Windows Verschlüsselungs Trojaner über Email

Miniemäusche · 28.04.2012, 07:17

Guten Morgen,

bevor ich jetzt anfange mein Problem zu schildern, möchte ich erst einmal etwas anderes los werden. Ich habe leider nicht so viel Ahnung von PC oder Laptop´s deswegen bitte ich, wenn ich Hilfe von euch bekomme, dass man mir das wirklich für "Doofe" erklärt. Ich kenne all die Fachbegriffe nicht und verstehe deswegen zum größten Teil nur Bahnhof

Ich danke euch für euer Verständnis

So, jetzt will ich mal mit meinem Problem anfangen.
Heute Morgen hab ich meine Email gecheckt und eine dieser tollen Emails erhalten. Ich Dummi hab natürlich gleich darauf reagiert, liegt aber daran das ich bereits schon einmal eine ähnliche Email erhalten habe, in der dann tatsächlich Geld von meinem Konto abging. Im Anhang befand sich eine als PDF Datei ausgegebene Datei. Dies wollte ich natürlich gleich öffnen. Sie ließ sich aber nicht wirklich öffnen. Es war in einer Zip (ich glaube so nennt man das) Datei verpackt. Als Hinweiß öffnete sich dann immer wieder das die Datei sich nicht öffnen lässt bis alle Programme geschlossen werden. Ich Ignorierte das und kümmerte mich nicht mehr darum. Ließ aber das Blöde Fenster dieser Zip Datei öffnen. Nach 15 min fing sich dann alles an zu schließen. Daraufhin erfolgte dieser tolle Neustart mit diesem tollen Fenster wegen dem Windows Verschlüsselungs Trojaner. Was in diesem Fenster steht wisst Ihr ja bereits.

Nach dem ich nun mit meinem Handy Google durchstöberte kam ich auf eure Seite. Oben steht: Vorgehen mit dem Verschlüsselungs Trojaner. Nummer 1 habe ich hier auf meinem Laptop durchführen können, nachdem ich mit der F5 Taste in den Abgesicherten Modus + Netzwerk (irgendwas) Zugriff hatte.

Nachdem ich alles befolgt hatte was dieses Malware Programm machen muss habe ich 6 Infizierte Dateien gehabt, diese habe ich entfernt und hier nun der Bericht:

HTML-Code:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.01

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Sandra :: SANDRA-PC [Administrator]

28.04.2012 07:40:18
mbam-log-2012-04-28 (07-40-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 198810
Laufzeit: 3 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\$Recycle.Bin\S-1-5-21-3595052920-396674201-1122903867-1001\$R9FOVXF.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-3595052920-396674201-1122903867-1001\$RCOX83C.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-3595052920-396674201-1122903867-1001\$RGN9J4S.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-3595052920-396674201-1122903867-1001\$RK1ACIU.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-3595052920-396674201-1122903867-1001\$RLFK8H5.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-3595052920-396674201-1122903867-1001\$RVRL2PW.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich habe aber noch nicht auf den Button OK geklickt um den Neustart durchzuführen, da ich mir jetzt ziemlich unsicher bin.

Ich muss noch ein paar Details bekannt geben. Ich habe lediglich die ersten 3 DVD´s die ich machen musste als ich den Laptop damals das erste mal Startete. Datensicherungen habe ich leider nie getätigt, ich befand das für unnötig, da ich nur ein Goggle/Facebook und vielleicht mal für meine Kinder Spiele Seiten Nutzer bin. Aber ich hab etliche Fotos hier auf dem Laptop, und die sind natürlich nicht wieder zu beschaffen wenn ich die nicht wieder Herstellen kann

Jetzt warte ich einfach erstmal ab, ob ich eine Antwort von euch bekomme und wenn ja, was ich dann zu befolgen habe.

Ich bleibe vorerst in dem Abgesicherten Modus, den nur so hab ich den Zugriff auf den Laptop.

