\Microsoft\loadhst.exe (The Pidgin developer community)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D5F74B4-90F3-4138-9F8C-56DEB244F45D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79EEE1DB-BBCA-443D-8726-D8FE9380097C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0625642-A9E2-4B40-BA6F-97350C96DF31}: DhcpNameServer = 193.254.160.1 10.74.83.22
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08e9d38c-cc4b-11de-ac3c-00219bdd3f74}\Shell - "" = AutoRun
O33 - MountPoints2\{08e9d38c-cc4b-11de-ac3c-00219bdd3f74}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{5636feed-16c3-11de-b601-00219bdd3f74}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O33 - MountPoints2\{70c0d010-95f1-11e0-b836-00219bdd3f74}\Shell - "" = AutoRun
O33 - MountPoints2\{70c0d010-95f1-11e0-b836-00219bdd3f74}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{70c0d051-95f1-11e0-b836-00219bdd3f74}\Shell - "" = AutoRun
O33 - MountPoints2\{70c0d051-95f1-11e0-b836-00219bdd3f74}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk - C:\Programme\Dell\QuickSet\quickset.exe - (Dell Inc.)
MsConfig - StartUpFolder: C:^Users^Sarah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - C:\Programme\Dell\DellDock\DellDock.exe - (Stardock Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= -  File not found
MsConfig - StartUpReg: dscactivate - hkey= - key= -  File not found
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\DELL\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: Google Quick Search Box - hkey= - key= -  File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: lxczbmgr.exe - hkey= - key= - C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.07 11:33:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL (1).exe
[2011.12.31 19:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2011.12.31 19:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\simfy
[2011.12.22 16:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2008.09.21 17:46:50 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2008.09.21 17:46:50 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2008.09.21 17:46:50 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2008.09.21 17:46:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2008.09.21 17:46:49 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2008.09.21 17:46:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2008.09.21 17:46:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2008.09.21 17:46:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2008.09.21 17:46:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2008.09.21 17:46:48 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2008.09.21 17:46:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2008.09.21 17:46:48 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2008.09.21 17:46:48 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2008.09.21 17:46:48 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2008.09.21 17:46:47 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.07 11:34:22 | 000,625,804 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.07 11:34:22 | 000,593,614 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.07 11:34:22 | 000,125,804 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.07 11:34:22 | 000,103,428 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.07 11:33:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL (1).exe
[2012.01.07 11:30:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.07 11:26:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 11:26:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.07 11:26:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 11:26:51 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.01.07 11:26:43 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.01.06 23:12:47 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373455535-416975833-342867069-1000UA.job
[2012.01.06 23:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.06 22:30:40 | 000,389,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.06 22:20:13 | 000,001,356 | ---- | M] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2012.01.06 12:46:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.01.05 23:14:36 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373455535-416975833-342867069-1000Core.job
[2012.01.05 17:35:29 | 000,002,631 | ---- | M] () -- C:\Users\Sarah\Desktop\Microsoft Office Word 2007.lnk
[2012.01.05 15:03:59 | 000,012,056 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\SmarThruOptions.xml
[2011.12.31 19:47:32 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk
[2011.12.31 16:42:50 | 000,296,645 | ---- | M] () -- C:\Users\Sarah\Documents\Rechnung Dezember R-Call.pdf
[2011.12.22 16:36:22 | 000,001,655 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.12.22 16:36:22 | 000,001,640 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2011.12.16 19:30:00 | 000,002,044 | ---- | M] () -- C:\Users\Sarah\Desktop\Google Chrome.lnk
[2011.12.11 13:22:45 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.31 16:42:50 | 000,296,645 | ---- | C] () -- C:\Users\Sarah\Documents\Rechnung Dezember R-Call.pdf
[2011.12.22 16:36:22 | 000,001,655 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.12.22 16:36:22 | 000,001,640 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2011.11.17 14:30:07 | 000,012,056 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\SmarThruOptions.xml
[2011.11.17 14:29:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2011.11.17 14:28:20 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2011.11.17 14:28:15 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2011.11.17 14:22:50 | 000,482,408 | ---- | C] () -- C:\Windows\SSndii.exe
[2011.11.17 14:20:26 | 000,124,792 | ---- | C] () -- C:\Windows\Wiainst.exe
[2011.06.22 10:43:30 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sst2cl3.dll
