Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 (https://www.trojaner-board.de/127987-trojaner-trojan-lameshield-trojan-agent-fsa34.html)

cosinus 09.01.2013 10:44
Bitte mal den aktuellen adwCleaner 2.105 runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

sara91 09.01.2013 23:39
hier ist die log-datei der neuen version des adw cleaners:

Code:
OTL Extras logfile created on: 08.01.2013 00:22:14 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Sara\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 35,71% Memory free
5,49 Gb Paging File | 3,37 Gb Available in Paging File | 61,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 0,04 Gb Free Space | 0,15% Space Free | Partition Type: NTFS
Drive D: | 202,12 Gb Total Space | 5,12 Gb Free Space | 2,53% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5972C7EF-A198-44D3-9582-958E344AAB37}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{709A6FC5-7FD4-4375-9D2F-84C5A1A63E17}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{82F7A8E9-8BC2-421E-A543-AE20EFD92E43}D:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{2A856DD4-9864-4A5C-B8C6-5C22E6FF4191}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{322E4640-D753-4773-8B70-0672F3BFC397}D:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{53BBB37E-01D7-431F-946B-EAB6B15D6F2B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00659A90-8645-C0C1-FA31-2AA63016E48A}" = CCC Help Chinese Standard
"{0681606A-13CD-4365-9B19-684B577FA9E9}_is1" = TreeView 1.6.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ABA6238-1A62-FFC6-9ACC-4DB9FEFB6A6E}" = CCC Help Spanish
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1966341E-0539-4698-ADEA-278A91CFCCC8}" = NIS-Elements Viewer 4.0 (build 770)
"{1F4FC05D-DEE6-AD4C-5CC6-31D642343F09}" = AMD Fuel
"{25E6D9E3-3CA4-D2CF-6F18-9A08C4FF2885}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{36C36970-394C-40C4-E11B-7CF635AFB989}" = CCC Help Hungarian
"{37AB6736-3C58-B2AD-9232-BBCF074F9A9C}" = Catalyst Control Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FAF398F-CCD0-AC9F-2345-A473D1AE077B}" = CCC Help Chinese Traditional
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEBF3CF-1119-3902-4D37-A9274DDB54E1}" = CCC Help Danish
"{4F3A978C-35D6-8FDF-4D00-50F5D659D3BB}" = CCC Help German
"{4FD59143-0B17-CCC6-CEFD-C745955A70C7}" = CCC Help Korean
"{528EE462-2993-51F9-9F68-7C9F9BD7DCC3}" = CCC Help Italian
"{60C5FF36-67E1-6B1D-781F-579C30BE41AA}" = CCC Help French
"{69C302CE-8972-1637-6857-F73A08052054}" = CCC Help Polish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{72F77561-7DD8-4D01-6698-16DFDCCBCED6}" = CCC Help Czech
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BCDD54-0B5A-8C86-4E7E-A16F3CE60B81}" = Catalyst Control Center Localization All
"{84123D75-4CD1-8E59-3B05-4928F122FCC2}" = CCC Help Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D261060-84D3-FCF3-177D-969A30DB7FAA}" = Catalyst Control Center InstallProxy
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95D1FD8D-9209-4C68-B7E4-95536D21BBD1}" = AK vs DR
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE46F22-B053-4F67-81AA-50FFF822684D}" = ZEN 2011 x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A04C0520-4B34-4A58-ADC6-EFF04BB0C4D6}" = Stalingrad
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{ABE130EB-EC1A-0500-B607-D1AA01082308}" = CCC Help Thai
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACBA6D88-0035-E98C-A678-BF60D063ECA1}" = CCC Help Dutch
"{B2DB5CE2-5A7B-B321-3C29-F54D235C811F}" = CCC Help Norwegian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC1E438B-1292-C544-D333-6D9E7D9D8726}" = ATI Catalyst Install Manager
"{C42AA487-8DB6-EEDF-0DA5-27B2B710671E}" = Catalyst Control Center Graphics Previews Common
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD99FD27-BC00-07F3-91A3-E130C4CE78F5}" = CCC Help Turkish
"{CDF450C8-4B6E-1ED1-6F2D-E68597E154FE}" = CCC Help Finnish
"{E3E77710-D43D-79AD-8701-45A498760A9F}" = ccc-utility
"{E5A8A937-0D7F-9E53-820B-F28FD400026D}" = CCC Help Swedish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F84E8B79-E754-81D8-BBD6-BC8C622AE382}" = CCC Help Portuguese
"{FAED5381-DDC7-7002-07A8-CC45828D84DA}" = CCC Help Greek
"{FB04F74B-20AF-D902-250F-EBC2F7C6D5D4}" = CCC Help Japanese
"{FCB29739-3E50-4B12-B459-116ADDC60221}" = Soldiers - Heroes of World War II
"01730370C5F33FD3683B6B55F72D58B76FF402AC" = Windows-Treiberpaket - Carl Zeiss MicroImaging GmbH (tvmcam) Image  (10/06/2010 8.2.0.0)
"1489-3350-5074-6281" = JDownloader 0.9
"3637-0812-9190-9529" = Dendroscope 3.2.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BH - RT" = Blitzkrieg Anthology: BH - RT
"Blitzkrieg" = Blitzkrieg Anthology: Blitzkrieg
"Blitzkrieg 2" = Blitzkrieg 2
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Darkest Hour.A Hearts Of Iron Game_is1" = Darkest Hour.A Hearts Of Iron Game
"D-Day" = D-Day
"Foxit Reader" = Foxit Reader
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GPL Ghostscript 9.05" = GPL Ghostscript
"Green Devils" = Green Devils
"GSview 5.0" = GSview 5.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inkscape" = Inkscape 0.48.2
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MatlabR2008a" = MATLAB R2008a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Moscow to Berlin" = Moscow to Berlin : Red Siege
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Panzerkrieg Bundle" = Panzerkrieg Bundle
"pdfsam" = pdfsam
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Peter Games Officers" = Peter Games Officers
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"Sudden Strike II" = Sudden Strike II
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Write-N-Cite" = Write-N-Cite
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Jalview" = Jalview
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.01.2013 06:13:02 | Computer Name = Laptop | Source = Software Protection Platform Service | ID = 8211
Description = Fehler bei der Aktualisierung der Windows-Lizenz- und Product Key-Tokens:
 0x80070070. 
 
Error - 01.01.2013 11:17:46 | Computer Name = Laptop | Source = System Restore | ID = 8193
Description =
 
Error - 02.01.2013 09:21:31 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 03.01.2013 06:43:40 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 04.01.2013 03:42:45 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 04.01.2013 04:22:40 | Computer Name = Laptop | Source = System Restore | ID = 8193
Description =
 
Error - 04.01.2013 04:22:40 | Computer Name = Laptop | Source = System Restore | ID = 8211
Description =
 
Error - 04.01.2013 19:25:41 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 07.01.2013 03:16:09 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 07.01.2013 18:34:47 | Computer Name = Laptop | Source = MsiInstaller | ID = 11609
Description =
 
[ Cisco AnyConnect VPN Client Events ]
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 07.01.2013 18:32:44 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 617 Invoked Function: AddRoute Return Code: -33095642 (0xFE070026) Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_ALREADY_EXISTS
the
 interface appears to be available
 
Error - 07.01.2013 18:32:44 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 601 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 07.01.2013 18:32:44 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 601 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 07.01.2013 18:32:44 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.  File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ Media Center Events ]
Error - 04.12.2012 14:41:22 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:41:22 - Fehler beim Herstellen der Internetverbindung.  19:41:22
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.12.2012 14:41:43 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:41:27 - Fehler beim Herstellen der Internetverbindung.  19:41:27
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.12.2012 18:09:32 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 23:09:32 - Fehler beim Herstellen der Internetverbindung.  23:09:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.12.2012 18:09:43 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 23:09:37 - Fehler beim Herstellen der Internetverbindung.  23:09:37
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.12.2012 14:52:24 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:52:24 - Fehler beim Herstellen der Internetverbindung.  19:52:24
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.12.2012 14:52:35 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:52:29 - Fehler beim Herstellen der Internetverbindung.  19:52:29
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.12.2012 14:24:49 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:24:49 - Fehler beim Herstellen der Internetverbindung.  19:24:49
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.12.2012 14:25:06 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:24:54 - Fehler beim Herstellen der Internetverbindung.  19:24:54
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.12.2012 15:25:10 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 20:25:10 - Fehler beim Herstellen der Internetverbindung.  20:25:10
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.12.2012 15:25:22 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 20:25:15 - Fehler beim Herstellen der Internetverbindung.  20:25:15
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ OSession Events ]
Error - 13.06.2011 12:22:10 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9491
 seconds with 1440 seconds of active time.  This session ended with a crash.
 