Ich hoffe ich habe alles genaustens Beschrieben und Ihr versteht mein Problem. Ich danke euch für eure Zeit die Ihr opfert um erstens meinen Beitrag zu lesen und zweitens mir eventuell dann auch zu helfen.

euer Miniemäuschen

kira · 28.04.2012, 10:15

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
gehe ins Internet über "Abgesicherter Modus mit Netzwerktreibern"
Drücke beim Hochfahren des rechners [F8] solange, bis Du 3 auswahlmöglichkeiten hast:

-> wähle hier:
Abgesicherter Modus mit Netzwerktreibern

2.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

Zitat:

Boote neu und schaue nach, ob Du schon im normalen Modus arbeiten kannst?
wenn ja, so geht es weiter:

3.
Die verschlüsselten Dateien mit unserem DecryptHelper von Matthias entschlüsseln. (Java wird benötigt)
alternativ: Avira Ransom File Unlocker (bitte postet uns Eure Ergebnisse! Danke)

4.
das Malwarebytes nochmal updaten-> erneut einen Vollscan machen-> Ergebnis posten

5.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

6.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Miniemäusche · 28.04.2012, 13:53

Hallo Kira,

danke für deine Antwort!

Ich fange jetzt mal ganz in Ruhe an.
Ich habe den Laptop nun Neugestartet und kann leider immer noch nicht normal auf Windows zugreifen. Leider bin ich nach wie vor im Abgesicherten Modus+Netzwerktreibern drinnen.

So ganz kann ich dem noch nicht folgen (sorry, ich sagte ja ich hab wirklich kaum Ahnung von PC´s)

Zitat:

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Wo und Wann klicke ich das an? jetzt auf Desktop gehen und dann rechte Maustaste? *ohman wie peinlich, tut mir schrecklich leid das ich dass nicht kann*

Java ist eigentlich drauf, leider weiß ich aber nicht ob es die aktuelle Version ist!
Mit dem Programm DecryptHelper von Matthias kenne ich mich nicht aus. Bevor ich es betätige hoffe ich auch hier auf Hilfe wie dies Funktioniert und wie ich damit umgehen muss/soll?!
(Download erfolgt gleich)

Punkt 6, soll ich diesen auch sofort ausführen?

Ich warte jetzt erstmal neue Anweißungen ab

Danke nochmals

Hier die Textdatei von CCleaner

Code:

