Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 50 Euro Virus/Trojana brauche Hilfe!!!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.02.2012, 12:12   #1
Udsch
 
50 Euro Virus/Trojana brauche Hilfe!!! - Standard

50 Euro Virus/Trojana brauche Hilfe!!!



Hallo.Ich hab ihn jetzt auch den 50 Euro Virus.Bin der empfohlenen Anleitung gefolgt und hier nun die Log Files


OTL Extras logfile created on: 12.02.2012 07:51:32 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Isabell\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,93 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 84,46% Memory free
6,06 Gb Paging File | 5,79 Gb Available in Paging File | 95,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 180,58 Gb Free Space | 63,34% Space Free | Partition Type: NTFS
Drive E: | 7,50 Gb Total Space | 7,50 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

Computer Name: ISABELL-PC | User Name: Isabell | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011D4E3C-D4D1-4995-99A4-993B3A791054}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0D1E175D-B513-4C6E-BD6E-C112D424F349}" = rport=138 | protocol=17 | dir=out | app=system |
"{11C915F5-8D53-421C-9F16-024A2843DF7A}" = rport=137 | protocol=17 | dir=out | app=system |
"{36193422-3CA2-4229-B095-4BF895EE7CD0}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A0DF318-FC39-4BCB-883F-DF33DA9C3858}" = lport=139 | protocol=6 | dir=in | app=system |
"{4128429C-50D1-43D5-97BF-BAF2C588B2F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6111C80E-3DE4-4A58-AFEB-CE4E304BE1BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A55CBF5-A6C1-4379-BA64-241B0D309F3B}" = lport=5358 | protocol=6 | dir=in | app=system |
"{7F40E8C0-C8F1-4570-8C9B-2FA3CC38F590}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{8BC0CCCC-AE02-4721-B0C7-15B43B83ABED}" = rport=5358 | protocol=6 | dir=out | app=system |
"{A208DB8C-06F8-4233-AFB1-42103C6EACCB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AA80DF4E-EEC8-4250-A95D-C3578025F576}" = rport=5357 | protocol=6 | dir=out | app=system |
"{AD9C73A0-A0F8-495F-B462-5DF51EF3BF0A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{D92DD6ED-EC4D-48B4-8389-C00709C77F90}" = rport=139 | protocol=6 | dir=out | app=system |
"{DAEE2BB4-7005-4FB5-AAAF-904AA5C6F1F5}" = rport=445 | protocol=6 | dir=out | app=system |
"{DAF5905F-919C-46D8-9C42-C2F291A515B2}" = lport=137 | protocol=17 | dir=in | app=system |
"{EC415C5F-50F8-48AF-BF62-53CABA0CAAD1}" = lport=5357 | protocol=6 | dir=in | app=system |
"{F01C7A39-C446-4F34-958E-1509108D61CA}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FEF35A-B01F-4667-B0AD-C864468214D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08ADBBF8-01D0-4642-819A-E4614CB7C28F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0AB54426-0E23-4661-BAB8-ED839144D7B2}" = protocol=17 | dir=in | app=c:\users\isabell\appdata\roaming\dropbox\bin\dropbox.exe |
"{0C0171AC-9F68-4FF7-899B-BAF7639A6868}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{158BF7BB-0D89-4727-9812-B37A67B69F63}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{1D5BC4DA-A8D3-45F1-9487-996710B0548E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{237F50D6-2B82-4D82-BED6-51A21961F59E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{40D7A7D4-319B-4483-9EDA-9BE098882666}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{412CEAB4-CB0C-4376-B977-4474C2EA8F69}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BE8E0E0-D279-46FB-BFF3-17D069C4ED7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69AA89F0-561B-4796-B052-0A8B430C7F91}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6E364166-265B-4AD2-8F4F-244CB1306919}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6EE7FF55-F5D8-44CB-B59C-F1346C2D5900}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7BF3BBDF-B85A-49A7-B064-CE97D4F709B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A602EB36-43FD-43AA-B577-D38CC0C8BA77}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B4FE2953-31C6-46CF-845C-F269B31C74C7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC9B49AA-097A-475F-87AA-7D16C569C13C}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{D6BBF6B4-2AAA-45D7-A0B8-03AECF6BF002}" = protocol=6 | dir=in | app=c:\users\isabell\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2B64D11E-AA84-4765-BAE2-E17E99557527}C:\program files\rapidsolution\radiotracker 6\radiotracker.exe" = protocol=6 | dir=in | app=c:\program files\rapidsolution\radiotracker 6\radiotracker.exe |