[2011.04.29 03:48:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2011.04.29 03:48:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2011.04.29 03:48:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2011.04.29 03:48:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2011.01.07 16:17:24 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.01.07 16:17:24 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.01.04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.10.21 20:49:20 | 000,000,583 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.06.26 23:14:07 | 000,000,600 | ---- | C] () -- C:\Users\Sarah\AppData\Local\PUTTY.RND
[2010.04.11 19:27:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.03 22:29:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.02 09:17:13 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.09.11 13:00:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 13:00:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.17 10:04:38 | 000,001,356 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2008.09.21 17:46:50 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2008.09.21 17:46:50 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2008.09.20 16:40:38 | 000,000,100 | ---- | C] () -- C:\Windows\lexstat.ini
[2008.09.18 16:10:22 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2008.09.18 16:10:22 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2008.09.18 16:10:22 | 000,000,149 | ---- | C] () -- C:\Windows\KPCMS.INI
[2008.09.17 18:12:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.09.17 18:12:30 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.09.16 15:05:29 | 000,037,888 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.16 14:58:41 | 000,001,248 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
[2008.09.16 14:35:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.11 20:55:43 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.09.11 20:55:42 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.09.11 20:55:42 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.09.11 20:55:42 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.09.11 20:55:42 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.09.11 20:55:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.02.06 07:51:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.01.21 08:15:58 | 000,625,804 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,125,804 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.02.07 17:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007.01.22 08:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006.12.09 04:54:38 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugg1l3.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,389,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,593,614 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,428 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.06.07 13:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006.03.27 11:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006.03.07 11:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006.01.10 17:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006.01.10 17:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[1999.01.23 02:46:26 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2009.02.21 19:30:16 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canneverbe_Limited
[2011.06.03 22:43:13 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Cocoon Software
[2011.12.03 22:47:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoft
[2011.12.03 22:47:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.28 12:36:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Epudnu
[2009.10.03 18:10:30 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\GlarySoft
[2011.06.03 22:59:09 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\gtk-2.0
[2010.12.04 15:30:19 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ICQ
[2011.06.03 23:09:14 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\IrfanView
[2011.05.25 13:03:43 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\PCDr
[2011.06.03 22:30:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\RawTherapee
[2011.01.07 16:14:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Samsung
[2010.10.21 20:50:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ScanSoft
[2011.07.25 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Simfy
[2009.12.02 19:00:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TeamViewer
[2008.09.16 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Template
[2010.09.08 10:04:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird
[2011.10.21 11:24:38 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Uznyud
[2011.02.14 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WordToPDF
[2012.01.07 11:26:51 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011.12.11 13:22:45 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.01.06 22:54:26 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.07 11:26:43 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.09.16 14:18:36 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.06.25 15:57:01 | 000,000,000 | ---D | M] -- C:\aa4de2fe928cdcab241f81
[2011.03.31 02:41:58 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.12.31 19:47:33 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2008.09.16 15:52:42 | 000,000,000 | ---D | M] -- C:\DELL
[2008.03.10 14:17:18 | 000,000,000 | ---D | M] -- C:\doctemp
[2008.09.16 14:14:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.09.21 17:42:32 | 000,000,000 | ---D | M] -- C:\Drivers
[2008.10.04 16:12:06 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2008.09.18 16:10:22 | 000,000,000 | ---D | M] -- C:\KPCMS
[2009.04.20 19:07:33 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.31 19:47:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.01 19:44:45 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.09.16 14:14:05 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.06 22:53:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.05 20:35:01 | 000,000,000 | ---D | M] -- C:\temp
[2008.09.16 14:17:10 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.06 22:58:47 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-06 11:23:35
 