ATTFilter

Acrobat.com	Adobe Systems Incorporated	15.09.2010	1,61MB	1.6.65
Adobe AIR	Adobe Systems Inc.	15.09.2010		1.5.0.7220
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	05.05.2011	6,00MB	10.1.102.64
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	12.02.2011	6,00MB	10.2.152.26
Adobe Photoshop Elements 8.0	Adobe Systems Incorporated	21.10.2010	1.577MB	8.0
Adobe Reader 9.1 MUI	Adobe Systems Incorporated	15.09.2010	650MB	9.1.0
Aquamarin Haushaltsbuch 2.9.2 b	makasy.com	22.02.2012	17,4MB	
Ask Toolbar	Ask.com	20.04.2012	4,75MB	1.15.1.0
Ask Toolbar Updater	Ask.com	20.04.2012		1.2.1.22229
Avira AntiVir Personal - Free Antivirus	Avira GmbH	13.02.2012	67,7MB	10.2.0.707
Broadcom Gigabit NetLink Controller	Broadcom Corporation	15.09.2010	0,37MB	12.52.04
CCleaner	Piriform	27.04.2012		3.18
Cheat Engine 6.1	Dark Byte	05.10.2011	23,6MB	
DAEMON Tools Lite	DT Soft Ltd	24.04.2011		4.40.2.0131
Die Sims™ 3	Electronic Arts	25.04.2011		1.19.44
Die Sims™ 3 Design-Garten-Accessoires	Electronic Arts	25.04.2011		7.0.55
Die Sims™ 3 Luxus-Accessoires	Electronic Arts	25.04.2011		3.0.38
Die Sims™ 3 Reiseabenteuer	Electronic Arts	25.04.2011		2.0.86
Die*Sims™*3 Erstelle einen Sim	Electronic Arts	25.04.2011		1.0.25
DivX-Setup	DivX, LLC	14.04.2012		2.6.1.8
EA Download Manager	Electronic Arts, Inc.	24.04.2011		7.3.7.4
Efficient Diary 1.98	Efficient Software	04.09.2011	13,2MB	
EuroTalk Talk Now!	EuroTalk Interactive	16.02.2011	23,7MB	2.4.5.3
Facebook Video Calling 1.2.0.159	Skype Limited	20.03.2012	4,76MB	1.2.159
Free Audio CD Burner version 1.4.8	DVDVideoSoft Limited.	26.05.2011	10,6MB	
Free YouTube to MP3 Converter version 3.10.15.1228	DVDVideoSoft Ltd.	03.01.2012	85,6MB	
GiftBox+	Breakpoint Software Development	07.06.2011		1.0
Google Chrome	Google Inc.	02.02.2011		18.0.1025.162
Google Earth Plug-in	Google	19.04.2012	48,7MB	6.2.2.6613
HP Customer Participation Program 13.0	HP	24.09.2011		13.0
HP Imaging Device Functions 13.0	HP	24.09.2011		13.0
HP Photosmart Essential 3.5	HP	24.09.2011		3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B	HP	24.09.2011		13.0
HP Smart Web Printing 4.51	HP	24.09.2011		4.51
HP Solution Center 13.0	HP	24.09.2011		13.0
HP Update	Hewlett-Packard	24.09.2011	3,73MB	4.000.011.006
Identity Card	Packard Bell	21.10.2010		1.00.3003
iLivid	Bandoo Media Inc	28.03.2012		1.92
Intel(R) Management Engine Components	Intel Corporation	16.09.2010		6.0.0.1179
Intel(R) Rapid Storage Technology	Intel Corporation	16.09.2010		9.6.2.1001
Intel(R) Turbo Boost Technology Driver	Intel Corporation	22.10.2010		01.02.00.1002
Java(TM) 6 Update 22	Oracle	03.02.2011	97,1MB	6.0.220
Java(TM) 6 Update 29	Oracle	13.12.2011	95,0MB	6.0.290
JDownloader	AppWork UG (haftungsbeschränkt)	03.04.2011		
Launch Manager	Packard Bell	21.10.2010		4.0.14
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	27.04.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	06.02.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	06.02.2011	2,94MB	4.0.30319
Microsoft Office 2010	Microsoft Corporation	21.10.2010	6,31MB	14.0.4763.1000
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	15.09.2011		14.0.4763.1000
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	15.09.2011		14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	16.02.2012	174,2MB	4.1.10111.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	21.10.2010	1,72MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	23.01.2012	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	12.04.2011	0,77MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	12.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	15.09.2010	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	15.09.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	15.09.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,59MB	9.0.30729.6161
Microsoft WSE 3.0 Runtime	Microsoft Corp.	24.04.2011	0,92MB	3.0.5305.0
Mozilla Firefox (3.6.25)	Mozilla	25.12.2011		3.6.25 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	05.02.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	05.02.2011	1,33MB	4.20.9876.0
Nero 9 Essentials	Nero AG	15.09.2010		
Norton Security Scan	Symantec Corporation	27.10.2011		3.5.1.8
NuvaTime	Organon Inc.	26.03.2012	1,06MB	1.00.0000
NVIDIA Display Control Panel	NVIDIA Corporation	21.10.2010	135,0MB	6.14.12.5922
NVIDIA Drivers	NVIDIA Corporation	21.10.2010	65,1MB	1.10.62.40
NVIDIA PhysX	NVIDIA Corporation	21.10.2010	80,1MB	9.10.0224
OCR Software by I.R.I.S. 13.0	HP	24.09.2011		13.0
Octoshape Streaming Services	Octoshape ApS	13.05.2011		
OpenOffice.org 3.3	OpenOffice.org	03.02.2011	415MB	3.3.9567
Packard Bell Games	WildTangent	21.10.2010		1.0.1.3
Packard Bell InfoCentre	Packard Bell	21.10.2010		3.02.3000
Packard Bell MyBackup	NewTech Infosystems	15.09.2010	33,3MB	2.0.0.68
Packard Bell Power Management	Packard Bell	21.10.2010		5.00.3005
Packard Bell Recovery Management	Packard Bell	15.09.2010		4.05.3013
Packard Bell Registration	Packard Bell	21.10.2010		1.03.3003
Packard Bell ScreenSaver	Packard Bell 	21.10.2010		1.1.0806.2010
Packard Bell Social Networks	CyberLink Corp.	15.09.2010	25,9MB	1.0.1901
Packard Bell Updater	Packard Bell	15.09.2010		1.02.3001
PhotoScape		10.03.2012		
PowerISO	PowerISO Computing, Inc.	24.04.2011		4.7
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	21.10.2010		6.0.1.6141
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	15.09.2010		6.1.7600.30122
SDFormatter	SD Association	11.05.2011	1,21MB	3.0.0
Searchqu Toolbar	Bandoo Media Inc	28.03.2012		3.0.0.122375
Shop for HP Supplies	HP	24.09.2011		13.0
Skype™ 5.1	Skype Technologies S.A.	02.02.2011	22,7MB	5.1.112
Synaptics Pointing Device Driver	Synaptics Incorporated	21.10.2010		14.0.19.0
Uninstall 1.0.0.1		26.05.2011	11,2MB	
Video Web Camera	Chicony Electronics Co.,Ltd.	21.10.2010		1.7.137.706
Welcome Center	Packard Bell	21.10.2010		1.02.3004
Windows Live Essentials	Microsoft Corporation	03.02.2011		15.4.3508.1109
Windows Live Sync	Microsoft Corporation	21.10.2010	2,79MB	14.0.8117.416
WinRAR 4.00 (32-Bit)	win.rar GmbH	03.04.2011		4.00.0
Yahoo! Toolbar		24.09.2011		
Überwachungstool für die Intel® Turbo-Boost-Technik	Intel	21.10.2010	1,13MB	1.0.186.6