"TCP Query User{3A95326A-424E-4E26-B3EE-9D0982439D0A}C:\users\isabell\desktop\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\isabell\desktop\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe |
"TCP Query User{6CED7005-DE41-43AD-9A2A-D1A621F9378F}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{93E529BA-E32D-4919-88CC-6940009955D2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{AEF64037-0F11-4836-8D1C-BAC4A1548A07}C:\users\isabell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\isabell\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{BB9A4BF4-E313-40D9-8258-66A322CC8053}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{F92A777C-8239-46FF-9646-90478B276A9E}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"TCP Query User{FC0D83F8-53F6-4C1A-96EC-64D505ADECD6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{26A1CD4C-7E32-4CA3-994D-6D3CCF4AF372}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{2A3F717F-0FB5-4C53-AA6A-D8FAB05DE190}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"UDP Query User{35B329F7-F78F-4919-B4BF-C549C9139920}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6FBFA923-33DD-4839-A7BB-1B6051B88781}C:\program files\rapidsolution\radiotracker 6\radiotracker.exe" = protocol=17 | dir=in | app=c:\program files\rapidsolution\radiotracker 6\radiotracker.exe |
"UDP Query User{79664224-3D1D-40B0-B777-7527A8DD4011}C:\users\isabell\desktop\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\isabell\desktop\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe |
"UDP Query User{8E91F56D-A552-4C16-842E-2EA511673002}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{A2211D00-CFD0-4B67-A0ED-57C168DB2483}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{F2848AA8-6F40-4F0C-BA26-5386FDE5366C}C:\users\isabell\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\isabell\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F5C38CB-DCA7-44E0-A654-26121331557A}" = GMX Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F58E241-0649-4ECA-805D-5A7B7943801D}" = Radiotracker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF27589-0FA3-4BB0-8609-8F0135B1D9F6}" = Firefox 3.5 GMX Edition
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D69C742-6F36-4460-A1FE-C40ED26C81D7}" = Carnet d'activités Réalités 2
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D179B513-AD43-4013-AC50-C16107A0A02D}" = LogMeIn Hamachi
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX300F_TX300F Benutzerhandbuch" = EPSON Stylus Office BX300F_TX300F Handbuch
"Firefox 3.5 GMX Edition" = Firefox 3.5 GMX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"GMX Update" = GMX Update
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Klett Lernsoftware Mathematik - mathe live 7 BA_is1" = Klett Lernsoftware Mathematik - mathe live 7 BA
"Klett Lernsoftware Mathematik - mathe live 8 BA_is1" = Klett Lernsoftware Mathematik - mathe live 8 BA
"LogMeIn Hamachi" = LogMeIn Hamachi
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.0.2146
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works9se" = Microsoft Works 9.0 SE

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.02.2011 08:31:23 | Computer Name = Isabell-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.02.2011 13:28:58 | Computer Name = Isabell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15.02.2011 13:28:58 | Computer Name = Isabell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2089929

Error - 15.02.2011 13:28:58 | Computer Name = Isabell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2089929

Error - 15.02.2011 13:28:59 | Computer Name = Isabell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15.02.2011 13:28:59 | Computer Name = Isabell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2090943

Error - 15.02.2011 13:28:59 | Computer Name = Isabell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2090943