<           >

< End of report >
         
Und Extras:
Code:
ATTFilter
OTL Extras logfile created on: 07.01.2012 11:39:26 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 83,37% Memory free
6,18 Gb Paging File | 5,87 Gb Available in Paging File | 95,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,45 Gb Total Space | 46,99 Gb Free Space | 34,44% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,77 Gb Free Space | 57,68% Space Free | Partition Type: NTFS
 
Computer Name: SARAHS-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032338F6-2E61-4CA9-B002-AE5540775455}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{2714E2ED-7608-4B1F-B241-3CEE1B0BF916}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{398F0288-5038-4F43-8B14-ACB705F56703}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{72DD82F3-8D84-4B0E-9EF9-DED81984D4E7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{932783C2-71BA-49CB-8C19-E4DEB2C3E260}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AB39AED5-967B-4907-A3E1-E581926A2884}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AFCCFB05-D4B1-4082-9124-A67E2695EFCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C311CA07-B4A4-4471-B9F4-421BE5AD54EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D17E21AB-970C-420C-9608-968BA37B9F4F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0672C694-A01F-4C62-A8C4-BD6C1DC3F62F}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{0B283CBE-AFD2-4702-B83E-58E621785384}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\local\temp\insb27a\setup\bin\maininst.exe | 
"{12566401-C2F5-4569-82D2-B552E0F240D5}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{20DE5B43-C8DB-4AA5-B797-6E02112CA846}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{210E026D-A7F2-4F01-A0D5-C9E84CC4F297}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3180\sscan2io.exe | 
"{21376087-2FB0-4409-9EB8-D64ECF438641}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{27DCF0B2-F2EF-4A4E-B768-3EA97BA4241E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3173B81B-EBF6-46D3-8D9D-B634BC841F02}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5AD4F6CC-6BF8-464B-B835-B583DE7D352D}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3180\sscan2io.exe | 
"{5EAB0DA7-0C74-4EAE-9E3E-9201AA316258}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3180\scan2pc.exe | 
"{65B17E1D-3B88-427A-B5A4-281066500367}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe | 
"{72660AB1-588C-47CC-8F3B-D80FDB79CE8E}" = protocol=6 | dir=in | app=c:\program files\scan assistant\usdagent.exe | 
"{81776548-03B0-4D5A-964C-312BC84598A7}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\local\temp\insb27a\setup\bin\maininst.exe | 
"{8584D45F-F1DE-48DE-94DF-CE2FA7237D67}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{8D848421-928A-44D1-8B5E-0E133C24722A}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{8ED08F09-3D41-4BFC-BFC0-7C619C8E5D20}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D91E14A-696F-48DF-8C33-0795D922465F}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9DED20CA-A80E-4D96-B439-14F28FFF3763}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A13311C2-7589-4B01-9B5A-653670AC0AB2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{B4C5A24E-59C3-4FA5-A3F6-2CA62ED65564}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{BA697C97-BCD2-411C-9FCF-1C8F80172677}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3180\scan2pc.exe | 
"{BEA623F5-6067-4047-BC78-953A604FC770}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C59BB2CC-F181-4576-8AD7-357ABF3630DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D2046B22-B40C-4F51-AC85-88CE9397E175}" = protocol=17 | dir=in | app=c:\program files\scan assistant\usdagent.exe | 
"{D4F7649D-7F98-401C-B668-FFFDFB89C216}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{D6DF0C0C-8F2A-45E8-8040-B637EFC5391B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D7A1E2C1-6A3F-447A-89C4-F6032F4FDEB1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{D9AF0B52-AD0F-4220-8F2B-0253986B9D4D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{E0BF0144-FD56-499F-893E-976ED206C527}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E5FE6134-3727-4266-B1F3-40141DA369BE}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{ECCBA913-217B-4DC7-A881-4253B97B2BDA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe | 
"{F34E7412-40D6-4698-BD43-F1618CF12553}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{1F52E775-BEA6-4BA4-851A-2718B5A59F9C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2673A41E-435F-4E29-8EAE-C1A7C68DEACA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{40E7A5DF-EEE7-4BA6-91A5-A202F3B12023}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{64558183-9674-45CA-978B-7D1D31E53AD3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{8B24DE95-8703-47C4-A0CE-4209F6DA9602}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{9E5A1780-6D66-4078-B9CB-C8671CDE00D0}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{EC2CA10E-6DBB-4F8F-8AD6-7F6ACBB1B0F4}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{FCAC23C1-3B78-476F-9B7D-5FC668FE6B4F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{0ED87BFA-A344-4359-AD67-E58EE5C7E59B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{3E1086A1-D9DC-4B84-8D35-6E48C37CD871}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{935CDB31-B206-4006-B471-E7577DDD46B3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{9FBD93BA-0449-45B1-9C00-9CA88DAAC7CE}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{BC7A1918-F38F-4C1A-852C-1B9EDE8582DE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{CC662A34-DDBC-4ED8-8D8E-F0A595994B14}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{EB0DBD58-E51C-468B-815E-D924756D8930}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{EC16F05E-7F62-4424-8F34-ED53175EB4C3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F574BD4-0F5E-47FB-9B25-E9C529710096}" = TextBridge Pro 11.0
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{36E15666-43C1-91A7-0281-498F9D383B2C}" = simfy
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C7B8E06E-EBBC-4210-93AB-DFC8760E3FC9}" = Works Suite-Betriebssystem-Pack
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 4.64
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Dell Support Center" = Dell Support Center
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"etope Lister_is1" = 1.25
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"Glary Utilities_is1" = Glary Utilities 2.16.0.758
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"PhotoFiltre" = PhotoFiltre
"RealVNC_is1" = VNC Free Edition 4.1.3
"Samsung CLX-3180 Series" = Wartung Samsung CLX-3180 Series
"Samsung Scan Assistant" = Samsung Scan Assistant
"Shockwave" = Shockwave
"Simfy" = simfy
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Works2001Setup" = Microsoft Works 2001-Setup-Start
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QUICKMEDIACONVERTER" = Quick Media Converter
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.09.2011 04:10:31 | Computer Name = Sarahs-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.09.2011 04:10:42 | Computer Name = Sarahs-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.09.2011 04:14:29 | Computer Name = Sarahs-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 6.0.2.4262 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 958  Anfangszeit: 01cc7e7f337cb150  Zeitpunkt der Beendigung:
 16
 