Programm CCleaner hab ich als Admistrator ausgeführt

ich hoffe ich hab das richtig reingepostet?

So nach dem auch ICH das tolle Programm verstanden hab, um die Dateien zu entschlüsseln (anhand von einem Orginal Windows Bild gemacht) bin ich schon seit einigen Stündchen dabei die Dateien wieder "herzustellen"

Doch wenn ich den Ordner c/ entschlüssel möchte streikt das Programm...... es kommt auch nach einer halben Stunde keine Meldung wieviel Dateien er wiederhergestellt hat. Soll ich da nun länger warten?

Wenn das nun alles geklappt hat, soll ich dann nochmal das Malware Programm durchlaufen lassen, aber diesmal mit Vollscan? und braucht ihr davon auch wieder die Logdatei?

Wenn ich das gemacht habe, muss ich dann dieses OLT Programm trotzdem durchführen? Ich hab irgendwo hier im Forum gelesen, das man das nur anhand von einer CD kann?! kann ich das auch direkt hier am Laptop ohne CD machen?

Oh man sorry, ich bin so verunsichert :-/
Hoffentlich sind jetzt meine ganze Foto´s gesicher und wiederhergestellt?

Fragen über Fragen, es tut mir so leid

Wie ich feststellen muss, stellt mir das Programm nicht alle Dateien wieder her

Wenn ich auf das Programm gehe, und einen Ordnen entschlüssel möchte, suche ich den mir aus. Leider sind laut dem Programm aber keine lockes Dateien mehr drinnen. Wenn ich aber ganz Normal auf Festplatte C gehe und zum Beispiel auf Benutzer und und und, dann sehe ich das einige Musikdateien noch nicht wieder hergestellt sind, ebenso die Beispielbilder in den vorgesehenen Ordner...

Ist das so richtig?

Zitat:

Zitat von kira

4.
das Malwarebytes nochmal updaten-> erneut einen Vollscan machen-> Ergebnis posten

das hab ich getan, folgendes kam beim letzten Scan raus:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.05

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Sandra :: SANDRA-PC [Administrator]

28.04.2012 21:39:40
mbam-log-2012-04-28 (21-39-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 390680
Laufzeit: 41 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

kira · 28.04.2012, 21:37

Zitat:

Wo und Wann klicke ich das an? jetzt auf Desktop gehen und dann rechte Maustaste? *ohman wie peinlich, tut mir schrecklich leid das ich dass nicht kann*

auf das Programm (z.B Malwarebytes, OTL, CCleaner usw) Rechtsklick-> im Kontextmenü "Als Administrator ausführen" wählen

bist Du also im abgesicherten Modus?