Error - 28.01.2012 11:33:38 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 22347 seconds with 12060 seconds of active time.  This session ended with
 a crash.
 
Error - 23.02.2012 06:02:05 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1725
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 15.07.2012 17:30:43 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36624
 seconds with 10860 seconds of active time.  This session ended with a crash.
 
Error - 07.08.2012 08:00:38 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2906
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 08.08.2012 15:41:28 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 113224
 seconds with 20220 seconds of active time.  This session ended with a crash.
 
Error - 14.08.2012 20:44:42 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 132496
 seconds with 28860 seconds of active time.  This session ended with a crash.
 
Error - 14.08.2012 21:06:16 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1254
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.01.2013 18:31:57 | Computer Name = Laptop | Source = Application Popup | ID = 875
Description = Treiber prosync1.sys konnte nicht geladen werden.
 
Error - 07.01.2013 18:31:57 | Computer Name = Laptop | Source = Application Popup | ID = 875
Description = Treiber prohlp02.sys konnte nicht geladen werden.
 
Error - 07.01.2013 18:32:02 | Computer Name = Laptop | Source = Application Popup | ID = 875
Description = Treiber prodrv06.sys konnte nicht geladen werden.
 
Error - 07.01.2013 18:32:09 | Computer Name = Laptop | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 07.01.2013 18:32:09 | Computer Name = Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 07.01.2013 18:32:47 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "5689" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 07.01.2013 18:33:07 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sophos AutoUpdate Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%5
 
Error - 07.01.2013 18:33:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%3
 
Error - 07.01.2013 18:33:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  prodrv06  prohlp02  prosync1  sfdrv01  sfhlp01  sfsync02
 
Error - 07.01.2013 18:33:16 | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =
 
 
< End of report >

cosinus 10.01.2013 00:30
Das ist OTL und nicht adwCleaner

sara91 11.01.2013 00:32
oh, verzeihung! ich habe ausversehen das falsche file hochgeladen. hier nun das richtige:

Code:
# AdwCleaner v2.105 - Datei am 09/01/2012 um 23:28:03 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Sara - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sara\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v4.0 (de)

Datei : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\cd3m5jn7.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2106 octets] - [04/01/2013 00:08:12]
AdwCleaner[R2].txt - [933 octets] - [09/01/2012 23:28:03]
AdwCleaner[S1].txt - [2115 octets] - [04/01/2013 08:55:35]

########## EOF - C:\AdwCleaner[R2].txt - [1052 octets] ##########

cosinus 11.01.2013 01:02
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

sara91 12.01.2013 08:27
Hier sind nun die OTL-logfiles.

OTL.txt:
Code:
OTL logfile created on: 12.01.2012 01:01:53 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Sara\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 62,18% Memory free
5,49 Gb Paging File | 4,51 Gb Available in Paging File | 82,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 0,32 Gb Free Space | 1,10% Space Free | Partition Type: NTFS
Drive D: | 202,12 Gb Total Space | 5,12 Gb Free Space | 2,53% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sara\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Programme\Carl Zeiss\MTB 2011 - 2.0.0.12\MTB Server Console\MTBService.exe (Carl Zeiss)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7aa9acfc261048862a5e93c3be494763\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5a9b62aa4b4080c52d6fe5f41431b5f7\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa143a722656801e18a200ec93f62015\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f961fb1ec279c14554f5580a457ef542\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b0c89de727ba3d9160a77cc47638f759\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MTBService_2.0.0.12) -- C:\Program Files\Carl Zeiss\MTB 2011 File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (swi_service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_update) -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe ()
SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (Sophos AutoUpdate Service) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe ()
SRV - (Sophos Web Control Service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (CZCanSrv) -- C:\Programme\Common Files\Carl Zeiss\CZCanSrv.exe (Carl Zeiss MicroImaging GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (appdrvrem01) -- C:\Windows\System32\appdrvrem01.exe (Protection Technology)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Sara\AppData\Local\Temp\catchme.sys File not found
DRV - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys File not found
DRV - (5689) -- C:\Users\Sara\AppData\Local\Temp\5689.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (sdcfilter) -- C:\Windows\System32\drivers\sdcfilter.sys (Sophos Limited)
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Limited)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (SKMScan) -- C:\Windows\System32\drivers\skmscan.sys (Sophos Plc)
DRV - (appdrv01) -- C:\Windows\System32\drivers\appdrv01.sys (Protection Technology)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                          )
DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (SaiU04E5) -- C:\Windows\System32\drivers\SaiU04E5.sys (Saitek)
DRV - (LVMST) -- C:\Windows\System32\drivers\LVMST.sys (Animation Technologies Inc.)
DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Sara\Desktop
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 A9 C6 2E 52 FC CB 01  [binary data]
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.explosm.net/comics/"
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:5.0.3
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= "
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.09.07 12:59:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.09.07 12:59:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
 
[2011.04.16 17:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\Extensions
[2012.12.13 00:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\Firefox\Profiles\cd3m5jn7.default\extensions
[2012.04.25 22:26:34 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Sara\AppData\Roaming\mozilla\Firefox\Profiles\cd3m5jn7.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.10.11 21:28:40 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Sara\AppData\Roaming\mozilla\Firefox\Profiles\cd3m5jn7.default\extensions\ich@maltegoetz.de
[2012.12.13 00:10:27 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\cd3m5jn7.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2011.10.31 18:43:35 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\cd3m5jn7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.21 22:19:22 | 000,001,330 | ---- | M] () -- C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\cd3m5jn7.default\searchplugins\wikipedia-en.xml
 