Error - 29.09.2011 04:21:13 | Computer Name = Sarahs-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 6.0.2.4262 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 17dc  Anfangszeit: 01cc7e7fd28cffc0  Zeitpunkt der Beendigung:
 16
 
Error - 29.09.2011 04:26:01 | Computer Name = Sarahs-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 29.09.2011 04:26:02 | Computer Name = Sarahs-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 29.09.2011 04:27:14 | Computer Name = Sarahs-PC | Source = PC-Doctor | ID = 1
Description = (5652) Asapi: (10:27:14:4070)(5652) DEFECT.LOCALIZATION - Error --
 Missing String: 9f8591c3-5048-42f7-9553-387b30449f54-0b26b1b3-6704-4eda-91d4-4dd27d06dbc3
 : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc

 
Error - 29.09.2011 04:27:14 | Computer Name = Sarahs-PC | Source = PC-Doctor | ID = 1
Description = (5652) Asapi: (10:27:14:8440)(5652) DEFECT.LOCALIZATION - Error --
 Missing String: 8a6735b1-c078-4648-9416-b6bb29ec3dc1-73fdd448-4cd1-4d2f-86e3-82118f142adf
 : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc

 
Error - 29.09.2011 04:27:19 | Computer Name = Sarahs-PC | Source = PC-Doctor | ID = 1
Description = (5652) Asapi: (10:27:19:3050)(5652) DEFECT.LOCALIZATION - Error --
 Missing String: 5dc4b59a-1f5d-427b-9110-b820c717226b-ea99f498-b3c1-4a2b-9d4b-6d47b924982d
 : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc

 
Error - 29.09.2011 04:27:19 | Computer Name = Sarahs-PC | Source = PC-Doctor | ID = 1
Description = (5652) Asapi: (10:27:19:4460)(5652) DEFECT.LOCALIZATION - Error --
 Missing String: 07439fd5-7039-4014-b635-5bf088a1465b-a714733b-603b-4dbe-8f4f-78a8e338fb7b
 : short-descr1 locale: PCDLocale: language = de, customer = dell, variant = dsc

 
[ OSession Events ]
Error - 29.09.2009 04:19:30 | Computer Name = Sarahs-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.01.2012 06:28:16 | Computer Name = Sarahs-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.01.2012 06:28:16 | Computer Name = Sarahs-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.01.2012 06:30:06 | Computer Name = Sarahs-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.01.2012 um 11:28:36 unerwartet heruntergefahren.
 
