Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virenprogramme hängen sich auf, Incredibar wurde angezeigt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.05.2013, 18:14   #1
DJ5
 
Virenprogramme hängen sich auf, Incredibar wurde angezeigt - Standard

Virenprogramme hängen sich auf, Incredibar wurde angezeigt



Hallo,

mein Antivirus hängt sich immer auf ( bei ca. 4 %) und zwar immer bei der gleichen Datei: c:\users\dörte\appdata\local\microsoft\windows\temporary Internet files\...\utm[3].gif. Dann habe ich versucht einen Scan mit Malwarebytes zu machen. Aber dort habe ich nach 7 Stunden abgebrochen, da scheinbar immer die gleichen Dateien immer wieder durchsucht werden. Ich poste unten den Log bis dahin. Im Spybot zeigte es vor ein paar Tagen Incredibar an. Auch dazu poste ich den Log.

Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.04.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Dörte :: SAMSI [Administrator]

04.05.2013 11:23:44
mbam-log-2013-05-04 (11-23-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 583072
Laufzeit: 7 Stunde(n), 51 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1184 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart.

(Ende)
         
Spybot:
Code:
ATTFilter
Search results from Spybot - Search & Destroy

01.05.2013 21:46:02
Scan took 00:27:55.
139 items found.

IncrediBar: [SBI $4A0F744C] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.ExtensionHelperObject

IncrediBar: [SBI $4A0F744C] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.ExtensionHelperObject.1

IncrediBar: [SBI $4A0F744C] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}

IncrediBar: [SBI $4A0F744C] Browser helper object (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

IncrediBar: [SBI $4A0F744C] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.ExtensionHelperObject.1

IncrediBar: [SBI $4A0F744C] Class ID (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}

IncrediBar: [SBI $4A0F744C] Browser helper object (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

IncrediBar: [SBI $4A0F744C] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.ExtensionHelperObject

IncrediBar: [SBI $418BC215]  Library (File, nothing done)
  C:\Program Files\Web Assistant\Extension32.dll
  Properties.size=170840
  Properties.md5=EED3815E5FD1F81C4CACF9E1A90BE9A7
  Properties.filedate=1353420540
  Properties.filedatetext=2012-11-20 16:09:00