O1 HOSTS File: ([2012.12.13 00:44:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [PDFPrint] d:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000..\Run: [PopUpStopperFreeEdition] D:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.44.1.9 141.44.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DEAF9CC-1C04-4C18-97A5-A0FC19BC5A7B}: DhcpNameServer = 192.168.48.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B452B358-AAC2-4317-98EA-D4CD4DC4AEF3}: DhcpNameServer = 141.44.1.9 141.44.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.08 00:15:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
[2013.01.03 11:00:41 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sara\Desktop\tdsskiller.exe
[2013.01.03 03:00:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.01.03 03:00:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.01.03 03:00:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.01.03 03:00:37 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.01.03 03:00:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.01.03 03:00:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.01.03 03:00:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.01.03 03:00:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.01.02 03:06:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.01.02 03:06:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.01.01 18:14:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.01 18:14:28 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.01.01 18:14:28 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.01 18:14:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.01 18:14:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.01 18:14:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.01.01 18:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.01 18:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.01 18:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.01 18:14:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.01.01 18:14:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.01 18:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.01 18:14:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.01 18:14:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.01 18:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.01.01 18:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.01.01 18:13:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.31 23:39:06 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.31 12:46:52 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\handyfotos
[2012.12.13 23:31:18 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Sara\Desktop\aswMBR.exe
[2012.12.13 00:44:27 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.12.13 00:42:04 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\temp
[2012.12.13 00:16:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.12.13 00:10:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.13 00:10:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.13 00:09:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.13 00:08:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.13 00:04:35 | 005,011,065 | R--- | C] (Swearware) -- C:\Users\Sara\Desktop\ComboFix.exe
[2012.12.04 00:14:51 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.25 10:46:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.11.24 11:43:31 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panicware
[2012.11.24 11:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware
[2012.11.15 09:06:57 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.15 09:06:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.15 09:06:54 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.14 12:19:22 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.14 12:19:22 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.14 12:18:14 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.14 12:18:13 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.14 12:18:13 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.14 06:10:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.14 06:10:39 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.14 06:10:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.13 00:26:08 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\Cisco
[2012.11.13 00:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.11.13 00:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2012.11.13 00:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012.11.12 21:59:35 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\paper journal club
[2012.11.10 21:54:35 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\TNS
[2012.10.27 11:01:13 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\old exams
[2012.10.23 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Roaming\MathWorks
[2012.10.23 21:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
[2012.10.23 20:31:55 | 000,000,000 | ---D | C] -- C:\Users\Sara\Documents\MATLAB
[2012.10.23 20:29:49 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2012.10.23 20:29:46 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSHFLXGD.OCX
[2012.10.18 06:46:56 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.10.15 23:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.10.10 12:19:04 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 12:19:04 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.04 21:51:46 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\MGTEK
[2012.10.04 21:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MGTEK
[2012.09.26 05:24:01 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012.09.17 16:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.09.12 02:00:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012.09.12 02:00:49 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.09.12 02:00:49 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012.09.12 02:00:48 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.08.29 09:34:28 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\print
[2012.08.19 18:36:24 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Roaming\Sun
[2012.08.15 11:17:22 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.08.15 11:17:17 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.07.19 13:38:01 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Roaming\inkscape
[2012.07.17 20:14:04 | 000,000,000 | ---D | C] -- C:\Users\Sara\.imagej
[2012.07.13 12:52:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Carl Zeiss
[2012.07.13 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Sara\Documents\Carl Zeiss
[2012.07.13 12:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.07.13 12:52:25 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Roaming\Carl Zeiss
[2012.07.13 10:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.07.13 10:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Aladdin Shared
[2012.07.13 10:50:32 | 002,869,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
[2012.07.13 10:50:27 | 002,869,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\aksllmtp.exe
[2012.07.13 10:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.07.13 10:50:24 | 000,352,256 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\drivers\aksfridge.sys
[2012.07.13 10:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carl Zeiss
[2012.07.13 10:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Carl Zeiss Vision
[2012.07.13 10:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Carl Zeiss
[2012.07.13 10:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\Carl Zeiss
[2012.07.13 10:49:25 | 000,587,776 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\drivers\hardlock.sys
[2012.07.13 10:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Carl Zeiss
[2012.07.11 12:11:23 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 12:11:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.11 12:11:19 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.09 20:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dendroscope
[2012.07.09 17:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.07 20:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.07 20:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.07 20:29:24 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.07 20:29:24 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.07 20:21:12 | 000,000,000 | ---D | C] -- C:\Users\Sara\.jswingreader
[2012.07.07 16:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012.07.07 16:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostgum
[2012.07.07 15:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeView
[2012.06.25 16:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.06.25 16:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.06.25 16:17:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.06.25 16:08:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.06.25 16:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.06.23 23:21:05 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\Macromedia
[2012.06.23 13:03:12 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\Deutschlandstipendium - Magdeburg
[2012.06.21 20:05:03 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 20:05:03 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 20:04:46 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 20:04:46 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 20:04:46 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 20:04:32 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 20:04:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.13 22:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.06.13 22:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2012.06.13 22:44:43 | 000,030,744 | ---- | C] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2012.06.13 22:44:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2012.06.13 22:42:27 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.13 22:42:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.13 22:42:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.13 22:42:25 | 000,033,696 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\sdcfilter.sys
[2012.06.13 22:42:16 | 000,123,680 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2012.06.10 10:50:19 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\DAAD berichte
[2012.06.08 23:03:58 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Roaming\vlc
[2012.06.06 19:59:42 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2012.06.06 17:54:25 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.01 16:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter
[2012.05.16 13:21:23 | 000,000,000 | ---D | C] -- C:\Users\Sara\Documents\refworks
[2012.05.16 13:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Refworks
[2012.05.10 20:44:21 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.04.21 23:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.10 20:51:33 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\Apps
[2012.03.31 12:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFTK Builder
[2012.03.31 07:32:06 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Roaming\Xuqua
[2012.03.31 07:32:06 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Roaming\Nuby
[2012.03.30 22:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.30 22:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.15 21:23:11 | 000,000,000 | ---D | C] -- C:\Users\Sara\.pdfsam
[2012.03.15 19:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge
[2012.03.15 19:49:27 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\PDF24
[2012.03.14 22:22:31 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.03.03 12:23:15 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Roaming\Malwarebytes