Error - 07.01.2012 06:30:21 | Computer Name = Sarahs-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.01.2012 06:30:31 | Computer Name = Sarahs-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.01.2012 06:30:33 | Computer Name = Sarahs-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.01.2012 06:30:32 | Computer Name = Sarahs-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 07.01.2012 06:31:31 | Computer Name = Sarahs-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 07.01.2012 06:31:31 | Computer Name = Sarahs-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.01.2012 06:33:20 | Computer Name = Sarahs-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         

Alt 07.01.2012, 16:02   #8
Larusso
/// Selecta Jahrusso
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:otl
O4 - HKCU..\Run: [{ECA90706-7FF8-11DD-BB15-806E6F6E6963}] C:\Users\Sarah\AppData\Roaming\Microsoft\loadhst.exe (The Pidgin developer community)

:files
dir /a /s /b "C:\Users\Sarah\AppData\Roaming\Epudnu" /c
dir /a /s /b "C:\Users\Sarah\AppData\Roaming\Uznyud" /c
reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore" /c

:commands
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
    Kopiere nun den Inhalt hier in Deinen Thread


Berichte ob du nun wieder auf das System zugreifen kannst.



Bitte poste in deiner nächsten Antwort
OTL FIx Log
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 07.01.2012, 18:09   #9
mauzinchen
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



Ui, es scheint wieder zu funktionieren :-)

Hier mal die Datei:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{ECA90706-7FF8-11DD-BB15-806E6F6E6963} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECA90706-7FF8-11DD-BB15-806E6F6E6963}\ not found.
C:\Users\Sarah\AppData\Roaming\Microsoft\loadhst.exe moved successfully.
========== FILES ==========
< dir /a /s /b "C:\Users\Sarah\AppData\Roaming\Epudnu" /c >
C:\Users\Sarah\AppData\Roaming\Epudnu\lyusbik.dat
C:\Users\Sarah\AppData\Roaming\Epudnu\lyusbik.oci
C:\Users\Sarah\AppData\Roaming\Epudnu\lyusbik.tmp
C:\Users\Sarah\Desktop\cmd.bat deleted successfully.
C:\Users\Sarah\Desktop\cmd.txt deleted successfully.
< dir /a /s /b "C:\Users\Sarah\AppData\Roaming\Uznyud" /c >
C:\Users\Sarah\Desktop\cmd.bat deleted successfully.
C:\Users\Sarah\Desktop\cmd.txt deleted successfully.
< reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore" /c >
C:\Users\Sarah\Desktop\cmd.bat deleted successfully.
C:\Users\Sarah\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56516 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sarah
->Temp folder emptied: 2616471659 bytes
->Temporary Internet Files folder emptied: 376264622 bytes
->Java cache emptied: 2098700 bytes
->FireFox cache emptied: 688689536 bytes
->Google Chrome cache emptied: 42137383 bytes
->Flash cache emptied: 308808 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115908952 bytes
RecycleBin emptied: 6347111285 bytes
 
Total Files Cleaned = 9.717,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 01072012_175326

Files\Folders moved on Reboot...
File\Folder C:\Users\Sarah\AppData\Local\Temp\2011-08-22-1173620963_04-RG.PDF  not found!

Registry entries deleted on Reboot...
         
Soll ich jetzt auch die wichtigen Passwörter ändern? Was kann ich tun, um sowas zukünftig zu verhindern? Bisher habe ich immer Avira genutzt.

Alt 07.01.2012, 18:14   #10
Larusso
/// Selecta Jahrusso
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



Absicherung zum Schluss.


Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
    Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!