Error - 16.02.2011 02:49:16 | Computer Name = Isabell-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16.02.2011 02:49:16 | Computer Name = Isabell-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16.02.2011 02:50:32 | Computer Name = Isabell-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12.02.2012 02:46:42 | Computer Name = Isabell-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12.02.2012 02:46:42 | Computer Name = Isabell-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12.02.2012 02:46:42 | Computer Name = Isabell-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12.02.2012 02:46:42 | Computer Name = Isabell-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12.02.2012 02:46:42 | Computer Name = Isabell-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12.02.2012 02:46:42 | Computer Name = Isabell-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12.02.2012 02:46:42 | Computer Name = Isabell-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12.02.2012 02:46:42 | Computer Name = Isabell-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12.02.2012 02:46:42 | Computer Name = Isabell-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12.02.2012 02:46:42 | Computer Name = Isabell-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >


OTL logfile created on: 12.02.2012 07:51:32 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Isabell\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,93 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 84,46% Memory free
6,06 Gb Paging File | 5,79 Gb Available in Paging File | 95,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 180,58 Gb Free Space | 63,34% Space Free | Partition Type: NTFS
Drive E: | 7,50 Gb Total Space | 7,50 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

Computer Name: ISABELL-PC | User Name: Isabell | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Isabell\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ETService) -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (slabser) -- C:\Windows\System32\drivers\slabser.sys (MCCI Corporation)
DRV - (slabbus) CP210x USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\slabbus.sys (MCCI Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0209&m=easynote_mh36
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0209&m=easynote_mh36
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0209&m=easynote_mh36
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=400e5c5a0000000000000017c46bc5dc
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "GMX Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "WEB.DE Suche"
FF - prefs.js..browser.search.order.3: "1und1 Suche"
FF - prefs.js..browser.search.order.4: "amazon.de"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 21:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.19 20:34:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Isabell\AppData\Roaming\5064 [2011.12.22 15:11:44 | 000,000,000 | ---D | M]