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\93.114.45.68\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\a.vimeocdn.com\com.conviva.livePass.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\aka.zero.jibjab.com\jj_player.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\canstatic.cbs.com\cbs_canplayer_data_cbs.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.abclocal.go.com\com.quantserve.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.flashtalking.com\ftLocalComms.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.flashtalking.com\FT_cookie.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.movad.net\movad.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.so-networks.net\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.yycast.com\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.zopim.com\H6iySMcIMFUn7DXsVNJZW5dalv1A4scaSession_SO.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.zopim.com\H6iySMcIMFUn7DXsVNJZW5dalv1A4scaVolatile_SO.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cfiles.5min.com\Storage5minCookie.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\content.yieldmanager.edgesuite.net\avazu.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\files.leton.tv\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\flash.quantserve.com\com.quantserve.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\fr-himedia.cdn.videoplaza.tv\com.videoplaza.adplayer.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\fr-himedia.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\fr-m6.cdn.videoplaza.tv\com.videoplaza.adplayer.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\fr-m6.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\ia.media-imdb.com\IMDBTEST.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\images-na.ssl-images-amazon.com\mercury.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\imagesrv.adition.com\movad.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\img.playa-games.com\papayaSoc221.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\imgdn.net\fsipages___2Fdbl__2FGlobalPDF__2Fprospekt__2F286__5F0Gte9ded__2Fde__2F.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\is.myvideo.de\com.conviva.livePass.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\is1.myvideo.de\com.conviva.livePass.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\is2.myvideo.de\com.conviva.livePass.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\jjcast.com\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\live.meinbvb.de\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\pagead2.googlesyndication.com\movad.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\play.snacktv.de\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.ilive.to\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.longtailvideo.com\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.ooyala.com\auth.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.ooyala.com\auth2.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.ooyala.com\auth_id.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.ooyala.com\perf.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\rama-cremefine.de\tracer_struct.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\rama-cremefine.de\unilever_cremolition.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\s.ytimg.com\soundData.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\s.ytimg.com\videostats.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\s0.2mdn.net\ftLocalComms.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\s0.2mdn.net\movad.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\secure-a.vimeocdn.com\com.conviva.livePass.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\secure-us.imrworldwide.com\_ggCvar.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\secure-us.imrworldwide.com\_ggCvar_temp.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\secure-us.imrworldwide.com\_ggMCvar_1.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\secureinclude.ebaystatic.com\ebayLSO.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\secureinclude.ebaystatic.com\ebayT.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\sportstudio.zdf.de\com.conviva.livePass.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\ssl.hurra.com\restore.hurra.com.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\suche.baur.de\REGISTRY.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\suche.baur.de\sol.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\suche.universal.at\REGISTRY.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\suche.universal.at\sol.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\tools.casamundo.de\pap20.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.baur.de\REGISTRY.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.baur.de\sol.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.bvb.de\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.dailymotion.com\com.dm.player.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.dw.de\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.heine.de\REGISTRY.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.heine.de\sol.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.hyundai.de\hyundai_home_v1.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.meinbvb.de\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.paypalobjects.com\ppLsoTest.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.rama-cremefine.de\tracer_struct.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.rama-cremefine.de\unilever_cremolition.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.reyhq.com\com.jeroenwijering.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.spiegel.de\BandwidthCache.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.tripadvisor.de\TA.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.zdf.de\com.conviva.livePass.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www1.belboon.de\000018820.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\aa.online-metrix.net\fpc.swf\session.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\adventskalender.he-webpack.de\adventskalender.swf\user.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\js.adscale.de\adscale-playlist.swf\ADSCALE_VOLUME.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\js.adscale.de\flowplayer.unlimited-3.2.12.swf\org.flowplayer.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\maps-4-u.com\lso.swf\e.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\ndirect.ppro.de\vft\clickIDs.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\p1.soundcloud.com\player.swf\SCPlayer.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.traileraddict.com\player.swf\traileraddict.com.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\a.affil.io\s\af.swf\afstorage.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\a248.e.akamai.net\swf.soundcloud.com\player.swf\SCPlayer.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cachinga.tape.tv\static\embedV2-14030.swf\tapeTvStats.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.zopim.com\swf\ZClientController2.swf\ZopConfig.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\d.hawawu.com\v1\st.swf\c.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\download.hornbach.de\onlinekat\OnlineKatShell.swf\WH_0213_DE.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\heias.com\x\heias_sc.swf\heias.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\iframe.sponsorpay.com\flash\flashcookie.swf\sponsorpay.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\lads.myspace.com\videos\MSVideoPlayer.swf\preferences.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\pagead2.googlesyndication.com\pagead\imgad\movad.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.mastorage.net\ma\movadplayer.swf\Moveadplayeruid.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.helpster.de\swf\flowplayer.commercial-3.2.7.swf\org.flowplayer.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.laola1.tv\swf\hdplayer.18042013.swf\Akamai_AnalyticsMetrics_clientId.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.laola1.tv\swf\hdplayer.swf\Akamai_AnalyticsMetrics_clientId.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www2l.incredimail.com\fc\fc.swf\im.sol
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Log: [SBI $8E73A7FB]  Install: Directx.log (File, nothing done)
  C:\Windows\Directx.log
  Properties.size=29401
  Properties.md5=4385B2FBFDFB357D9B9E49B70C321FA4
  Properties.filedate=1294479101
  Properties.filedatetext=2011-01-08 11:31:41