Bitte poste in deiner nächsten Antwort
Gmer.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 07.01.2012, 20:20   #11
mauzinchen
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



So, im Anhang das Ergebnis

Alt 08.01.2012, 00:37   #12
Larusso
/// Selecta Jahrusso
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Bitte poste in deiner nächsten Antwort
Combofix.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 08.01.2012, 12:13   #13
mauzinchen
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



Hier das Ergebnis:


Combofix Logfile:Combofix Logfile:
Code:
ATTFilter
ComboFix 12-01-07.03 - Sarah 08.01.2012  11:54:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3061.1406 [GMT 1:00]
ausgeführt von:: c:\users\Sarah\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sarah\AppData\Local\assembly\tmp
c:\windows\system32\muzapp.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-08 bis 2012-01-08  ))))))))))))))))))))))))))))))
.
.
2012-01-08 11:01 . 2012-01-08 11:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-07 17:02 . 2012-01-07 17:02	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBA06DD5-99A1-401E-AF5F-38F7DDFDA7C9}\offreg.dll
2012-01-07 16:53 . 2012-01-07 16:53	--------	d-----w-	C:\_OTL
2012-01-06 11:22 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBA06DD5-99A1-401E-AF5F-38F7DDFDA7C9}\mpengine.dll
2011-12-31 18:47 . 2011-12-31 18:47	--------	d-----w-	c:\program files\simfy
2011-12-14 18:59 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-14 18:59 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-14 18:59 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-12-14 18:59 . 2011-11-23 13:37	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-12-14 18:59 . 2011-11-08 12:10	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 18:59 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-14 18:59 . 2011-11-08 14:42	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-11 12:25 . 2011-12-11 12:25	19416	----a-w-	c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2011-12-11 12:25 . 2011-12-11 12:25	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-12-11 12:25 . 2011-12-11 12:25	134104	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-12-11 12:25 . 2011-12-11 12:25	125912	----a-w-	c:\program files\Mozilla Firefox\crashreporter.exe
2011-12-11 12:25 . 2011-12-11 12:25	1998168	----a-w-	c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-31 15:13 . 2011-08-24 19:24	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 12:25 . 2011-12-11 12:25	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-10-03 10:03 . 2010-10-03 10:03	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32	279944	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-11 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-05 860472]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-05 3370296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-03 30192]
"Omnipage"="c:\program files\ScanSoft\TextBridgePro11.0\opware32.exe" [2002-05-14 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-12-16 220744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-11-2 6144]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-11 10:27	10536	----a-w-	c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Sarah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18	17920	----a-w-	c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-03 10:03	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 11:00	174872	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe]
2007-04-19 13:45	74672	----a-w-	c:\program files\Lexmark 1200 Series\LXCZbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 08:58	184320	------w-	c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-11 10:21	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02	36352	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KWDIQPOW
*Deregistered* - kwdiqpow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-10-03 17:27]
.
2012-01-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-11 20:04]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 13:33]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 13:33]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1373455535-416975833-342867069-1000Core.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 10:16]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1373455535-416975833-342867069-1000UA.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 10:16]
.
2012-01-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2012-01-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.westernunion.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\3qib48nw.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.westernunion.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://www.westernunion.de/
FF - user.js: browser.startup.page - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-Broadcom Wireless Manager UI - c:\windows\system32\WLTRAY.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
MSConfigStartUp-Google Quick Search Box - c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
AddRemove-Adobe Photoshop 5.0 Limited Edition - c:\windows\UNIN0407.EXE
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-08 12:01
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,97,e1,f6,3e,15,6c,49,8d,cc,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,97,e1,f6,3e,15,6c,49,8d,cc,b4,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3328)
c:\program files\ScanSoft\TextBridgePro11.0\ophook32.dll
.
Zeit der Fertigstellung: 2012-01-08  12:03:48
ComboFix-quarantined-files.txt  2012-01-08 11:03
.
Vor Suchlauf: 13 Verzeichnis(se), 62.478.831.616 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 62.094.946.304 Bytes frei
.
- - End Of File - - E6DA77253716B28B15CFF97988FB5258
         
--- --- ---
--- --- ---

Geändert von Larusso (08.01.2012 um 14:27 Uhr)

Alt 08.01.2012, 14:28   #14
Larusso
/// Selecta Jahrusso
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte poste in deiner nächsten Antwort
MBAM Log
log.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 08.01.2012, 17:43   #15
mauzinchen
 
Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Standard

Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(



Hier die Auswertung von MalwareBites

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.08.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAHS-PC [Administrator]

08.01.2012 14:58:39
mbam-log-2012-01-08 (14-58-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 175310
Laufzeit: 4 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Sarah\Downloads\install_flash_player.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Und Eset