[2012.03.03 12:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.03 12:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.03 12:23:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.15 03:53:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.02.15 03:53:31 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.02.15 03:53:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.02.15 03:53:30 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.02.15 03:53:30 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.02.15 03:53:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.02.15 03:53:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.02.15 03:53:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.02.15 03:53:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.02.15 03:53:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.02.15 03:53:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.02.15 03:53:29 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.02.15 03:53:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.02.15 03:53:29 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.02.15 03:53:29 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.02.15 03:53:29 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.02.15 03:53:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.02.15 03:53:28 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.02.15 03:53:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.02.15 03:53:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.02.15 03:53:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.02.15 03:53:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.02.15 03:53:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.02.15 03:53:27 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.02.15 03:53:26 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.02.15 03:53:26 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.02.15 03:53:26 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.02.15 03:53:26 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.02.15 03:53:26 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.02.15 03:19:54 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.02.04 00:30:27 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Roaming\TIPP10
[2012.02.02 11:11:37 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Roaming\Laboratory Imaging
[2012.02.02 11:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIS-Elements Viewer 4.0
[2012.02.02 11:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Laboratory Imaging
[2012.01.13 09:27:10 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.01.13 09:27:10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.01.11 15:48:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.11 15:48:45 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 15:48:45 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.02 17:45:59 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\ElevatedDiagnostics
[2011.12.15 10:04:15 | 000,000,000 | ---D | C] -- C:\Users\Sara\Documents\FIFA 11
[2011.12.15 09:31:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011.12.15 09:31:43 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011.12.15 09:31:43 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011.12.15 09:31:42 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011.12.15 09:31:41 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011.12.15 09:31:40 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011.12.15 09:31:38 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011.12.15 09:31:37 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011.12.15 09:31:36 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011.12.15 01:07:26 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.15 01:06:22 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[4 C:\Users\Sara\Desktop\*.tmp files -> C:\Users\Sara\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.08 08:42:37 | 000,697,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.08 08:42:37 | 000,652,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.08 08:42:37 | 000,148,346 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.08 08:42:37 | 000,121,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.08 00:15:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
[2013.01.03 11:00:45 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sara\Desktop\tdsskiller.exe
[2013.01.02 19:49:55 | 445,378,435 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.02 03:24:18 | 000,317,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.13 23:31:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Sara\Desktop\aswMBR.exe
[2012.12.13 23:31:10 | 000,302,592 | ---- | M] () -- C:\Users\Sara\Desktop\y6m9erhm.exe
[2012.12.13 00:44:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.13 00:04:49 | 005,011,065 | R--- | M] (Swearware) -- C:\Users\Sara\Desktop\ComboFix.exe
[2012.12.10 19:15:33 | 000,145,918 | ---- | M] () -- C:\Users\Sara\Desktop\Reportf9895b92-03f7-4954-9db5-861ede88b884.pdf
[2012.12.04 00:15:15 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.12.04 00:14:34 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.24 11:52:17 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.24 11:52:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.22 20:52:29 | 000,067,829 | ---- | M] () -- C:\Users\Sara\Desktop\eigenwerte und eigenvektoren.pdf
[2012.11.22 03:56:02 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.14 03:09:22 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.14 02:58:15 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.14 02:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.14 02:51:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.14 02:49:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.14 02:47:20 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.14 02:44:42 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.14 02:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.09 05:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.11.05 22:09:12 | 000,023,700 | ---- | M] () -- C:\Users\Sara\Desktop\ex4_3.jpg
[2012.11.05 22:02:26 | 000,002,550 | ---- | M] () -- C:\Users\Sara\Desktop\ex4_3.fig
[2012.11.05 20:41:11 | 000,059,007 | ---- | M] () -- C:\Users\Sara\Desktop\ex4.jpg
[2012.11.05 20:30:58 | 000,260,282 | ---- | M] () -- C:\Users\Sara\Desktop\Exersize04_LIFSA.pdf
[2012.11.02 06:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.10.29 21:57:16 | 000,004,137 | ---- | M] () -- C:\Users\Sara\Desktop\tm-3-janine.m
[2012.10.23 21:06:03 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\MATLAB R2008a.lnk
[2012.10.23 21:05:08 | 000,645,120 | ---- | M] () -- C:\Windows\System32\config.gms
[2012.10.18 06:46:56 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.10.10 21:31:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.10.09 18:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.10.09 18:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.10.04 17:47:18 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.04 17:40:38 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.04 17:40:37 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.04 17:40:37 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.04 17:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.04 17:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.04 17:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.04 17:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.04 17:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.04 17:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.04 17:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.04 17:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.04 15:41:50 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.04 15:41:50 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.04 15:41:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.04 15:41:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.03 17:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.10.03 17:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.10.03 17:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.25 23:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.09.17 16:56:37 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.09.17 16:56:37 | 000,000,732 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.08.30 18:12:02 | 003,968,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.08.30 18:12:02 | 003,914,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.08.23 08:41:06 | 000,000,218 | ---- | M] () -- C:\Users\Sara\.recently-used.xbel
[2012.08.22 18:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.08.22 18:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012.08.21 21:12:27 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012.08.03 16:48:10 | 000,072,192 | ---- | M] () -- C:\Users\Sara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.02 17:57:20 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.08.02 17:36:54 | 000,004,221 | ---- | M] () -- C:\Users\Sara\.Dendroscope.def
[2012.07.26 06:26:30 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
[2012.07.26 04:39:21 | 000,047,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.07.26 04:20:40 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.07.26 04:20:40 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.07.26 04:20:40 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.07.26 03:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.07.25 18:17:44 | 001,870,380 | R--- | M] () -- C:\Users\Sara\Desktop\Molekulare genetik - skript.PDF
[2012.07.21 08:27:25 | 000,000,682 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.19 13:32:43 | 000,000,682 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2012.07.17 13:29:48 | 000,000,771 | ---- | M] () -- C:\Users\Sara\Desktop\fiji.lnk
[2012.07.15 18:51:44 | 000,267,370 | ---- | M] () -- C:\Users\Sara\Desktop\CV-Sara_Bangel.pdf
[2012.07.15 18:43:18 | 000,712,583 | ---- | M] () -- C:\Users\Sara\Desktop\Transcript-Sara_Bangel.pdf
[2012.07.15 18:38:51 | 000,047,462 | ---- | M] () -- C:\Users\Sara\Desktop\20120712153240171(1).pdf
[2012.07.13 10:50:16 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\ ZEN 2011.lnk
[2012.07.09 17:44:43 | 000,000,743 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.07 21:04:15 | 000,011,301 | ---- | M] () -- C:\Users\Sara\gsview32.ini
[2012.07.07 20:29:01 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.07 20:29:01 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.07 20:21:49 | 000,000,660 | ---- | M] () -- C:\Users\Sara\.jalview_properties
[2012.07.04 22:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.07.04 20:45:31 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012.06.25 16:29:52 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012.06.13 22:42:25 | 000,033,696 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\sdcfilter.sys
[2012.06.13 22:42:16 | 000,123,680 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2012.06.13 22:42:16 | 000,030,744 | ---- | M] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2012.06.06 19:59:42 | 001,070,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2012.06.06 06:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.06.02 23:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.02 23:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.02 23:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.02 23:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.02 23:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:57:50 | 000,000,003 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.06.02 15:34:21 | 000,000,003 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.06.02 14:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 14:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.02 05:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.05.31 11:25:14 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.05.18 21:59:02 | 000,339,725 | ---- | M] () -- C:\Users\Sara\Desktop\Projektarbeit mit quellenangaben!.pdf
[2012.05.16 13:21:19 | 000,000,636 | ---- | M] () -- C:\Users\Public\Desktop\Write-N-Cite.lnk
[2012.05.05 08:46:52 | 000,400,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.05.04 18:29:40 | 000,227,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.05.04 18:29:22 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.05.04 18:29:16 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.04.26 05:45:55 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.04.26 05:45:54 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.04.26 05:41:16 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.14 22:25:15 | 000,149,294 | ---- | M] () -- C:\Users\Sara\Desktop\TheScienceofScientificWriting.pdf