Log: [SBI $8E73A7FB]  Install: setupact.log (File, nothing done)
  C:\Windows\setupact.log
  Properties.size=158166
  Properties.md5=353C253EEEA411971FF928D8D4024CDF
  Properties.filedate=1367433237
  Properties.filedatetext=2013-05-01 20:33:56

Log: [SBI $8E73A7FB]  Install: DtcInstall.log (File, nothing done)
  C:\Windows\DtcInstall.log
  Properties.size=3549
  Properties.md5=5433445639697F48A82BFBCC343734CA
  Properties.filedate=1294374908
  Properties.filedatetext=2011-01-07 06:35:07

7-Zip: [SBI $B0066D4E] Compressed archives history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\7-ZIP\Compression\ArcHistory

7-Zip: [SBI $0D2606FE] Extracted archives history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\7-ZIP\Extraction\PathHistory

7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\7-ZIP\FM\FolderHistory

7-Zip: [SBI $3D5692BD] Last used folder (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\7-ZIP\FM\PanelPath0

Internet Explorer: [SBI $FF589D0C] Download directory (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\Download Directory

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (70) (Browser: Cache, nothing done)
  


--- Spybot - Search & Destroy version: 2.0.12.131  DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-05-01 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
         
So OTL hat wenigstens geklappt:
Code:
ATTFilter
OTL Extras logfile created on: 5/4/2013 6:44:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dörte\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.54% Memory free
5.93 Gb Paging File | 4.05 Gb Available in Paging File | 68.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.37 Gb Total Space | 24.42 Gb Free Space | 9.68% Space Free | Partition Type: NTFS
Drive D: | 198.29 Gb Total Space | 100.08 Gb Free Space | 50.47% Space Free | Partition Type: NTFS
 
