Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundespolizei/Ukash/Ihr Computer wurde gesperrt (https://www.trojaner-board.de/122250-bundespolizei-ukash-computer-wurde-gesperrt.html)

Lacrimosa 16.08.2012 14:27
Bundespolizei/Ukash/Ihr Computer wurde gesperrt
 
Hallöchen =)

Mein Netbook hat sich nun auch einen Trojaner eingefangen und zwar diesen hübschen hier: http://www.trojaner-board.de/116052-...-gesperrt.html

Habe mein Netbook im abgesicherten Modus (natürlich ohne Internetverbindung) gestartet und habe einen OTL-Scan gemacht. Hier das Ergebnis:OTL Logfile:
Code:
OTL logfile created on: 16.08.2012 15:16:15 - Run 1
OTL by OldTimer - Version 3.2.57.0    Folder = C:\Users\Elena\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,91% Memory free
3,98 Gb Paging File | 3,62 Gb Available in Paging File | 90,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 65,74 Gb Free Space | 65,74% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 93,42 Gb Free Space | 79,26% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
 
Computer Name: ELENA-PC | User Name: Elena | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Elena\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (injectDLL) -- C:\Users\Elena\Desktop\angelbot neu\M2Fish 3.0.8\Injector 32 bit\injectDLL.sys File not found
DRV - (EagleNT) -- C:\windows\system32\drivers\EagleNT.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.icq.com/hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.studivz.net/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.10 23:28:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2012.04.30 16:28:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 10:58:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 11:56:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 10:58:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 11:56:44 | 000,000,000 | ---D | M]
 