1.
Deinstalliere:

Zitat:

Ask Toolbar Ask.com
Ask Toolbar Updater Ask.com
Yahoo! Toolbar
Norton Security Scan
Searchqu Toolbar

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Miniemäusche · 28.04.2012, 21:41

so und nun ist auch das letzte Programm durchgelaufen, das OLT

OLT.txt

Code:

ATTFilter

OTL logfile created on: 28.04.2012 22:29:54 - Run 1
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\Sandra\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 69,24% Memory free
7,73 Gb Paging File | 6,75 Gb Available in Paging File | 87,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 342,46 Gb Free Space | 75,66% Space Free | Partition Type: NTFS
 
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sandra\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll ()
MOD - C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll ()
MOD - C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll ()
MOD - C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0BE8B3AA-A1FF-479F-A2E3-E6D0E8A9EB62}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000SUDE&apn_uid=AEE9CDC2-CAAA-4C5B-99B2-0A8848586C1E&apn_sauid=745BCDE3-B3DA-4E6C-BFCA-469248EEEE60
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js - File not found
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Sandra\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sandra\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.25 11:17:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.15 19:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.26 13:31:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.26 13:31:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.25 11:17:31 | 000,000,000 | ---D | M]
 
[2012.04.28 06:55:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions
[2012.04.28 06:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\6ip7ogna.default\extensions
[2012.04.28 06:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\6ip7ogna.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.04.28 06:55:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\6ip7ogna.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.04.28 06:55:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\6ip7ogna.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.28 06:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\6ip7ogna.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.04.04 11:48:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\6ip7ogna.default\extensions\engine@conduit.com
[2012.04.28 06:55:21 | 000,002,519 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\6ip7ogna.default\searchplugins\locked-Search_Results.xml.pgrn
[2012.03.29 17:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.02.04 17:39:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.04 16:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.07 20:56:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.08.31 14:26:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.12.14 15:43:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.04.15 19:24:51 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.09.25 11:17:31 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2012.03.29 17:46:58 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011.12.14 15:43:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.15 08:14:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.15 08:14:23 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.15 08:14:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.29 17:46:53 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2011.11.15 08:14:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.15 08:14:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=164&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Sandra\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Sandra\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Sandra\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Glow = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb\1.0_0\locked-.cmcc
CHR - Extension: YouTube = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\locked-.kcpl
CHR - Extension: Google-Suche = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\locked-.rsrs
CHR - Extension: PAYBACK Toolbar f\u00FCr Google Chrome = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dakmcddjdjakenhpbpnjhjiekppibiep\1.0.0.16_0\locked-.uzri
CHR - Extension: Stylish = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.8_0\locked-.chby
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.zzzr
CHR - Extension: Google Mail = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\locked-.kesp
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EfficientDiary]  File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [1847620C] C:\Users\Sandra\AppData\Roaming\Ynwusjfefdf\D7AE9EFE1847620CE0C6.exe (Pigna colada)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook Update] "C:\Users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [Google Update] "C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Sandra\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65C364B0-A726-44C0-91B4-4D9D4CAA4307}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C207321A-ADB5-467F-9E61-A91E16F1FD05}: DhcpNameServer = 82.212.62.62 78.42.43.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.28 20:35:55 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\Verschlüsselte Dateien
[2012.04.28 20:33:45 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\neue Dateien
[2012.04.28 14:55:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2012.04.28 14:44:32 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{83130ED1-9B30-4346-B0ED-5F0FCB900532}
[2012.04.28 07:39:14 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Malwarebytes