Computer Name: SAMSI | User Name: Dörte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01194C1D-292E-46F9-BAB6-E0A35DEB3751}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{028F8307-31C0-4E5B-A806-E2C2338A7C6B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0EEC0D59-EE68-490B-B5DE-2FBAA34F4329}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1710171A-6647-4D88-926D-0B779F943962}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1991CB25-24E9-4073-8AEC-CA144F953DCC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1A76A187-0697-4569-9942-586AB4859517}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25C22034-280E-485F-ADAA-BFFB0F208595}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2FB7862C-6C98-4BBD-9AFF-C5C047FAA327}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3542FEFD-A9B6-4D1E-B72A-6561E5D3D9DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{550ACDBE-76AC-4605-A107-D867DF3771E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{59168365-5F22-4AC1-A394-01DC8A80496A}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{5DFD2BF3-7B29-4BF3-904B-C183BCF38FBE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{609B6FAB-8908-4E32-A36B-A3DC83FF685F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{61D2F1F1-AF79-4E6B-9B6F-CC6242768A3B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{73D49BD8-61B5-47A5-B53F-53F16E463663}" = lport=445 | protocol=6 | dir=in | app=system | 
"{73DB40F1-BF3D-4AD7-84DE-75A9B2808600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A4EEF89-E1C1-430B-A4DC-F1C58476920D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8F69250C-6C1E-4560-ABB0-68D7ACE6BB8C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9D8E3A18-BDB1-4118-934D-975CC2ED249C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AD56E941-D9EB-4263-A82D-EA1E1C63F8D7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B2DF7E61-63B6-4795-94DF-FB2B6626980F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B924F32F-BF92-4E1E-A16E-7929B96F1AD1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D66F0F4F-6C5B-4389-9B1A-9D8C27BAF9E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D9F5E18E-3A25-4FFB-97AC-0AC94BE2FE25}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DAA7E269-7266-49FE-9099-A3FC621C2E97}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E33B5616-454E-40DF-8078-BD366719E5DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{EEBD75F7-8819-42B0-9422-E8A355E39A14}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E8FE4C-57CA-4C1F-8D9F-B6F300E3C70F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{12D73CF3-8AF9-44B1-9B21-419948D8E438}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{141BC40F-9E33-42D4-B84D-6343CAADD4BC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1D916C1B-2732-4C1A-9205-51E89BC9FFDE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1EE92CE8-1640-474B-BBED-8ADBD2463BB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{24AA9404-17B8-4E6D-82A8-07F0479B2005}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{28CF7431-403B-4865-938B-D1AE8553321D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{29EB38E5-6CB4-4C9C-AD9D-0DE53355403D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A4561A4-34CC-40AB-8AEA-F141933F9E3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F965A48-43A5-4858-814F-F121E6552444}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{341704E6-BDC6-4251-9C06-D9DB98FDDFB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{42D4C7F4-5914-4106-8284-4E70D05CEA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4DB125B5-3FB6-4222-AB4C-C5FA6D75560E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4FCDA1DE-4CB7-4661-8C29-B2C16377598F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{4FFC7C22-3D7C-4464-84CD-D6066FB6767A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{63BF550D-54CB-49E1-9921-8EAF06AF7E4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{77B17CE6-2F95-417C-9C32-2F0EF9116530}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{9C94BCB3-724D-4018-A0F1-5A4E5B884630}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A63146B7-C2BB-4E23-8D62-A5C0B047F338}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0F2EA4D-134B-49D9-8EC5-FAF983A74106}" = protocol=6 | dir=out | app=system | 
"{C7CEF5FD-6F9F-4585-9AB8-F751FAFF88C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D2CD92F2-8FA6-4CF8-A6C4-3A60941BB1D2}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{EAB5CDA9-455F-4155-A4A0-C07E5CF05087}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F36D7888-15D9-4B44-927D-F33CE5672FD7}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{F57F4C97-9995-4D31-A048-1D8FEA420475}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{AF799A05-2A41-4C4B-B7B4-1064A41895E9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{FABAF02A-8220-4C8C-AADF-0500DC481311}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.550
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.1.0
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C38D079C-950D-4F18-BF7B-CE58DE86D3BD}" = Image Resizer Powertoy Clone for Windows
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.10.305
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804
"GIMP-2_is1" = GIMP 2.8.0
"IncrediMail" = IncrediMail 2.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mein Königreich für die Prinzessin" = Mein Königreich für die Prinzessin
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Retter in der Not" = Retter in der Not
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"UseNeXT_is1" = UseNeXT
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.3.0.9
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/3/2013 10:52:20 AM | Computer Name = Samsi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16537,
 Zeitstempel: 0x512347f7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x13ce2074  ID des fehlerhaften
 Prozesses: 0x61c  Startzeit der fehlerhaften Anwendung: 0x01ce480a8ba13c44  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 0dc284cc-b401-11e2-b59e-00245423bff1
 
Error - 5/3/2013 10:52:41 AM | Computer Name = Samsi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16537,
 Zeitstempel: 0x512347f7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x13cb301a  ID des fehlerhaften
 Prozesses: 0x61c  Startzeit der fehlerhaften Anwendung: 0x01ce480a8ba13c44  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 1a954cce-b401-11e2-b59e-00245423bff1
 
Error - 5/3/2013 10:52:46 AM | Computer Name = Samsi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16537,
 Zeitstempel: 0x512347f7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x13cc9fa7  ID des fehlerhaften
 Prozesses: 0x61c  Startzeit der fehlerhaften Anwendung: 0x01ce480a8ba13c44  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 1d1fa1a2-b401-11e2-b59e-00245423bff1
 
Error - 5/3/2013 10:52:47 AM | Computer Name = Samsi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16537,
 Zeitstempel: 0x512347f7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x13cca671  ID des fehlerhaften
 Prozesses: 0x61c  Startzeit der fehlerhaften Anwendung: 0x01ce480a8ba13c44  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 1e2c2fbb-b401-11e2-b59e-00245423bff1
 