[2010.12.20 23:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\Extensions
[2012.08.03 23:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\spgkiqy1.default\extensions
[2012.07.25 18:56:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\spgkiqy1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.15 15:07:02 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\spgkiqy1.default\extensions\ich@maltegoetz.de
[2011.03.13 20:12:31 | 000,002,059 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\daemon-search.xml
[2012.08.06 11:31:10 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-1.xml
[2012.05.16 20:20:06 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-10.xml
[2012.06.08 09:33:45 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-11.xml
[2012.06.16 23:49:14 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-12.xml
[2012.07.18 10:58:42 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-13.xml
[2011.08.21 11:48:46 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-2.xml
[2011.09.16 19:37:42 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-3.xml
[2011.10.12 15:55:26 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-4.xml
[2011.11.26 22:46:41 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-5.xml
[2012.01.19 19:54:45 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-6.xml
[2012.02.12 00:19:52 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-7.xml
[2012.02.17 21:47:12 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-8.xml
[2012.04.03 02:09:36 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin-9.xml
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin.gif
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin.src
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\icqplugin.xml
[2011.04.13 21:45:22 | 000,003,915 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\SweetIM Search.xml
[2012.06.11 20:24:52 | 000,003,915 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\spgkiqy1.default\searchplugins\sweetim.xml
[2012.06.08 09:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.06.11 20:24:50 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\ELENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SPGKIQY1.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.07.18 10:58:31 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.02.12 00:19:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 00:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 00:19:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 00:19:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 00:19:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 00:19:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002..\Run: [sjccyvwzhliyasd] C:\ProgramData\sjccyvwz.exe (Adtron)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84037F54-53A0-4069-A828-7E326FF01055}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{408ada5b-92d0-11e1-b2e4-20cf307c3df6}\Shell - "" = AutoRun
O33 - MountPoints2\{408ada5b-92d0-11e1-b2e4-20cf307c3df6}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{408adae5-92d0-11e1-b2e4-20cf307c3df6}\Shell - "" = AutoRun
O33 - MountPoints2\{408adae5-92d0-11e1-b2e4-20cf307c3df6}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{88b8f0ac-54a7-11e0-885e-20cf307c3df6}\Shell - "" = AutoRun
O33 - MountPoints2\{88b8f0ac-54a7-11e0-885e-20cf307c3df6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2030.01.02 02:20:38 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.08.16 15:07:37 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe
[2012.08.14 02:16:50 | 000,087,552 | ---- | C] (Adtron) -- C:\ProgramData\sjccyvwz.exe
[2012.08.14 02:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\pwmeqqethydzpce
[2012.08.14 02:16:44 | 000,087,552 | ---- | C] (Adtron) -- C:\Users\Elena\0.25650089651604313.exe
[2012.08.03 21:52:40 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Canon
[2012.08.03 21:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
[2012.08.03 21:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012.08.03 21:48:19 | 000,000,000 | ---D | C] -- C:\Disk4
[2012.08.03 21:48:19 | 000,000,000 | ---D | C] -- C:\Disk3
[2012.08.03 21:48:19 | 000,000,000 | ---D | C] -- C:\Disk2
[2012.08.03 21:48:19 | 000,000,000 | ---D | C] -- C:\Disk1
[2012.08.03 21:23:12 | 000,389,180 | ---- | C] (Canon) -- C:\windows\System32\UCS32P.DLL
[2012.08.03 21:23:12 | 000,339,968 | ---- | C] (CANON INC.) -- C:\windows\System32\N067UFW.DLL
[2012.08.03 21:23:12 | 000,036,864 | ---- | C] (CANON INC.) -- C:\windows\System32\CNQU70.DLL
[2012.08.03 21:23:12 | 000,000,000 | -H-D | C] -- C:\CanoScan
[2012.07.21 12:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.21 12:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.21 10:49:09 | 000,000,000 | R--D | C] -- C:\Users\Elena\Desktop\Schweinchen
[2012.07.21 10:37:04 | 000,000,000 | R--D | C] -- C:\Users\Elena\Desktop\Kram
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.16 15:05:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.08.16 15:05:11 | 1602,740,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.16 14:47:28 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 14:47:28 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 14:46:33 | 000,663,842 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.08.16 14:46:33 | 000,624,292 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.08.16 14:46:33 | 000,135,078 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.08.16 14:46:33 | 000,110,276 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.08.14 10:44:44 | 000,302,592 | ---- | M] () -- C:\Users\Elena\Desktop\l862ynlh.exe
[2012.08.14 10:42:48 | 000,050,477 | ---- | M] () -- C:\Users\Elena\Desktop\Defogger.exe
[2012.08.14 10:26:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe
[2012.08.14 10:19:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.08.14 02:16:50 | 000,000,051 | ---- | M] () -- C:\ProgramData\masbzrcgxlqympi
[2012.08.14 02:16:45 | 000,087,552 | ---- | M] (Adtron) -- C:\ProgramData\sjccyvwz.exe
[2012.08.14 02:16:45 | 000,087,552 | ---- | M] (Adtron) -- C:\Users\Elena\0.25650089651604313.exe
[2012.08.09 19:18:47 | 000,015,619 | ---- | M] () -- C:\Users\Elena\Desktop\432147_457912780908840_448738635_n.jpg
[2012.08.09 19:18:27 | 000,074,500 | ---- | M] () -- C:\Users\Elena\Desktop\557508_10151142013267628_1783316133_n.jpg
[2012.08.08 21:42:20 | 000,061,926 | ---- | M] () -- C:\Users\Elena\Desktop\292373_391376827583628_2135448850_n.jpg
[2012.08.06 00:58:18 | 000,045,019 | ---- | M] () -- C:\Users\Elena\Desktop\315056_10150303505562654_745888765_n.jpg
[2012.08.05 21:12:44 | 000,017,586 | ---- | M] () -- C:\Users\Elena\Desktop\577394_307266689349421_473328407_n.jpg
[2012.08.03 11:19:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.08.03 11:19:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.07.21 12:03:56 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2030.01.02 02:20:39 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2012.08.16 15:07:37 | 000,302,592 | ---- | C] () -- C:\Users\Elena\Desktop\l862ynlh.exe
[2012.08.16 15:07:37 | 000,050,477 | ---- | C] () -- C:\Users\Elena\Desktop\Defogger.exe
[2012.08.14 02:16:46 | 000,000,051 | ---- | C] () -- C:\ProgramData\masbzrcgxlqympi
[2012.08.09 19:18:47 | 000,015,619 | ---- | C] () -- C:\Users\Elena\Desktop\432147_457912780908840_448738635_n.jpg
[2012.08.09 19:18:27 | 000,074,500 | ---- | C] () -- C:\Users\Elena\Desktop\557508_10151142013267628_1783316133_n.jpg
[2012.08.08 21:42:20 | 000,061,926 | ---- | C] () -- C:\Users\Elena\Desktop\292373_391376827583628_2135448850_n.jpg
[2012.08.06 00:58:18 | 000,045,019 | ---- | C] () -- C:\Users\Elena\Desktop\315056_10150303505562654_745888765_n.jpg
[2012.08.05 21:12:44 | 000,017,586 | ---- | C] () -- C:\Users\Elena\Desktop\577394_307266689349421_473328407_n.jpg
[2012.07.21 12:03:56 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.15 06:39:42 | 000,042,392 | ---- | C] () -- C:\windows\System32\xfcodec.dll
[2010.12.22 10:48:29 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2010.12.20 23:35:11 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2010.12.20 23:34:00 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010.12.20 23:22:17 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010.12.20 23:22:17 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010.12.20 23:21:32 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010.12.20 23:21:32 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010.09.16 02:28:20 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010.09.16 02:21:47 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010.09.16 02:21:47 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010.09.16 02:18:52 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.09.16 02:17:06 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010.09.16 02:16:17 | 000,000,574 | ---- | C] () -- C:\windows\Reboot.ini
[2010.09.16 02:09:58 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