[2012.04.28 07:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.28 07:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.28 07:39:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.28 07:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.28 07:22:19 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{AE168578-03D2-4A36-A627-B721718DAAA1}
[2012.04.28 07:22:08 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{F3708C86-02A9-4B8B-BFD8-3FECD5C92692}
[2012.04.28 07:03:24 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{FF7265CB-3D45-4961-9959-2FF035DD9B47}
[2012.04.28 07:03:13 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{4CA7F6B0-2646-4AA6-92A6-07498036116B}
[2012.04.28 06:43:34 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Ynwusjfefdf
[2012.04.24 10:22:47 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\nageldesign fotos
[2012.04.20 22:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.04.17 14:43:21 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\EBAY
[2012.04.13 03:32:33 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{0ACDB19C-13E7-4C0D-8F26-70651F143FF2}
[2012.04.13 03:05:19 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.13 03:05:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.13 03:05:18 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.13 03:05:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.13 03:05:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.13 03:05:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.13 03:05:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.13 03:05:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.13 03:05:16 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.13 03:05:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.13 03:05:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.13 03:04:58 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.13 03:04:57 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.13 03:04:57 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.13 03:01:09 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.13 03:01:08 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.13 03:01:01 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.10 21:44:25 | 000,000,000 | ---D | C] -- C:\Users\Sandra\.jordan
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.28 21:43:01 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.28 21:43:01 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.28 21:43:01 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.28 21:43:01 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.28 21:43:01 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.28 21:42:08 | 000,606,208 | ---- | M] () -- C:\Users\Sandra\Documents\MyDiary.edf
[2012.04.28 21:32:03 | 000,004,096 | ---- | M] () -- C:\decrypt.key
[2012.04.28 21:27:22 | 000,004,096 | ---- | M] () -- C:\Users\Sandra\Desktop\decrypt.key
[2012.04.28 20:28:05 | 000,595,284 | ---- | M] () -- C:\Users\Sandra\Desktop\Hydrangeas.jpg
[2012.04.28 15:02:27 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.28 14:55:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2012.04.28 14:54:47 | 000,017,202 | ---- | M] () -- C:\Users\Sandra\Desktop\DecryptHelper-0.5.jar
[2012.04.28 14:45:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.28 14:45:41 | 3113,250,816 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.28 14:43:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.28 07:39:09 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.28 07:23:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.28 07:23:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.28 06:59:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.28 06:57:41 | 000,606,208 | ---- | M] () -- C:\Users\Sandra\Documents\locked-MyDiary.edf.ptpf
[2012.04.28 06:56:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595052920-396674201-1122903867-1001UA.job
[2012.04.28 06:53:35 | 000,595,284 | ---- | M] () -- C:\Users\Sandra\Desktop\locked-Hydrangeas.jpg.eetn
[2012.04.28 04:33:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3595052920-396674201-1122903867-1001UA.job
[2012.04.27 16:29:01 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sandra.job
[2012.04.27 13:33:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3595052920-396674201-1122903867-1001Core.job
[2012.04.27 11:56:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595052920-396674201-1122903867-1001Core.job
[2012.04.13 19:57:33 | 000,002,415 | ---- | M] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.04.28 21:42:07 | 000,606,208 | ---- | C] () -- C:\Users\Sandra\Documents\MyDiary.edf
[2012.04.28 21:32:03 | 000,004,096 | ---- | C] () -- C:\decrypt.key
[2012.04.28 20:31:26 | 000,004,096 | ---- | C] () -- C:\Users\Sandra\Desktop\decrypt.key
[2012.04.28 20:30:41 | 000,595,284 | ---- | C] () -- C:\Users\Sandra\Desktop\locked-Hydrangeas.jpg.eetn
[2012.04.28 20:28:07 | 000,595,284 | ---- | C] () -- C:\Users\Sandra\Desktop\Hydrangeas.jpg
[2012.04.28 14:57:25 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.28 14:54:46 | 000,017,202 | ---- | C] () -- C:\Users\Sandra\Desktop\DecryptHelper-0.5.jar
[2012.04.28 07:39:09 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.09.25 11:12:34 | 000,245,541 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.09.25 11:12:34 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.09.16 18:19:02 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.06 21:07:00 | 000,000,128 | ---- | C] () -- C:\Windows\wininit.ini
[2011.02.03 18:16:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.03 17:36:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.22 04:10:30 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.10.22 04:10:30 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Sandra\Downloads:Shareaza.GUID