Error - 5/3/2013 10:52:50 AM | Computer Name = Samsi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16537,
 Zeitstempel: 0x512347f7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x13d070e2  ID des fehlerhaften
 Prozesses: 0x61c  Startzeit der fehlerhaften Anwendung: 0x01ce480a8ba13c44  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 1fd7bd0e-b401-11e2-b59e-00245423bff1
 
Error - 5/3/2013 11:17:20 AM | Computer Name = Samsi | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16537 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1bc8    Startzeit: 01ce480f9010cab4    Endzeit: 250    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 5/3/2013 11:40:33 AM | Computer Name = Samsi | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 13.6.0.986 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1488    Startzeit:
 01ce4809ead15fa7    Endzeit: 60000    Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe

Berichts-ID:
 9ffff7e7-b407-11e2-b59e-00245423bff1  
 
Error - 5/3/2013 12:03:24 PM | Computer Name = Samsi | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 13.6.0.986 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13ac    Startzeit:
 01ce4815c63a06dd    Endzeit: 60000    Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe

Berichts-ID:
 d15d1e87-b40a-11e2-a4cd-00245423bff1  
 
Error - 5/4/2013 8:08:07 AM | Computer Name = Samsi | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/04 14:08:07.632]: [00003536]: SendSKeySettingToDevice::
 Snmp Load Error[0] To[192.168.178.20]  
 
Error - 5/4/2013 10:21:21 AM | Computer Name = Samsi | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 13.6.0.986 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 16cc    Startzeit:
 01ce48a188d88e36    Endzeit: 60000    Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe

Berichts-ID:
 ba04bc23-b4c5-11e2-b9ea-00245423bff1  
 
[ Media Center Events ]
Error - 12/2/2009 5:20:20 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 6:20:15 PM - Error connecting to the internet.  6:20:15 PM -     Unable
 to contact server..  
 
Error - 12/2/2009 6:22:12 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 7:22:11 PM - Error connecting to the internet.  7:22:12 PM -     Unable
 to contact server..  
 
Error - 12/2/2009 6:22:22 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 7:22:17 PM - Error connecting to the internet.  7:22:17 PM -     Unable
 to contact server..  
 
Error - 12/3/2009 3:52:35 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 4:52:35 PM - Error connecting to the internet.  4:52:35 PM -     Unable
 to contact server..  
 
Error - 12/3/2009 3:52:45 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 4:52:40 PM - Error connecting to the internet.  4:52:40 PM -     Unable
 to contact server..  
 
Error - 12/3/2009 7:44:47 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 8:44:47 PM - Error connecting to the internet.  8:44:47 PM -     Unable
 to contact server..  
 
Error - 12/3/2009 7:44:57 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 8:44:52 PM - Error connecting to the internet.  8:44:52 PM -     Unable
 to contact server..  
 
Error - 12/17/2009 7:32:56 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 8:32:55 PM - Error connecting to the internet.  8:32:55 PM -     Unable
 to contact server..  
 
Error - 12/17/2009 7:33:05 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 8:33:01 PM - Error connecting to the internet.  8:33:01 PM -     Unable
 to contact server..  
 
Error - 1/6/2011 8:28:26 PM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 9:28:23 AM - Fehler beim Herstellen der Internetverbindung.  9:28:23
 AM -     Serververbindung konnte nicht hergestellt werden..  
 
[ Spybot - Search and Destroy Events ]
Error - 5/1/2013 3:46:47 PM | Computer Name = Samsi | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 5/1/2013 4:58:49 PM | Computer Name = Samsi | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 5/2/2013 11:20:52 AM | Computer Name = Samsi | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 5/1/2013 3:29:02 PM | Computer Name = Samsi | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 5/1/2013 3:29:02 PM | Computer Name = Samsi | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 5/1/2013 4:27:07 PM | Computer Name = Samsi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 5/1/2013 4:27:09 PM | Computer Name = Samsi | Source = DCOM | ID = 10005
Description = 
 