< End of report >
--- --- ---


Was muss ich jetzt tun?
Bitte beachtet bei den Antworten, dass ich absolut keine Ahnung von sowas habe :D

LG, Lacrimosa

Achso, oben das war OTL.Txt und hier Extras.Txt :OTL EXTRAS Logfile:
OTL Logfile:
Code:
OTL Extras logfile created on: 16.08.2012 15:16:15 - Run 1
OTL by OldTimer - Version 3.2.57.0    Folder = C:\Users\Elena\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,91% Memory free
3,98 Gb Paging File | 3,62 Gb Available in Paging File | 90,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 65,74 Gb Free Space | 65,74% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 93,42 Gb Free Space | 79,26% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
 
Computer Name: ELENA-PC | User Name: Elena | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2919651990-3594783465-1128115961-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03449654-20EA-46D1-82E4-AEF607FF3DCC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{06803A08-C289-42D3-AC51-866B36547E8C}" = rport=138 | protocol=17 | dir=out | app=system |
"{32D0C69C-6879-468C-802C-B29987E832F5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{368CC794-C576-4B1C-B0C5-6ED274F63B3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39A67CA5-442A-4F4E-B897-CA6109A63597}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A5CBECE-97BC-4247-9E5D-27A1C0F58B1B}" = lport=137 | protocol=17 | dir=in | app=system |
"{4F42C188-E0C0-4197-8F71-D560C3FCAF4F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5199829E-EF76-4102-A9BD-3BBF9814ABDE}" = lport=445 | protocol=6 | dir=in | app=system |
"{5745EA55-4788-4DCF-9017-C140790C0635}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5AF56509-91E6-4B86-9C30-A3A88F4A743E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7342FEC8-07B3-4618-802D-39645A2A07CE}" = lport=138 | protocol=17 | dir=in | app=system |
"{823A5785-A4A8-440C-8C69-20E4A205F972}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{876BFD5C-25E4-40C0-9232-AFC82F8684E3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9ECCD798-6E5C-4F07-8564-EF7D3500328F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FC558F5-A337-4876-8806-1BE29ACE937D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3399768-3783-481A-ACBB-A1992AB73EF5}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE7FF521-2AC9-43C8-ADA1-C52BE0590046}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C1E635CA-0164-4D5E-93B6-85FA9B15745D}" = lport=139 | protocol=6 | dir=in | app=system |
"{C8F1FF82-3760-4E25-B96E-3D8AA53AF490}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CA8B90FD-FEBC-49BC-BB1D-64AE391339E8}" = rport=139 | protocol=6 | dir=out | app=system |
"{E28D86C2-6131-4059-8D54-AC06D998164C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4779315-6909-4E4D-8139-C147BDE06A60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFF43FF6-442B-426A-92A1-545BAD8E115B}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7DADCD7-88FF-4B2D-98E8-3ED6CF7403B6}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{F9FA4F50-07D6-4CCF-89E5-175C35E127E2}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E7635A-F619-490B-B3E7-DD6D028AEE7A}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{192AC5B6-EF34-4C9B-9986-9621826785C7}" = protocol=6 | dir=in | app=c:\program files\ptc\productview express\i486_nt\obj\productview.exe |
"{1B968E90-91A4-4B32-B7AE-42DC8916396C}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{2163C05F-66D2-40DF-A958-8B967E984B12}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2C524652-BF92-448B-9770-712CB63BBBBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DBFFB59-4D5F-4854-B7AD-194D4C244DB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{357ADC9B-1504-42F0-872C-309AB6A194E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42540635-AAF2-441C-8653-962A3CB4D4BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{48375AD3-7F80-46A2-9F02-CDBBF8A99E5D}" = protocol=6 | dir=in | app=c:\users\elena\downloads\sweetimsetup.exe |
"{4DD5B8C2-5CDC-4832-9270-602811B19D85}" = protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe |
"{4F77AB53-DEEB-4BA6-9420-BD7ABB4C41A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6336ED9C-0D1F-459B-8617-4AEDAD0F330B}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{69CB9F1B-A802-4563-B4E9-FA5FF392F837}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{734799C7-D489-4F96-9689-86C9447E6AFB}" = protocol=17 | dir=in | app=c:\program files\ptc\productview express\i486_nt\obj\productview.exe |
"{7D075CC7-89F7-4548-AA0E-0164F8FE1C85}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{7FEF3270-E859-4A0C-90F8-B53C49198422}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A7AD3A8-9C68-41B0-921B-2425D89FCD12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A094E590-B832-4263-AB5C-A40A8DEF4DD7}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A1FEA864-5215-4B4E-859B-F7ADB8879D3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ADCAD6EF-C22E-4E38-8DE1-5641A67D91C8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCF5AF1C-3DA6-4434-B154-1080008C334B}" = protocol=17 | dir=in | app=c:\users\elena\downloads\sweetimsetup.exe |
"{BD889263-3E36-4742-881A-AA1F886A7EAB}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{C14547B5-0F63-4041-9B09-4E630429A291}" = protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe |
"{C8969D44-AA36-4C83-AB29-C4155C8D965E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC5526AA-7E99-427B-A112-BF5AD16FEB33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7B7DF9B-C391-4073-BBD0-24DF120DAE49}" = protocol=6 | dir=out | app=system |
"{D93F5FFE-6DD1-477A-A690-2EBF856C6CD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF226CAC-A7EA-4C31-8B6B-B6B4E39B195F}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{E70655E2-06F1-4903-8723-07C0E702CEB9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F179AA10-DDCF-42A6-A895-52108F1E6F00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F5B0BAEF-DAA8-4B79-B085-292728A9C84A}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"TCP Query User{069F5F03-A8F8-43CA-BE0C-B12FE43BBD23}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{0FC5097C-1416-41F1-BA1B-02553EA4D0BF}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{2453DAAE-F94F-4F5B-BA5C-F71E59D0DF2F}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe |
"TCP Query User{2D2C1A9F-720E-466F-9CCD-A11F1B743699}D:\pro-e\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=d:\pro-e\i486_nt\obj\pro_comm_msg.exe |
"TCP Query User{38D52B7D-004A-44F5-B72C-837C661BBADF}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe |
"TCP Query User{3A61979B-FD6B-4229-B9A7-190C19568B95}D:\pro-e\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=d:\pro-e\i486_nt\obj\xtop.exe |
"TCP Query User{4709C794-0415-4D66-9D6E-0F60BFFF5B7F}D:\pro-e\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=d:\pro-e\i486_nt\nms\nmsd.exe |
"TCP Query User{6EC132E1-E400-41A4-A292-01D5EB957072}D:\metin2 angeln\metin2client.bin" = protocol=6 | dir=in | app=d:\metin2 angeln\metin2client.bin |
"TCP Query User{971BCA6B-500A-4FE4-995B-5F08E206D820}D:\pro-e\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=d:\pro-e\i486_nt\obj\xtop.exe |
"TCP Query User{9F873A38-F64E-4809-AB1A-294A51BFA391}C:\program files\metin2\metin2.exe" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.exe |
"TCP Query User{B3B801CB-D1B6-403D-A6B4-7C9AB60BD9F6}D:\metin2 angeln\metin2client.bin" = protocol=6 | dir=in | app=d:\metin2 angeln\metin2client.bin |
"TCP Query User{B55D9EC9-105F-4E74-96B5-0E5A05BEDB27}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{B848ECAA-3762-4215-8E6B-5C57F6795ABD}D:\pro-e\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=d:\pro-e\i486_nt\nms\nmsd.exe |
"TCP Query User{CAA95874-A95B-4113-B020-67153AE00BA2}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{E1340E79-E5BD-4D78-B322-A2F318D0F462}D:\pro-e\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=d:\pro-e\i486_nt\obj\pro_comm_msg.exe |
"TCP Query User{E2A7A4F6-8DCC-4748-8CD4-0D1E69C0DBF2}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{15687D0E-9D09-438F-A894-298D0700C999}D:\metin2 angeln\metin2client.bin" = protocol=17 | dir=in | app=d:\metin2 angeln\metin2client.bin |
"UDP Query User{340F18F7-FE69-4D21-9256-00236AA30C9F}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{5C38FFEA-7A12-4399-9781-E16F2635F844}D:\pro-e\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=d:\pro-e\i486_nt\nms\nmsd.exe |
"UDP Query User{7A99BA01-14E3-4EEE-8D0C-43A2DEFD9820}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{823C8883-C31A-4125-9B03-B1589E9326E9}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{85D7EAFD-C61A-476A-9889-1ED8561165E9}D:\pro-e\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=d:\pro-e\i486_nt\obj\xtop.exe |
"UDP Query User{97F49152-A947-4A44-9C85-BB8635D0DC91}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{9EABEA0F-6539-4EC6-8763-F9D53C13F745}D:\pro-e\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=d:\pro-e\i486_nt\obj\pro_comm_msg.exe |
"UDP Query User{A661CD18-3028-40FA-A58F-386999D656A8}D:\pro-e\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=d:\pro-e\i486_nt\obj\pro_comm_msg.exe |
"UDP Query User{AAF609A2-CEB2-47FD-B247-73AE632A1E89}D:\pro-e\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=d:\pro-e\i486_nt\obj\xtop.exe |
"UDP Query User{B70D4E95-9492-40C7-B881-944589A7E31A}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{C72B9A74-FEB6-4C8F-BBA3-BFA1C06BB6F2}C:\program files\metin2\metin2.exe" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.exe |
"UDP Query User{CD365488-1332-4DBE-89D2-DB7FF11D61D6}D:\pro-e\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=d:\pro-e\i486_nt\nms\nmsd.exe |
"UDP Query User{DB93B6AC-D9EC-4CA8-B557-F1CD12975F43}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe |
"UDP Query User{DBB95FDA-3254-4910-8D64-C22985BB677E}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe |
"UDP Query User{FD456C8D-D5DD-40EF-81CB-1281C31D7BAF}D:\metin2 angeln\metin2client.bin" = protocol=17 | dir=in | app=d:\metin2 angeln\metin2client.bin |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA.Updatus" = NVIDIA Updatus
"OOBERegBackup_is1" = OOBERegBackup
"Picasa 3" = Picasa 3
"ScreenSaverPatch_is1" = ScreenSaverPatch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Xfire" = Xfire (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2919651990-3594783465-1128115961-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.08.2012 09:41:11 | Computer Name = Elena-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 03.08.2012 14:37:27 | Computer Name = Elena-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 03.08.2012 15:50:13 | Computer Name = Elena-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 03.08.2012 21:56:22 | Computer Name = Elena-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
 