[2009.04.13 17:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabell\AppData\Roaming\mozilla\Extensions
[2009.04.13 17:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabell\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.29 12:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabell\AppData\Roaming\mozilla\Firefox\Profiles\xhl6y2zb.default\extensions
[2012.01.16 11:59:11 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Isabell\AppData\Roaming\mozilla\Firefox\Profiles\xhl6y2zb.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.01.25 20:15:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Isabell\AppData\Roaming\mozilla\Firefox\Profiles\xhl6y2zb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.01.08 18:00:15 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Isabell\AppData\Roaming\mozilla\Firefox\Profiles\xhl6y2zb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.11.05 14:37:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Isabell\AppData\Roaming\mozilla\Firefox\Profiles\xhl6y2zb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.29 21:18:41 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Isabell\AppData\Roaming\mozilla\Firefox\Profiles\xhl6y2zb.default\extensions\engine@conduit.com
[2012.01.29 12:40:53 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Isabell\AppData\Roaming\mozilla\Firefox\Profiles\xhl6y2zb.default\extensions\ffxtlbr@babylon.com
[2010.01.07 20:06:05 | 000,005,599 | ---- | M] () -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\xhl6y2zb.default\searchplugins\1und1-suche.xml
[2010.01.07 20:06:03 | 000,001,381 | ---- | M] () -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\xhl6y2zb.default\searchplugins\amazonde.xml
[2010.10.08 12:07:10 | 000,000,873 | ---- | M] () -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\xhl6y2zb.default\searchplugins\conduit.xml
[2010.01.07 20:06:03 | 000,010,613 | ---- | M] () -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\xhl6y2zb.default\searchplugins\gmx-suche.xml
[2009.10.05 16:24:27 | 000,009,941 | ---- | M] () -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\xhl6y2zb.default\searchplugins\mywebsearch.xml
[2010.01.07 20:06:03 | 000,005,596 | ---- | M] () -- C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\xhl6y2zb.default\searchplugins\webde-suche.xml
[2011.12.04 18:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.01.07 20:02:21 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.01.07 20:02:20 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829}
[2011.12.22 15:11:44 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ISABELL\APPDATA\ROAMING\5064
[2012.02.02 21:53:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.25 20:38:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 12:25:38 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.01.25 20:38:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.25 20:38:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.25 20:38:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.25 20:38:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.25 20:38:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [GMX Update] C:\Programme\GMX\LiveUpdate\m2LUTray.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [EPSON BX300F Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Isabell\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Isabell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Isabell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Isabell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7877C03-9D96-4DEB-9CBA-81978FE6525B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6DBED35-0E74-460A-BAAE-ADB0270740A8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Isabell\Pictures\Unbenannt.jpg
O24 - Desktop BackupWallPaper: C:\Users\Isabell\Pictures\Unbenannt.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{66411f6c-39d1-11df-a5d1-00238b7164f1}\Shell\AutoRun\command - "" = Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.12 12:38:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Isabell\Desktop\OTL.exe
[2012.02.10 08:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.02.10 08:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.02.10 08:05:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.31 15:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.31 15:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.29 12:26:02 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\eType
[2012.01.29 12:25:35 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\Babylon
[2012.01.29 12:25:33 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\Babylon
[2012.01.29 12:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.01.29 12:25:06 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\TempDIR
[2012.01.24 19:39:37 | 000,000,000 | ---D | C] -- C:\Users\Isabell\Desktop\Kommunikation und Medien
[1 C:\Users\Isabell\AppData\Roaming\*.tmp files -> C:\Users\Isabell\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.12 12:38:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Isabell\Desktop\OTL.exe
[2012.02.12 12:24:11 | 000,001,356 | ---- | M] () -- C:\Users\Isabell\AppData\Local\d3d9caps.dat
[2012.02.12 11:10:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.12 10:15:41 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.12 10:15:41 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.12 10:15:41 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.12 10:15:41 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.12 07:45:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 07:43:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.02.12 07:43:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 07:43:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 07:43:29 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.12 07:31:02 | 000,315,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.11 11:23:58 | 000,010,846 | ---- | M] () -- C:\Users\Isabell\Desktop\kündigung.odt
[2012.02.09 17:48:55 | 000,014,156 | ---- | M] () -- C:\Users\Isabell\Documents\Menü.odt
[2012.02.08 13:40:26 | 000,538,245 | ---- | M] () -- C:\Users\Isabell\Desktop\20110122_0258.1.jpg
[2012.02.08 13:40:09 | 000,005,710 | ---- | M] () -- C:\Users\Isabell\Desktop\20110122_0257.1.jpg
[2012.02.05 15:42:21 | 000,020,067 | ---- | M] () -- C:\Users\Isabell\Documents\deutsch.odt
[2012.02.04 18:56:17 | 000,000,250 | ---- | M] () -- C:\Windows\wininit.ini
[2012.02.04 18:56:11 | 000,000,907 | ---- | M] () -- C:\Users\Isabell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.31 15:44:55 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.29 12:25:47 | 000,000,243 | ---- | M] () -- C:\user.js
[2012.01.28 15:04:11 | 000,011,608 | ---- | M] () -- C:\Users\Isabell\Documents\Unbenannt 1e4t4r5zt43r43.odt