Error - 5/1/2013 4:27:09 PM | Computer Name = Samsi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 5/1/2013 5:03:07 PM | Computer Name = Samsi | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 5/2/2013 10:37:41 AM | Computer Name = Samsi | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 5/3/2013 11:54:02 AM | Computer Name = Samsi | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 5/4/2013 11:08:52 AM | Computer Name = Samsi | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 5/4/2013 11:08:52 AM | Computer Name = Samsi | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 5/4/2013 6:44:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dörte\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.54% Memory free
5.93 Gb Paging File | 4.05 Gb Available in Paging File | 68.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.37 Gb Total Space | 24.42 Gb Free Space | 9.68% Space Free | Partition Type: NTFS
Drive D: | 198.29 Gb Total Space | 100.08 Gb Free Space | 50.47% Space Free | Partition Type: NTFS
 
Computer Name: SAMSI | User Name: Dörte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dörte\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\KMService.exe ()
PRC - C:\Programme\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Programme\Join Air\AssistantServices.exe ()
PRC - C:\Programme\Join Air\UIExec.exe ()
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\srvany.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\IncrediMail\Bin\PMC.dll ()
MOD - C:\Programme\Join Air\UIExec.exe ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (IB Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UI Assistant Service) -- C:\Programme\Join Air\AssistantServices.exe ()
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vtxv) -- C:\Windows\System32\drivers\ehqaprvk.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?t=0
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.10
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/12/05 16:32:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 22:32:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/12/29 19:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dörte\AppData\Roaming\mozilla\Extensions
[2013/01/11 18:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dörte\AppData\Roaming\mozilla\Firefox\Profiles\lbyul6ij.default\extensions
[2013/01/11 18:56:57 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Dörte\AppData\Roaming\mozilla\firefox\profiles\lbyul6ij.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/09/04 17:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\DöRTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LBYUL6IJ.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
[2011/11/23 22:32:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/23 22:32:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/23 22:32:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 22:32:14 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/23 22:32:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/23 22:32:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/23 22:32:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} hxxp://remote.virtech.nl:81/goglobal/plugins/gg-activex.cab (GO-Global 4)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E546E9A-A665-4AB0-9826-F061E48BF8E2}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{60497fad-2eb3-11e0-83aa-00245423bff1}\Shell - "" = AutoRun
O33 - MountPoints2\{60497fad-2eb3-11e0-83aa-00245423bff1}\Shell\AutoRun\command - "" = F:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/04 18:40:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dörte\Desktop\OTL.exe
[2013/05/04 11:21:06 | 000,000,000 | ---D | C] -- C:\Users\Dörte\AppData\Roaming\Malwarebytes
[2013/05/04 11:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/04 11:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/04 11:17:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/05/04 11:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/01 23:03:46 | 000,000,000 | ---D | C] -- C:\Users\Dörte\Documents\ProcAlyzer Dumps
[2013/05/01 21:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/01 21:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/01 21:15:08 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\windows\System32\sdnclean.exe
[2013/05/01 21:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/05/01 21:14:25 | 000,000,000 | ---D | C] -- C:\Users\Dörte\AppData\Local\Programs
[2013/04/29 21:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/04 18:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dörte\Desktop\OTL.exe
[2013/05/04 18:37:12 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\ehqaprvk.sys
[2013/05/04 18:17:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/04 10:28:24 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/04 10:28:24 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/04 10:19:55 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/04 10:19:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/04 10:19:36 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/02 21:06:15 | 006,533,375 | ---- | M] () -- C:\Users\Dörte\Desktop\BRO07_13_Diva_Mittelmeer_15_17.pdf
[2013/04/30 18:48:44 | 000,711,706 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/04/30 18:48:44 | 000,663,286 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/04/30 18:48:44 | 000,154,102 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/04/30 18:48:44 | 000,124,480 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/04/10 16:51:35 | 000,414,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/05/04 18:37:12 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\ehqaprvk.sys
[2013/05/02 21:06:14 | 006,533,375 | ---- | C] () -- C:\Users\Dörte\Desktop\BRO07_13_Diva_Mittelmeer_15_17.pdf
[2013/05/01 21:15:14 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/09/11 17:35:04 | 000,183,040 | ---- | C] () -- C:\windows\PI.EXE
[2011/11/14 18:45:38 | 000,026,624 | ---- | C] () -- C:\windows\System32\spd__l.dll
[2011/11/14 18:45:37 | 000,283,136 | ---- | C] () -- C:\windows\System32\DscPnt.dll
[2011/11/14 18:45:37 | 000,259,888 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/11/14 18:45:37 | 000,151,552 | ---- | C] () -- C:\windows\System32\spd__ci.exe
[2011/06/23 00:05:55 | 000,077,824 | ---- | C] () -- C:\windows\KMService.exe
[2011/06/23 00:05:55 | 000,008,192 | ---- | C] () -- C:\windows\System32\srvany.exe
[2011/03/26 00:50:01 | 000,005,120 | ---- | C] () -- C:\Users\Dörte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/03 14:47:01 | 000,013,540 | ---- | C] () -- C:\Users\Dörte\AppData\Local\slot1.mm1
[2011/01/08 11:17:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/01/01 23:10:27 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\AlawarEntertainment
[2011/05/25 19:40:00 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\aliasworlds
[2012/04/10 10:02:19 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Ashampoo
[2011/05/26 14:24:57 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\BlamGames
[2012/10/24 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Boolat Games
[2013/01/14 21:58:35 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Boomzap
[2013/01/04 21:33:40 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\casualArts
[2011/11/21 21:00:48 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\cerasus.media
[2012/01/03 21:51:07 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\CupcakeCafe
[2011/08/15 17:51:08 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\DVDVideoSoft
[2011/08/15 17:51:00 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/07/29 13:32:04 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\ERS G-Studio
[2011/09/23 10:53:14 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Farm Mania 2.1
[2011/10/07 21:38:15 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Friday's games
[2012/05/06 13:30:38 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\iWin
[2011/12/31 15:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Jane s Hotel
[2011/03/02 12:58:44 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\MysteriousCaseOfJekyllAndHyde
[2011/11/18 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Oberon Games
[2012/04/11 13:19:30 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Peace Craft
[2011/12/21 23:46:41 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\PetShowCraze
[2012/05/12 14:14:22 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\PlayFirst
[2011/09/20 21:07:24 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\playmink
[2013/01/26 11:24:22 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\UseNeXT
[2011/03/20 15:40:29 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:9ACB70D7
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:EA701346
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D2397415
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:43E95997
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:1709732A
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:969C0C96
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:538B96B5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:1A4BF204