[2012.03.03 06:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.02.17 06:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.02.15 03:53:31 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.02.15 03:53:31 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.02.15 03:53:30 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.02.15 03:53:30 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.02.15 03:53:30 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.02.15 03:53:30 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.02.15 03:53:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.02.15 03:53:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.02.15 03:53:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.02.15 03:53:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.02.15 03:53:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.02.15 03:53:29 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.02.15 03:53:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.02.15 03:53:29 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.02.15 03:53:29 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.02.15 03:53:29 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.02.15 03:53:29 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.02.15 03:53:28 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.02.15 03:53:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.02.15 03:53:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.02.15 03:53:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.02.15 03:53:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.02.15 03:53:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.02.15 03:53:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.02.15 03:53:27 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.02.15 03:53:26 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.02.15 03:53:26 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.02.15 03:53:26 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.02.15 03:53:26 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.02.15 03:53:26 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.02.01 22:43:04 | 000,085,159 | ---- | M] () -- C:\Users\Sara\Desktop\trawling_the_brain_-_science.pdf
[2012.01.12 00:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.01.12 00:29:29 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.12 00:29:29 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.12 00:19:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.12 00:19:52 | 2212,892,672 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.09 23:27:26 | 000,554,087 | ---- | M] () -- C:\Users\Sara\Desktop\adwcleaner.exe
[2012.01.05 01:12:32 | 001,630,202 | ---- | M] () -- C:\Users\Sara\Desktop\brain_facts.pdf
[2011.12.30 06:27:56 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[4 C:\Users\Sara\Desktop\*.tmp files -> C:\Users\Sara\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.04 00:02:32 | 000,554,087 | ---- | C] () -- C:\Users\Sara\Desktop\adwcleaner.exe
[2013.01.02 19:49:55 | 445,378,435 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.13 23:31:02 | 000,302,592 | ---- | C] () -- C:\Users\Sara\Desktop\y6m9erhm.exe
[2012.12.13 00:10:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.13 00:10:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.13 00:10:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.13 00:10:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.13 00:10:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.10 19:15:31 | 000,145,918 | ---- | C] () -- C:\Users\Sara\Desktop\Reportf9895b92-03f7-4954-9db5-861ede88b884.pdf
[2012.11.22 20:52:29 | 000,067,829 | ---- | C] () -- C:\Users\Sara\Desktop\eigenwerte und eigenvektoren.pdf
[2012.11.14 12:19:26 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 12:18:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.05 22:03:05 | 000,023,700 | ---- | C] () -- C:\Users\Sara\Desktop\ex4_3.jpg
[2012.11.05 22:02:26 | 000,002,550 | ---- | C] () -- C:\Users\Sara\Desktop\ex4_3.fig
[2012.11.05 20:35:02 | 000,059,007 | ---- | C] () -- C:\Users\Sara\Desktop\ex4.jpg
[2012.11.05 20:30:57 | 000,260,282 | ---- | C] () -- C:\Users\Sara\Desktop\Exersize04_LIFSA.pdf
[2012.10.30 07:57:28 | 000,004,137 | ---- | C] () -- C:\Users\Sara\Desktop\tm-3-janine.m
[2012.10.23 21:06:03 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\MATLAB R2008a.lnk
[2012.10.23 21:05:08 | 000,645,120 | ---- | C] () -- C:\Windows\System32\config.gms
[2012.10.10 21:31:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.09.17 16:56:37 | 000,000,732 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.08.23 08:41:06 | 000,000,218 | ---- | C] () -- C:\Users\Sara\.recently-used.xbel
[2012.07.25 18:17:47 | 001,870,380 | R--- | C] () -- C:\Users\Sara\Desktop\Molekulare genetik - skript.PDF
[2012.07.19 13:33:20 | 000,000,694 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2012.07.19 13:32:43 | 000,000,682 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2012.07.17 13:29:57 | 000,000,771 | ---- | C] () -- C:\Users\Sara\Desktop\fiji.lnk
[2012.07.15 18:51:43 | 000,267,370 | ---- | C] () -- C:\Users\Sara\Desktop\CV-Sara_Bangel.pdf
[2012.07.15 18:43:18 | 000,712,583 | ---- | C] () -- C:\Users\Sara\Desktop\Transcript-Sara_Bangel.pdf
[2012.07.15 18:38:45 | 000,047,462 | ---- | C] () -- C:\Users\Sara\Desktop\20120712153240171(1).pdf
[2012.07.13 10:50:16 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\ ZEN 2011.lnk
[2012.07.09 20:15:21 | 000,004,221 | ---- | C] () -- C:\Users\Sara\.Dendroscope.def
[2012.07.09 17:44:43 | 000,000,743 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.07 20:21:10 | 000,000,660 | ---- | C] () -- C:\Users\Sara\.jalview_properties
[2012.07.07 16:36:27 | 000,011,301 | ---- | C] () -- C:\Users\Sara\gsview32.ini
[2012.06.06 17:54:27 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.18 21:53:18 | 000,339,725 | ---- | C] () -- C:\Users\Sara\Desktop\Projektarbeit mit quellenangaben!.pdf
[2012.05.16 13:21:19 | 000,000,636 | ---- | C] () -- C:\Users\Public\Desktop\Write-N-Cite.lnk
[2012.04.21 23:03:24 | 000,000,682 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.15 19:48:27 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.03.14 22:25:14 | 000,149,294 | ---- | C] () -- C:\Users\Sara\Desktop\TheScienceofScientificWriting.pdf
[2012.03.03 12:23:09 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.15 12:11:11 | 000,001,409 | ---- | C] () -- C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.02.15 03:53:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.02.02 16:53:19 | 000,072,192 | ---- | C] () -- C:\Users\Sara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.01 22:43:04 | 000,085,159 | ---- | C] () -- C:\Users\Sara\Desktop\trawling_the_brain_-_science.pdf
[2012.01.05 01:12:32 | 001,630,202 | ---- | C] () -- C:\Users\Sara\Desktop\brain_facts.pdf
[2011.06.21 08:33:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.20 17:56:32 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.16 16:44:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Extras.txt:
Code:
OTL Extras logfile created on: 12.01.2012 01:01:53 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Sara\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 62,18% Memory free
5,49 Gb Paging File | 4,51 Gb Available in Paging File | 82,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 0,32 Gb Free Space | 1,10% Space Free | Partition Type: NTFS
Drive D: | 202,12 Gb Total Space | 5,12 Gb Free Space | 2,53% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5972C7EF-A198-44D3-9582-958E344AAB37}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{709A6FC5-7FD4-4375-9D2F-84C5A1A63E17}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{82F7A8E9-8BC2-421E-A543-AE20EFD92E43}D:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{2A856DD4-9864-4A5C-B8C6-5C22E6FF4191}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{322E4640-D753-4773-8B70-0672F3BFC397}D:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{53BBB37E-01D7-431F-946B-EAB6B15D6F2B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00659A90-8645-C0C1-FA31-2AA63016E48A}" = CCC Help Chinese Standard
"{0681606A-13CD-4365-9B19-684B577FA9E9}_is1" = TreeView 1.6.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ABA6238-1A62-FFC6-9ACC-4DB9FEFB6A6E}" = CCC Help Spanish
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1966341E-0539-4698-ADEA-278A91CFCCC8}" = NIS-Elements Viewer 4.0 (build 770)
"{1F4FC05D-DEE6-AD4C-5CC6-31D642343F09}" = AMD Fuel
"{25E6D9E3-3CA4-D2CF-6F18-9A08C4FF2885}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{36C36970-394C-40C4-E11B-7CF635AFB989}" = CCC Help Hungarian
"{37AB6736-3C58-B2AD-9232-BBCF074F9A9C}" = Catalyst Control Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FAF398F-CCD0-AC9F-2345-A473D1AE077B}" = CCC Help Chinese Traditional
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEBF3CF-1119-3902-4D37-A9274DDB54E1}" = CCC Help Danish
"{4F3A978C-35D6-8FDF-4D00-50F5D659D3BB}" = CCC Help German
"{4FD59143-0B17-CCC6-CEFD-C745955A70C7}" = CCC Help Korean
"{528EE462-2993-51F9-9F68-7C9F9BD7DCC3}" = CCC Help Italian
"{60C5FF36-67E1-6B1D-781F-579C30BE41AA}" = CCC Help French
"{69C302CE-8972-1637-6857-F73A08052054}" = CCC Help Polish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{72F77561-7DD8-4D01-6698-16DFDCCBCED6}" = CCC Help Czech
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BCDD54-0B5A-8C86-4E7E-A16F3CE60B81}" = Catalyst Control Center Localization All
"{84123D75-4CD1-8E59-3B05-4928F122FCC2}" = CCC Help Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D261060-84D3-FCF3-177D-969A30DB7FAA}" = Catalyst Control Center InstallProxy
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95D1FD8D-9209-4C68-B7E4-95536D21BBD1}" = AK vs DR
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE46F22-B053-4F67-81AA-50FFF822684D}" = ZEN 2011 x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A04C0520-4B34-4A58-ADC6-EFF04BB0C4D6}" = Stalingrad
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{ABE130EB-EC1A-0500-B607-D1AA01082308}" = CCC Help Thai
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACBA6D88-0035-E98C-A678-BF60D063ECA1}" = CCC Help Dutch
"{B2DB5CE2-5A7B-B321-3C29-F54D235C811F}" = CCC Help Norwegian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC1E438B-1292-C544-D333-6D9E7D9D8726}" = ATI Catalyst Install Manager
"{C42AA487-8DB6-EEDF-0DA5-27B2B710671E}" = Catalyst Control Center Graphics Previews Common
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD99FD27-BC00-07F3-91A3-E130C4CE78F5}" = CCC Help Turkish
"{CDF450C8-4B6E-1ED1-6F2D-E68597E154FE}" = CCC Help Finnish
"{E3E77710-D43D-79AD-8701-45A498760A9F}" = ccc-utility
"{E5A8A937-0D7F-9E53-820B-F28FD400026D}" = CCC Help Swedish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F84E8B79-E754-81D8-BBD6-BC8C622AE382}" = CCC Help Portuguese
"{FAED5381-DDC7-7002-07A8-CC45828D84DA}" = CCC Help Greek
"{FB04F74B-20AF-D902-250F-EBC2F7C6D5D4}" = CCC Help Japanese
"{FCB29739-3E50-4B12-B459-116ADDC60221}" = Soldiers - Heroes of World War II
"01730370C5F33FD3683B6B55F72D58B76FF402AC" = Windows-Treiberpaket - Carl Zeiss MicroImaging GmbH (tvmcam) Image  (10/06/2010 8.2.0.0)
"1489-3350-5074-6281" = JDownloader 0.9
"3637-0812-9190-9529" = Dendroscope 3.2.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BH - RT" = Blitzkrieg Anthology: BH - RT
"Blitzkrieg" = Blitzkrieg Anthology: Blitzkrieg
"Blitzkrieg 2" = Blitzkrieg 2
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Darkest Hour.A Hearts Of Iron Game_is1" = Darkest Hour.A Hearts Of Iron Game
"D-Day" = D-Day
"Foxit Reader" = Foxit Reader
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GPL Ghostscript 9.05" = GPL Ghostscript
"Green Devils" = Green Devils
"GSview 5.0" = GSview 5.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inkscape" = Inkscape 0.48.2
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MatlabR2008a" = MATLAB R2008a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Moscow to Berlin" = Moscow to Berlin : Red Siege
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Panzerkrieg Bundle" = Panzerkrieg Bundle
"pdfsam" = pdfsam
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Peter Games Officers" = Peter Games Officers
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"Sudden Strike II" = Sudden Strike II
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Write-N-Cite" = Write-N-Cite
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Jalview" = Jalview
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.01.2013 04:22:40 | Computer Name = Laptop | Source = System Restore | ID = 8193
Description =
 