Error - 04.08.2012 06:53:54 | Computer Name = Elena-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 04.08.2012 11:24:33 | Computer Name = Elena-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 04.08.2012 22:39:14 | Computer Name = Elena-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 05.08.2012 14:48:22 | Computer Name = Elena-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 05.08.2012 14:58:21 | Computer Name = Elena-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 06.08.2012 05:27:44 | Computer Name = Elena-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 16.08.2012 09:06:17 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 16.08.2012 09:06:18 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 16.08.2012 09:06:18 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 16.08.2012 09:06:18 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 16.08.2012 09:06:18 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 16.08.2012 09:06:18 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 16.08.2012 09:06:18 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 16.08.2012 09:06:18 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 16.08.2012 09:06:24 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 16.08.2012 09:08:03 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
--- --- ---

--- --- ---

markusg 16.08.2012 18:52
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKU\S-1-5-21-2919651990-3594783465-1128115961-1002..\Run: [sjccyvwzhliyasd] C:\ProgramData\sjccyvwz.exe (Adtron)
[2012.08.14 02:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\pwmeqqethydzpce
[2012.08.14 02:16:44 | 000,087,552 | ---- | C] (Adtron) -- C:\Users\Elena\0.25650089651604313.exe
 :Files
C:\ProgramData\sjccyvwz.exe
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Lacrimosa 16.08.2012 20:57
Danke schonmal :)
Ich habe nun in den normalen Modus gestartet, aber eine Textdatei kann ich nicht finden :confused:

Upload hat aber funktioniert ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:27 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131