[2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.16 12:15:37 | 000,005,660 | ---- | M] () -- C:\Users\Isabell\Documents\chatroulette_drawing_70211.png
[2012.01.13 19:03:03 | 000,003,112 | ---- | M] () -- C:\Users\Isabell\Documents\Neue Datenbank.odb
[1 C:\Users\Isabell\AppData\Roaming\*.tmp files -> C:\Users\Isabell\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.11 11:23:56 | 000,010,846 | ---- | C] () -- C:\Users\Isabell\Desktop\kündigung.odt
[2012.02.09 17:24:56 | 000,014,156 | ---- | C] () -- C:\Users\Isabell\Documents\Menü.odt
[2012.02.08 13:40:25 | 000,538,245 | ---- | C] () -- C:\Users\Isabell\Desktop\20110122_0258.1.jpg
[2012.02.08 13:40:08 | 000,005,710 | ---- | C] () -- C:\Users\Isabell\Desktop\20110122_0257.1.jpg
[2012.02.02 16:26:04 | 000,020,067 | ---- | C] () -- C:\Users\Isabell\Documents\deutsch.odt
[2012.01.31 15:44:55 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.29 12:25:46 | 000,000,243 | ---- | C] () -- C:\user.js
[2012.01.28 15:04:09 | 000,011,608 | ---- | C] () -- C:\Users\Isabell\Documents\Unbenannt 1e4t4r5zt43r43.odt
[2012.01.16 12:15:34 | 000,005,660 | ---- | C] () -- C:\Users\Isabell\Documents\chatroulette_drawing_70211.png
[2012.01.13 18:47:30 | 000,003,112 | ---- | C] () -- C:\Users\Isabell\Documents\Neue Datenbank.odb
[2011.12.15 21:40:10 | 000,000,038 | ---- | C] () -- C:\Users\Isabell\AppData\Roaming\urhtps.dat
[2011.12.15 14:48:17 | 000,000,036 | ---- | C] () -- C:\Users\Isabell\AppData\Roaming\blckdom.res
[2011.12.08 07:43:06 | 000,000,250 | ---- | C] () -- C:\Windows\wininit.ini
[2010.12.07 12:37:26 | 000,001,356 | ---- | C] () -- C:\Users\Isabell\AppData\Local\d3d9caps.dat
[2010.03.28 08:24:25 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2010.03.28 08:09:00 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.01.14 16:26:39 | 000,024,064 | ---- | C] () -- C:\Users\Isabell\AppData\Roaming\UserTile.png
[2010.01.14 16:20:13 | 000,103,772 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.07.30 21:03:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.04.11 08:17:52 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009.04.11 08:17:52 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009.04.11 08:17:52 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009.04.11 08:17:52 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009.04.11 08:17:52 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009.04.11 08:17:52 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009.04.11 08:17:52 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009.04.11 08:17:52 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009.04.11 08:17:52 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009.04.11 08:17:52 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009.04.11 08:17:52 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009.04.11 08:17:52 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009.04.11 08:17:52 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009.04.11 08:17:52 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009.04.11 08:17:52 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009.04.11 08:17:52 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009.04.11 08:17:52 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009.04.11 08:17:52 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009.04.11 08:17:52 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.04.11 08:15:59 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini
[2009.04.09 21:07:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.04.07 20:34:31 | 000,000,000 | ---- | C] () -- C:\Users\Isabell\AppData\Roaming\wklnhst.dat
[2009.04.06 19:57:51 | 000,038,912 | ---- | C] () -- C:\Users\Isabell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.06 16:31:01 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.04.06 16:30:51 | 000,008,172 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2009.02.26 16:02:25 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.01.09 01:05:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.09 01:05:17 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.01.09 01:05:13 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.01.09 01:05:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2009.01.09 01:05:12 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009.01.09 01:05:11 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.01.08 17:43:05 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.08 16:45:18 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.08 16:45:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,315,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011.12.05 15:06:18 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\.minecraft
[2011.12.15 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\5059
[2011.12.16 18:46:23 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\5060
[2011.12.19 14:13:55 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\5061
[2011.12.20 16:05:45 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\5062
[2011.12.21 11:30:47 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\5063
[2011.12.22 15:11:44 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\5064
[2012.01.29 12:25:33 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Babylon
[2010.06.09 06:24:49 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Chilirec
[2012.02.12 07:44:16 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Dropbox
[2011.11.05 17:22:30 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\DVDVideoSoft
[2011.11.05 14:37:58 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.28 13:21:14 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\EPSON
[2012.02.12 12:18:41 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\eType
[2009.09.24 17:01:42 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\InterTrust
[2011.09.25 17:09:09 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Klett
[2011.12.15 14:48:09 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\kock
[2010.02.09 17:29:08 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\OpenOffice.org
[2009.04.09 19:35:03 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Packard Bell
[2011.12.03 18:46:54 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Teeworlds
[2012.01.09 18:46:17 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Template
[2010.02.04 20:50:28 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Tipp4u
[2009.04.13 17:38:03 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\TomTom
[2011.12.26 11:23:29 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\UAs
[2011.12.29 10:11:35 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\xmldm
[2012.02.12 07:37:26 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Dank Udsch