Error - 04.01.2013 04:22:40 | Computer Name = Laptop | Source = System Restore | ID = 8211
Description =
 
Error - 04.01.2013 19:25:41 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 07.01.2013 03:16:09 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 07.01.2013 18:34:47 | Computer Name = Laptop | Source = MsiInstaller | ID = 11609
Description =
 
Error - 08.01.2013 03:17:39 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 08.01.2012 18:06:32 | Computer Name = Laptop | Source = System Restore | ID = 8193
Description =
 
Error - 08.01.2012 18:06:32 | Computer Name = Laptop | Source = System Restore | ID = 8211
Description =
 
Error - 08.01.2012 18:57:13 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 09.01.2012 18:33:43 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ Cisco AnyConnect VPN Client Events ]
Error - 11.01.2012 19:34:10 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 11.01.2012 19:34:10 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 11.01.2012 19:34:10 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 11.01.2012 19:34:10 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 11.01.2012 19:34:10 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 11.01.2012 19:34:10 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 11.01.2012 19:34:10 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 11.01.2012 19:34:10 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 11.01.2012 19:34:10 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 11.01.2012 19:34:10 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
[ Media Center Events ]
Error - 04.12.2012 14:41:22 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:41:22 - Fehler beim Herstellen der Internetverbindung.  19:41:22
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.12.2012 14:41:43 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:41:27 - Fehler beim Herstellen der Internetverbindung.  19:41:27
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.12.2012 18:09:32 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 23:09:32 - Fehler beim Herstellen der Internetverbindung.  23:09:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.12.2012 18:09:43 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 23:09:37 - Fehler beim Herstellen der Internetverbindung.  23:09:37
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.12.2012 14:52:24 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:52:24 - Fehler beim Herstellen der Internetverbindung.  19:52:24
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.12.2012 14:52:35 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:52:29 - Fehler beim Herstellen der Internetverbindung.  19:52:29
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.12.2012 14:24:49 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:24:49 - Fehler beim Herstellen der Internetverbindung.  19:24:49
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.12.2012 14:25:06 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:24:54 - Fehler beim Herstellen der Internetverbindung.  19:24:54
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.12.2012 15:25:10 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 20:25:10 - Fehler beim Herstellen der Internetverbindung.  20:25:10
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.12.2012 15:25:22 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 20:25:15 - Fehler beim Herstellen der Internetverbindung.  20:25:15
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ OSession Events ]
Error - 13.06.2011 12:22:10 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9491
 seconds with 1440 seconds of active time.  This session ended with a crash.
 
Error - 28.01.2012 11:33:38 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 22347 seconds with 12060 seconds of active time.  This session ended with
 a crash.
 
Error - 23.02.2012 06:02:05 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1725
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 15.07.2012 17:30:43 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36624
 seconds with 10860 seconds of active time.  This session ended with a crash.
 
Error - 07.08.2012 08:00:38 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2906
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 08.08.2012 15:41:28 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 113224
 seconds with 20220 seconds of active time.  This session ended with a crash.
 
Error - 14.08.2012 20:44:42 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 132496
 seconds with 28860 seconds of active time.  This session ended with a crash.
 
Error - 14.08.2012 21:06:16 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1254
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.01.2012 19:19:47 | Computer Name = Laptop | Source = Application Popup | ID = 875
Description = Treiber prohlp02.sys konnte nicht geladen werden.
 
Error - 11.01.2012 19:19:51 | Computer Name = Laptop | Source = Application Popup | ID = 875
Description = Treiber prodrv06.sys konnte nicht geladen werden.
 
Error - 11.01.2012 19:19:58 | Computer Name = Laptop | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 11.01.2012 19:19:58 | Computer Name = Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 11.01.2012 19:20:34 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "5689" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 11.01.2012 19:20:54 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sophos AutoUpdate Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%5
 
Error - 11.01.2012 19:22:21 | Computer Name = Laptop | Source = Service Control Manager | ID = 7022
Description = Der Dienst "AMD FUEL Service" wurde nicht richtig gestartet.
 
Error - 11.01.2012 19:22:21 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%3
 
Error - 11.01.2012 19:22:21 | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  prodrv06  prohlp02  prosync1  sfdrv01  sfhlp01  sfsync02
 
Error - 11.01.2012 19:22:25 | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =
 
 
< End of report >

cosinus 12.01.2013 14:19
Log vom adwCleaner fehlt

sara91 12.01.2013 19:09
SORRY!!

adw cleaner:

Code:
# AdwCleaner v2.105 - Datei am 12/01/2012 um 00:18:27 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Sara - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sara\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v4.0 (de)

Datei : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\cd3m5jn7.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2106 octets] - [04/01/2013 00:08:12]
AdwCleaner[R2].txt - [1115 octets] - [09/01/2012 23:28:03]
AdwCleaner[R3].txt - [1181 octets] - [11/01/2012 00:30:19]
AdwCleaner[S1].txt - [2115 octets] - [04/01/2013 08:55:35]
AdwCleaner[S2].txt - [1115 octets] - [12/01/2012 00:18:27]

########## EOF - C:\AdwCleaner[S2].txt - [1175 octets] ##########

cosinus 13.01.2013 19:54

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
DRV - (5689) -- C:\Users\Sara\AppData\Local\Temp\5689.sys File not found
FF - user.js - File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

sara91 15.01.2013 23:31
hier ist das OTL-logfile:

Code:
All processes killed
========== OTL ==========
Service 5689 stopped successfully!
Service 5689 deleted successfully!
File  C:\Users\Sara\AppData\Local\Temp\5689.sys File not found not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Sara\Desktop\cmd.bat deleted successfully.
C:\Users\Sara\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Sara
->Temp folder emptied: 4932140 bytes
->Temporary Internet Files folder emptied: 41648304 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 122514486 bytes
->Flash cache emptied: 1756 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20058797 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 180,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 01142013_000136

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 16.01.2013 15:56
Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

sara91 16.01.2013 23:35
OTL.txt:

Code:
OTL logfile created on: 16.01.2013 23:09:03 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Sara\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 52,76% Memory free
5,49 Gb Paging File | 3,98 Gb Available in Paging File | 72,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 0,43 Gb Free Space | 1,46% Space Free | Partition Type: NTFS
Drive D: | 202,12 Gb Total Space | 10,97 Gb Free Space | 5,43% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sara\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Programme\Carl Zeiss\MTB 2011 - 2.0.0.12\MTB Server Console\MTBService.exe (Carl Zeiss)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
PRC - D:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7aa9acfc261048862a5e93c3be494763\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5a9b62aa4b4080c52d6fe5f41431b5f7\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa143a722656801e18a200ec93f62015\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f961fb1ec279c14554f5580a457ef542\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b0c89de727ba3d9160a77cc47638f759\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - D:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - D:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MTBService_2.0.0.12) -- C:\Program Files\Carl Zeiss\MTB 2011 File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (swi_service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_update) -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe ()
SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (Sophos AutoUpdate Service) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe ()
SRV - (Sophos Web Control Service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (CZCanSrv) -- C:\Programme\Common Files\Carl Zeiss\CZCanSrv.exe (Carl Zeiss MicroImaging GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (appdrvrem01) -- C:\Windows\System32\appdrvrem01.exe (Protection Technology)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Sara\AppData\Local\Temp\catchme.sys File not found
DRV - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (sdcfilter) -- C:\Windows\System32\drivers\sdcfilter.sys (Sophos Limited)
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Limited)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (SKMScan) -- C:\Windows\System32\drivers\skmscan.sys (Sophos Plc)
DRV - (appdrv01) -- C:\Windows\System32\drivers\appdrv01.sys (Protection Technology)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                          )
DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (SaiU04E5) -- C:\Windows\System32\drivers\SaiU04E5.sys (Saitek)
DRV - (LVMST) -- C:\Windows\System32\drivers\LVMST.sys (Animation Technologies Inc.)
DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Sara\Desktop
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 A9 C6 2E 52 FC CB 01  [binary data]
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.explosm.net/comics/"
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:5.0.3
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= "
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.09.07 12:59:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.09.07 12:59:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
 
[2011.04.16 17:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\Extensions
[2012.12.13 00:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\Firefox\Profiles\cd3m5jn7.default\extensions
[2012.04.25 22:26:34 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Sara\AppData\Roaming\mozilla\Firefox\Profiles\cd3m5jn7.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.10.11 21:28:40 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Sara\AppData\Roaming\mozilla\Firefox\Profiles\cd3m5jn7.default\extensions\ich@maltegoetz.de
[2012.12.13 00:10:27 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\cd3m5jn7.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2011.10.31 18:43:35 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\cd3m5jn7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.21 22:19:22 | 000,001,330 | ---- | M] () -- C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\cd3m5jn7.default\searchplugins\wikipedia-en.xml
 
O1 HOSTS File: ([2013.01.14 00:02:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [PDFPrint] d:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000..\Run: [PopUpStopperFreeEdition] D:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.44.1.9 141.44.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DEAF9CC-1C04-4C18-97A5-A0FC19BC5A7B}: DhcpNameServer = 192.168.48.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B452B358-AAC2-4317-98EA-D4CD4DC4AEF3}: DhcpNameServer = 141.44.1.9 141.44.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.14 00:01:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.08 00:15:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
[2013.01.03 03:00:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.01.03 03:00:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.01.03 03:00:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.01.03 03:00:37 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.01.03 03:00:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.01.03 03:00:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.01.03 03:00:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.01.03 03:00:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.01.02 03:06:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.01.02 03:06:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.01.01 18:14:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.01 18:14:28 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.01.01 18:14:28 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.01 18:14:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.01 18:14:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.01 18:14:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.01.01 18:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.01 18:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.01 18:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.01 18:14:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.01.01 18:14:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.01 18:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.01 18:14:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.01 18:14:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.01 18:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.01.01 18:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.01.01 18:13:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.31 23:39:06 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.31 12:46:52 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\handyfotos
[4 C:\Users\Sara\Desktop\*.tmp files -> C:\Users\Sara\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 23:19:59 | 000,000,218 | ---- | M] () -- C:\Users\Sara\.recently-used.xbel
[2013.01.16 22:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.16 20:57:57 | 000,697,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.16 20:57:57 | 000,652,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.16 20:57:57 | 000,148,346 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.16 20:57:57 | 000,121,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.16 19:54:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.14 23:09:25 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.14 23:09:25 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.14 22:52:51 | 2212,892,672 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.14 00:02:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.01.08 00:15:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
[2013.01.02 19:49:55 | 445,378,435 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.02 03:24:18 | 000,317,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[4 C:\Users\Sara\Desktop\*.tmp files -> C:\Users\Sara\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.16 23:19:59 | 000,000,218 | ---- | C] () -- C:\Users\Sara\.recently-used.xbel
[2013.01.04 00:02:32 | 000,554,087 | ---- | C] () -- C:\Users\Sara\Desktop\adwcleaner.exe
[2013.01.02 19:49:55 | 445,378,435 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.13 00:10:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.13 00:10:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.13 00:10:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.13 00:10:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.13 00:10:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.09 20:15:21 | 000,004,221 | ---- | C] () -- C:\Users\Sara\.Dendroscope.def
[2012.07.07 20:21:10 | 000,000,660 | ---- | C] () -- C:\Users\Sara\.jalview_properties
[2012.07.07 16:36:27 | 000,011,301 | ---- | C] () -- C:\Users\Sara\gsview32.ini
[2012.02.02 16:53:19 | 000,072,192 | ---- | C] () -- C:\Users\Sara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.21 08:33:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.20 17:56:32 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.16 16:44:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Extras.txt:
Code:
OTL Extras logfile created on: 16.01.2013 23:09:03 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Sara\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 52,76% Memory free
5,49 Gb Paging File | 3,98 Gb Available in Paging File | 72,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 0,43 Gb Free Space | 1,46% Space Free | Partition Type: NTFS
Drive D: | 202,12 Gb Total Space | 10,97 Gb Free Space | 5,43% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5972C7EF-A198-44D3-9582-958E344AAB37}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{709A6FC5-7FD4-4375-9D2F-84C5A1A63E17}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{82F7A8E9-8BC2-421E-A543-AE20EFD92E43}D:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{2A856DD4-9864-4A5C-B8C6-5C22E6FF4191}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{322E4640-D753-4773-8B70-0672F3BFC397}D:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{53BBB37E-01D7-431F-946B-EAB6B15D6F2B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00659A90-8645-C0C1-FA31-2AA63016E48A}" = CCC Help Chinese Standard
"{0681606A-13CD-4365-9B19-684B577FA9E9}_is1" = TreeView 1.6.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ABA6238-1A62-FFC6-9ACC-4DB9FEFB6A6E}" = CCC Help Spanish
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1966341E-0539-4698-ADEA-278A91CFCCC8}" = NIS-Elements Viewer 4.0 (build 770)
"{1F4FC05D-DEE6-AD4C-5CC6-31D642343F09}" = AMD Fuel
"{25E6D9E3-3CA4-D2CF-6F18-9A08C4FF2885}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{36C36970-394C-40C4-E11B-7CF635AFB989}" = CCC Help Hungarian
"{37AB6736-3C58-B2AD-9232-BBCF074F9A9C}" = Catalyst Control Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FAF398F-CCD0-AC9F-2345-A473D1AE077B}" = CCC Help Chinese Traditional
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEBF3CF-1119-3902-4D37-A9274DDB54E1}" = CCC Help Danish
"{4F3A978C-35D6-8FDF-4D00-50F5D659D3BB}" = CCC Help German
"{4FD59143-0B17-CCC6-CEFD-C745955A70C7}" = CCC Help Korean
"{528EE462-2993-51F9-9F68-7C9F9BD7DCC3}" = CCC Help Italian
"{60C5FF36-67E1-6B1D-781F-579C30BE41AA}" = CCC Help French
"{69C302CE-8972-1637-6857-F73A08052054}" = CCC Help Polish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{72F77561-7DD8-4D01-6698-16DFDCCBCED6}" = CCC Help Czech
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BCDD54-0B5A-8C86-4E7E-A16F3CE60B81}" = Catalyst Control Center Localization All
"{84123D75-4CD1-8E59-3B05-4928F122FCC2}" = CCC Help Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D261060-84D3-FCF3-177D-969A30DB7FAA}" = Catalyst Control Center InstallProxy
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95D1FD8D-9209-4C68-B7E4-95536D21BBD1}" = AK vs DR
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE46F22-B053-4F67-81AA-50FFF822684D}" = ZEN 2011 x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A04C0520-4B34-4A58-ADC6-EFF04BB0C4D6}" = Stalingrad
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{ABE130EB-EC1A-0500-B607-D1AA01082308}" = CCC Help Thai
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACBA6D88-0035-E98C-A678-BF60D063ECA1}" = CCC Help Dutch
"{B2DB5CE2-5A7B-B321-3C29-F54D235C811F}" = CCC Help Norwegian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC1E438B-1292-C544-D333-6D9E7D9D8726}" = ATI Catalyst Install Manager
"{C42AA487-8DB6-EEDF-0DA5-27B2B710671E}" = Catalyst Control Center Graphics Previews Common
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD99FD27-BC00-07F3-91A3-E130C4CE78F5}" = CCC Help Turkish
"{CDF450C8-4B6E-1ED1-6F2D-E68597E154FE}" = CCC Help Finnish
"{E3E77710-D43D-79AD-8701-45A498760A9F}" = ccc-utility
"{E5A8A937-0D7F-9E53-820B-F28FD400026D}" = CCC Help Swedish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F84E8B79-E754-81D8-BBD6-BC8C622AE382}" = CCC Help Portuguese
"{FAED5381-DDC7-7002-07A8-CC45828D84DA}" = CCC Help Greek
"{FB04F74B-20AF-D902-250F-EBC2F7C6D5D4}" = CCC Help Japanese
"{FCB29739-3E50-4B12-B459-116ADDC60221}" = Soldiers - Heroes of World War II
"01730370C5F33FD3683B6B55F72D58B76FF402AC" = Windows-Treiberpaket - Carl Zeiss MicroImaging GmbH (tvmcam) Image  (10/06/2010 8.2.0.0)
"1489-3350-5074-6281" = JDownloader 0.9
"3637-0812-9190-9529" = Dendroscope 3.2.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BH - RT" = Blitzkrieg Anthology: BH - RT
"Blitzkrieg" = Blitzkrieg Anthology: Blitzkrieg
"Blitzkrieg 2" = Blitzkrieg 2
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Darkest Hour.A Hearts Of Iron Game_is1" = Darkest Hour.A Hearts Of Iron Game
"D-Day" = D-Day
"Foxit Reader" = Foxit Reader
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GPL Ghostscript 9.05" = GPL Ghostscript
"Green Devils" = Green Devils
"GSview 5.0" = GSview 5.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inkscape" = Inkscape 0.48.2
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MatlabR2008a" = MATLAB R2008a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Moscow to Berlin" = Moscow to Berlin : Red Siege
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Panzerkrieg Bundle" = Panzerkrieg Bundle
"pdfsam" = pdfsam
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Peter Games Officers" = Peter Games Officers
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"Sudden Strike II" = Sudden Strike II
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Write-N-Cite" = Write-N-Cite
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Jalview" = Jalview
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.01.2012 18:06:32 | Computer Name = Laptop | Source = System Restore | ID = 8211
Description =
 