< End of report >
         

Ich hoffe Ihr könnt mir helfen. Ich bin totaler Laie und habe keine Ahnung was genau los ist.

Viele Grüße und vielen Dank

Geändert von DJ5 (04.05.2013 um 19:11 Uhr)

Alt 06.05.2013, 10:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virenprogramme hängen sich auf, Incredibar wurde angezeigt - Standard

Virenprogramme hängen sich auf, Incredibar wurde angezeigt



Zitat:
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart.
Office-Crack!

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________

__________________

Alt 07.05.2013, 17:06   #3
DJ5
 
Virenprogramme hängen sich auf, Incredibar wurde angezeigt - Standard

Virenprogramme hängen sich auf, Incredibar wurde angezeigt



Hallo,

ich habe überhaupt keinen Plan was ein Crack überhaupt ist. Ich habe den Laptop so von einem Freund bekommen. Wie werde ich das denn wieder los??? Ich möchte wirklich nichts mit illegalen Sachen zu tun haben!!! Ich kann natürlich verstehen, wenn Ihr mir nun nicht mehr helfen wollt, aber ich habe null Ahnung von Computern und deswegen habe ich ja um Hilfe gebeten. Von den ganzen Fachsachen (Cracks, Keysgen) weiß ich gar nichts!
__________________