Alt 12.02.2012, 13:52   #2
Swisstreasure
/// Malwareteam
 
50 Euro Virus/Trojana brauche Hilfe!!! - Standard

50 Euro Virus/Trojana brauche Hilfe!!!





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________


Alt 12.02.2012, 17:46   #3
Udsch
 
50 Euro Virus/Trojana brauche Hilfe!!! - Standard

50 Euro Virus/Trojana brauche Hilfe!!!



Hallo und erstmal vielen Dank für die Hilfe.Werde morgen mal mit Hilfe eines Freundes den von von Dir vorgeschlagenen Rettungsversuch zu starten.Melde mich dann ob es funktioniert hat.Bis dahin nochmal vielen Dank.
Gruß Udsch
__________________

Antwort

Themen zu 50 Euro Virus/Trojana brauche Hilfe!!!
autorun, avira, bho, bonjour, converter, error, euro, firefox addon, flash player, format, google, google earth, hilfe!!, home, install.exe, intranet, logfile, mozilla, mp3, packard bell, realtek, registry, rundll, scan, security, security scan, server, software, studio, svchost.exe, usb, usb 2.0, version=1.0, vista, visual studio



Ähnliche Themen: 50 Euro Virus/Trojana brauche Hilfe!!!


  1. 100 Euro Windows 7 Sicherheitscenter Update Trojaner - brauche dringend Hilfe !!!!
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (45)
  2. Verschlüsselungs Trojana der ein neues Software Update für 200 Euro haben will.
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (29)
  3. 50 euro virus bitte um hilfe
    Log-Analyse und Auswertung - 16.03.2012 (15)
  4. Bitte um hilfe habe den 50 euro virus auf´m labtop
    Mülltonne - 14.03.2012 (1)
  5. AKM-Virus / 50 Euro - Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 11.03.2012 (11)
  6. 50 Euro Virus. PC ist gesperrt. Bitte um Hilfe.
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (21)
  7. 50 euro Paysafe oder ukash Trojana
    Plagegeister aller Art und deren Bekämpfung - 17.02.2012 (4)
  8. 50 euro virus bitte schnelle hilfe !
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (9)
  9. "Windowssystem blockiert 50 Euro für bereinigung", brauche Hilfe!
    Log-Analyse und Auswertung - 04.02.2012 (5)
  10. Windows gesperrt 50 euro zahlen brauche dringend hilfe
    Log-Analyse und Auswertung - 21.12.2011 (4)
  11. Virus gefunden - Alureon.H Virus - brauche Hilfe
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (1)
  12. brauche hilfe (was is das für ein virus)
    Plagegeister aller Art und deren Bekämpfung - 24.09.2008 (11)
  13. CiD-Virus,brauche hilfe
    Mülltonne - 19.06.2008 (0)
  14. hilfe trojana
    Plagegeister aller Art und deren Bekämpfung - 26.10.2007 (1)
  15. brauche hilfe virus o.ä.
    Log-Analyse und Auswertung - 02.08.2006 (7)
  16. Virus? Brauche Hilfe!
    Log-Analyse und Auswertung - 09.02.2006 (1)
  17. Hallo ihr, brauche dringend euro hilfe
    Log-Analyse und Auswertung - 17.10.2004 (7)

Zum Thema 50 Euro Virus/Trojana brauche Hilfe!!! - Hallo.Ich hab ihn jetzt auch den 50 Euro Virus.Bin der empfohlenen Anleitung gefolgt und hier nun die Log Files OTL Extras logfile created on: 12.02.2012 07:51:32 - Run 1 OTL - 50 Euro Virus/Trojana brauche Hilfe!!!...
Archiv
Du betrachtest: 50 Euro Virus/Trojana brauche Hilfe!!! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.