Error - 08.01.2012 18:57:13 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 09.01.2012 18:33:43 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 11.01.2012 20:51:36 | Computer Name = Laptop | Source = System Restore | ID = 8193
Description =
 
Error - 11.01.2012 20:51:36 | Computer Name = Laptop | Source = System Restore | ID = 8211
Description =
 
Error - 12.01.2012 03:58:40 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 13.01.2012 03:38:38 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 13.01.2012 07:10:27 | Computer Name = Laptop | Source = System Restore | ID = 8193
Description =
 
Error - 13.01.2012 07:10:27 | Computer Name = Laptop | Source = System Restore | ID = 8211
Description =
 
Error - 14.01.2013 18:32:37 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ Cisco AnyConnect VPN Client Events ]
Error - 16.01.2013 18:07:38 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 16.01.2013 18:07:38 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4287
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 16.01.2013 18:07:38 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.01.2013 18:07:38 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.01.2013 18:27:15 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.01.2013 18:27:15 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.01.2013 18:27:15 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 16.01.2013 18:27:15 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4287
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 16.01.2013 18:27:15 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.01.2013 18:27:15 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
[ Media Center Events ]
Error - 04.12.2012 14:41:22 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:41:22 - Fehler beim Herstellen der Internetverbindung.  19:41:22
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.12.2012 14:41:43 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:41:27 - Fehler beim Herstellen der Internetverbindung.  19:41:27
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.12.2012 18:09:32 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 23:09:32 - Fehler beim Herstellen der Internetverbindung.  23:09:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.12.2012 18:09:43 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 23:09:37 - Fehler beim Herstellen der Internetverbindung.  23:09:37
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.12.2012 14:52:24 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:52:24 - Fehler beim Herstellen der Internetverbindung.  19:52:24
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.12.2012 14:52:35 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:52:29 - Fehler beim Herstellen der Internetverbindung.  19:52:29
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.12.2012 14:24:49 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:24:49 - Fehler beim Herstellen der Internetverbindung.  19:24:49
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.12.2012 14:25:06 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:24:54 - Fehler beim Herstellen der Internetverbindung.  19:24:54
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.12.2012 15:25:10 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 20:25:10 - Fehler beim Herstellen der Internetverbindung.  20:25:10
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.12.2012 15:25:22 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 20:25:15 - Fehler beim Herstellen der Internetverbindung.  20:25:15
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ OSession Events ]
Error - 13.06.2011 12:22:10 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9491
 seconds with 1440 seconds of active time.  This session ended with a crash.
 
Error - 28.01.2012 11:33:38 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 22347 seconds with 12060 seconds of active time.  This session ended with
 a crash.
 
Error - 23.02.2012 06:02:05 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1725
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 15.07.2012 17:30:43 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36624
 seconds with 10860 seconds of active time.  This session ended with a crash.
 
Error - 07.08.2012 08:00:38 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2906
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 08.08.2012 15:41:28 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 113224
 seconds with 20220 seconds of active time.  This session ended with a crash.
 
Error - 14.08.2012 20:44:42 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 132496
 seconds with 28860 seconds of active time.  This session ended with a crash.
 
Error - 14.08.2012 21:06:16 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1254
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.01.2013 19:50:48 | Computer Name = Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 14.01.2013 19:55:39 | Computer Name = Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 15.01.2013 18:23:00 | Computer Name = Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.01.2013 02:37:00 | Computer Name = Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.01.2013 14:54:16 | Computer Name = Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.01.2013 15:39:21 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 16.01.2013 15:39:22 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 16.01.2013 15:39:22 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 16.01.2013 15:39:23 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 16.01.2013 17:14:47 | Computer Name = Laptop | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >

cosinus 17.01.2013 15:02
Code:
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Hm fällt mir das jetzt erst auf :confused:

Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

sara91 17.01.2013 22:08
es ist ein privater rechner, aber die windows lizenz gibt es bei uns an der uni für studenten umsonst, daher windows professional. vorher hatte ich windows vista.

cosinus 18.01.2013 12:30
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Alle Zeitangaben in WEZ +1. Es ist jetzt 10:37 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19