Alt 07.05.2013, 20:42   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virenprogramme hängen sich auf, Incredibar wurde angezeigt - Standard

Virenprogramme hängen sich auf, Incredibar wurde angezeigt



Steht da klar und deutlich => Neuinstallation von Windows
Wir bereinigen keine crackverseuchten Rechner
Fragen zur Neuinstallation und vorheriger Datensicherung werden noch beantwortet
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Virenprogramme hängen sich auf, Incredibar wurde angezeigt
.com, administrator, antivirus, autostart, browser, computer, dateien, explorer, explorer.exe, flash player, helper.exe, home, hängen, hängt, install.exe, installation, internet, log, löschen, malwarebytes, microsoft, microsoft office 2003, programme, regedit, registry, registry key, safer networking, scan, software, taskhost.exe, usenext, user agent, windows



Ähnliche Themen: Virenprogramme hängen sich auf, Incredibar wurde angezeigt


  1. Virenprogramme installieren sich von alleine, minütlich..
    Log-Analyse und Auswertung - 15.10.2015 (15)
  2. Virus infiziert mehrere Systeme, verbreitet sich scheinbar auch übers Netzwerk. Virenprogramme "blind"
    Log-Analyse und Auswertung - 04.03.2015 (17)
  3. Mein PC ist langsam und die Programme hängen sich auf.
    Log-Analyse und Auswertung - 07.11.2014 (9)
  4. Virenprogramme lassen sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (3)
  5. Virenprogramme lassen sich nicht mehr installieren
    Log-Analyse und Auswertung - 06.11.2012 (7)
  6. Virenprogramme lassen sich nicht mehr starten!
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (17)
  7. Virenprogramme lassen sich nicht mehr starten
    Antiviren-, Firewall- und andere Schutzprogramme - 18.09.2012 (3)
  8. Windows wurde gesperrt und mir wird eine Zahlungsaufforderung angezeigt
    Log-Analyse und Auswertung - 17.02.2012 (12)
  9. Prozesse lassen sich nicht beenden, Malwarebytes und HouseCall hängen sich auf
    Plagegeister aller Art und deren Bekämpfung - 26.08.2011 (4)
  10. Spybot+Firefox hängen sich auf / Windows Security Alert lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (15)
  11. Virenscans hängen sich auf, verseuchter PC?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2010 (6)
  12. Keine im Sinne von KEINE Virenprogramme lassen sich installieren
    Plagegeister aller Art und deren Bekämpfung - 19.01.2010 (1)
  13. Virenprogramme und taskmanager lassen sich nicht öffnen
    Log-Analyse und Auswertung - 23.10.2009 (1)
  14. Browser hängen sich in Verbindung mit Java auf
    Alles rund um Windows - 05.02.2009 (4)
  15. Programme langsam/hängen sich auf
    Plagegeister aller Art und deren Bekämpfung - 15.10.2006 (3)
  16. Programme und Computer hängen sich auf
    Log-Analyse und Auswertung - 22.08.2005 (2)
  17. Winmngr. exe wurde angezeigt ! Was ist das denn ?
    Plagegeister aller Art und deren Bekämpfung - 01.06.2004 (6)

Zum Thema Virenprogramme hängen sich auf, Incredibar wurde angezeigt - Hallo, mein Antivirus hängt sich immer auf ( bei ca. 4 %) und zwar immer bei der gleichen Datei: c:\users\dörte\appdata\local\microsoft\windows\temporary Internet files\...\utm[3].gif. Dann habe ich versucht einen Scan mit Malwarebytes - Virenprogramme hängen sich auf, Incredibar wurde angezeigt...
Archiv
Du betrachtest: Virenprogramme hängen sich auf, Incredibar wurde angezeigt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.