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c885ebada552784d98613d33de941c6f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-08 04:29:35
# local_time=2012-01-08 05:29:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 166763 100928697 165809 0
# compatibility_mode=5892 16776573 100 100 4153 163564861 0 0
# compatibility_mode=8192 67108863 100 0 3756 3756 0 0
# scanned=231831
# found=8
# cleaned=0
# scan_time=8042
C:\Users\Sarah\Downloads\install_flash_player(1).exe	Win32/Adware.ToolPlugin application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sarah\Downloads\SoftonicDownloader_fuer_irfanview-plugins.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\01072012_175326\C_Users\Sarah\AppData\Roaming\Microsoft\loadhst.exe	Win32/LockScreen.AIG trojan (unable to clean)	00000000000000000000000000000000	I
F:\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R67AUGXR\files_load2[1].exe	Win32/LockScreen.AIG trojan (unable to clean)	00000000000000000000000000000000	I
F:\Sarah\AppData\Roaming\Microsoft\loadhst.exe	Win32/LockScreen.AIG trojan (unable to clean)	00000000000000000000000000000000	I
F:\Sarah\Downloads\install_flash_player(1).exe	Win32/Adware.ToolPlugin application (unable to clean)	00000000000000000000000000000000	I
F:\Sarah\Downloads\install_flash_player.exe	Win32/Adware.ToolPlugin application (unable to clean)	00000000000000000000000000000000	I
F:\Sarah\Downloads\SoftonicDownloader_fuer_irfanview-plugins.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         

Antwort

Themen zu Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(
abgesicherten, andere, angezeigt, avira, bildschirm, daten, ebenfalls, eingefangen, gefangen, gen, gesperrt, lieber, modus, neuinstallation, neustart, nutze, partition, problem, recovery, recovery cd, systemwiederherstellung, trojaner, vista, warnung, windows vista, wurde ihr, würde, zahlung



Ähnliche Themen: Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(


  1. Trojaner eingefangen: Polizei. Warnung. Zugang zu ihrem Brouser wurde gesperrt.
    Log-Analyse und Auswertung - 31.03.2015 (11)
  2. Achtung! Aus Sicherheitsgründen... 50€ Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (12)
  3. Trojaner: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (19)
  4. Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner
    Log-Analyse und Auswertung - 31.01.2012 (42)
  5. 50€ Trojaner-Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert.
    Log-Analyse und Auswertung - 30.01.2012 (1)
  6. Windows blockiert aus Sicherheitsgründen-Trojaner
    Log-Analyse und Auswertung - 30.01.2012 (30)
  7. trojaner eingefangen: "aus Sicherheitsgründen wurde ihr Windows gesperrt"
    Log-Analyse und Auswertung - 25.01.2012 (15)
  8. Windows blockiert aus Sicherheitsgründen - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.01.2012 (18)
  9. [doppelt] troyaner eingefangen! "aus sicherheitsgründen wurde ihr windows gesperrt"
    Mülltonne - 23.01.2012 (1)
  10. Warnung ! Aus Sicherheitsgründen... 50 Euro
    Log-Analyse und Auswertung - 19.01.2012 (25)
  11. Windows hat aus Sicherheitsgründen ihr System Blockiert trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (8)
  12. Trojaner: Aus sicherheitsgründen wurde ihr windowssystem... Wie entferne ich ihn????
    Log-Analyse und Auswertung - 05.01.2012 (3)
  13. Trojaner. System aus Sicherheitsgründen gesperrt. Paysafe
    Log-Analyse und Auswertung - 03.01.2012 (5)
  14. Windows aus Sicherheitsgründen gesperrt - 50€ Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (25)
  15. Windows 7 machts möglich: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" eingefangen
    Log-Analyse und Auswertung - 23.12.2011 (41)
  16. Virus eingefangen: "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 05.12.2011 (25)
  17. Warnung! Scareware eingefangen: Datei TOKOV.EXE
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (0)

Zum Thema Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( - Liebes Trojaner-Board-Team! Leider habe ich mir den Trojaner eingefangen, der den Bildschirm schwärzt und um die Zahlung von 50€ bittet (Aus Sicherheitsgründen wurde ihr Windows-System gesperrt usw.) Ich bin jetzt - Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-(...
Archiv
Du betrachtest: Warnung! Aus Sicherheitsgründen...Trojaner eingefangen :-( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.