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 28.04.2012 22:29:54 - Run 1
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\Sandra\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 69,24% Memory free
7,73 Gb Paging File | 6,75 Gb Available in Paging File | 87,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 342,46 Gb Free Space | 75,66% Space Free | Partition Type: NTFS
 
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DFB7FD-86B1-4650-9204-836292BD0937}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{04844DD8-4D94-4613-9259-69D0DAC8D0F2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{06FE666A-33D6-4463-80FE-47DC504E9488}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{19008A0A-FE48-4359-961C-2420EA171323}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1B7E87DF-0029-4AAD-8535-9DD184983CAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2542A00C-1C27-4CF0-A02C-707185E65C7D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{27CECCE9-771F-46D8-B812-F74A11F475CE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{374CC9D9-8370-491C-B941-ED62209425F4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{38CCDC95-1FFC-4FE7-A98F-C2704768B7CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4FC52700-DF76-4535-AEB1-F0E43DF0F96C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{57102C8F-D853-4751-8081-9B1CE1DC9195}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6F2C8507-CC5E-473A-B5D9-87F84DA841FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{738D763F-04B4-4463-ADAD-5DD94EF3DEC7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{74C30A26-B32C-449A-9B6E-5EA3232D01C3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{860F3874-1125-4766-AEBD-EA7A7D7D288A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{97EEC83D-C743-4AD8-99B3-D7F2A8B315C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A63E7AD-131F-47C7-B1EA-C6AAC2645B28}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A1DBF9F8-CBC7-447E-83C9-831A07EC9FE3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC6ABC1C-98AF-4060-B614-F4D95077ABA7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B13A024B-62FD-4C5F-9947-6C38E858F9FC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B29CB510-DB78-462E-91C4-C365D63A5A61}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C22054A6-ED2E-4AFC-B316-A5BDEF127767}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3326AA9-46CE-4B7B-9763-C100834B91E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C43C59F3-A52C-457A-AF06-6C70571D1A9D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E44613A3-F057-4730-A360-085FA0420355}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF5F94BF-D206-4D08-83FB-90A87F592055}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F5223F75-3499-4353-9054-799104D7590F}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003FB8AB-EB3C-4A43-85D1-7E01ACB0032D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{0462A320-10EF-44F5-A96B-190ACBB332D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{1047783A-044C-40E4-A224-2FB54D279498}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{138FBF3B-9E62-4FF2-ACE2-1AF7EAFE9ED8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{160170BC-B0C6-45C6-8D64-452024485CE4}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{163ECE78-CB5D-4FB5-B0EC-B8311B15B66D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{176FA848-C57E-47BF-B123-210A1B704F1E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{1D456FF8-9BC6-4B18-A2FE-E0656E9ADBC8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{24DD65C9-19F6-45A5-9247-1B038891C1F6}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{27BDC930-B16F-42A9-8CC1-9AB125E3D771}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{29FE65BA-0DE6-4B76-8307-EADE9A2C360C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E577538-F278-4D74-9AE7-41F08639187C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{4233EECE-9512-4093-B467-B0C4BEC566A7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4254C723-DF3D-4C10-9D7D-9FE1BBB201A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{45120918-A843-44E7-B365-89778ADC5D81}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4C49E354-18BD-40F2-8139-9D5F487FFD44}" = protocol=6 | dir=out | app=system | 
"{56506F0B-1D98-4ACB-BD33-3BDD0A095BC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{5B80B790-0581-4F91-9F4F-9855D278945E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{628B41F4-758A-41B2-8035-5FE4F150063E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{653564B7-18E0-4E2B-80BF-06FC44B1D44C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6A3AE8B1-3FAB-4854-B3E5-7101F4355552}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{6E0231B5-0F9C-409C-ABCE-A8805594E1DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{70B7F53B-1FE0-4231-806E-15A9CE3D668D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{71E33F9D-DE75-41E8-B2F8-C0ECA6165D2F}" = dir=in | app=c:\users\sandra\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{72CC14E9-FB69-4399-BA35-643E4DF15AD1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{73A224A2-0216-4FE7-A76E-643A48F936E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{78378B62-BA10-4874-B917-0D6037B3C9BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{835E749D-CBA0-4955-8BF0-3F229278615F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{83ECBAE0-33AE-4E4C-9940-3047B03601B3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{8D323A25-BBDC-4EDE-B274-60546AF1D8E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DE402AC-6BDE-4131-9429-8E5D41C6DE41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{9194B49A-0F90-46C8-8BB8-E11CB9480D87}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{92C193F0-2C8E-4640-A75E-A81872EB0AC0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{9BC39A99-CAB1-4187-A26B-AACAC7E07BF9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{9CAA6D9C-4061-4688-902A-BB87EBDBB910}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{9DAB76A9-96A0-4EAE-9B81-4E834B5D49D3}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{A376BF8A-7710-45D4-88F2-01DE439F2210}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A577A004-4C14-4FBB-BB56-19E285A07863}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{B05E7FA1-151D-4BEF-8FC3-19BC0556D71B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B39CBF5D-619E-4CBB-A490-30A58FBD43C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B8E979AF-378F-4818-8EDD-4B2FA3F74164}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C160F878-DBFF-4CDE-9E79-5D02B3EE9A2B}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{C7A07F79-5593-4471-A659-A8C4DA442442}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CB4FF92B-2601-48A7-B497-A652A84BE14D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CDCB3A00-4F61-4943-9E77-0821D8A80E48}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{D691343E-178F-44D7-89B0-487730E740F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{E12462AF-110C-4D3F-989F-805BD1F86153}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3F5EEAB-EA2C-40B3-AF5B-BD258152F23A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EC852D20-860C-42FF-9ED3-ABDE25546459}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{F642FCDE-FC73-4B9B-A891-B880501A120E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{FC691478-B48D-4723-84D1-1E339A27D1F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FE3B79D4-FB14-4E5F-A9BF-F79CB9B7CD86}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{77B580A9-3704-437B-ACB2-FD0D17A4CB9A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{85B264F3-F5CA-4F9E-85CD-49D45FD7E417}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{A660C5E9-026C-4F3E-99B1-76E3A5BAECC2}C:\users\sandra\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\sandra\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{CBD8E1F6-73A2-4682-B5B5-44A7A3189B47}C:\program files (x86)\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe | 
"TCP Query User{FF0FDF11-FD70-423F-9F1D-4046EFB79975}C:\program files (x86)\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | 
"UDP Query User{2FF389F7-29EE-408B-8F39-A723BDB1A8C5}C:\program files (x86)\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe | 
"UDP Query User{34435128-648E-49BA-98E1-75118489FD15}C:\program files (x86)\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | 
"UDP Query User{8286FC8E-4D4A-4FC1-888C-9E3D226AE9CF}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{930082C9-0F7D-4660-B3FA-65CB7BC26974}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{93ECE8BC-9742-47D0-A967-63FD35E8875C}C:\users\sandra\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\sandra\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FB5D5F7-5BDD-4135-86D8-0F664D9F3845}" = EuroTalk Talk Now!
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Aquamarin Haushaltsbuch 2.9.2 b
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89173B88-384A-459B-B687-9C0BBC934EF4}" = Die*Sims™*3 Erstelle einen Sim
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{a4622ae9-a6a0-4660-af87-65351e0e1d0e}" = Nero 9 Essentials
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B93F248A-3355-45EB-B439-B00455CED6B2}" = NuvaTime
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"EADM" = EA Download Manager
"Efficient Diary_is1" = Efficient Diary 1.98
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"GiftBox+" = GiftBox+
"Identity Card" = Identity Card
"iLivid" = iLivid
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"NSS" = Norton Security Scan
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PhotoScape" = PhotoScape
"PowerISO" = PowerISO
"Searchqu Toolbar" = Searchqu Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088292" = Zuma Deluxe
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
"Yahoo! Companion" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

ja ich bin im abgesicherten Modus...

wie deinstalliere ich das? im CCleaner?

edit

im CCleaner lässt sich ask toolbar nicht deinstallieren, folgendes Hinweis Fenster öffnet sich:

Code:

ATTFilter

 Auf den Windows Installer-Dienst konnte nicht zugegriffen werden. Dies kann Auftretten, wenn der Windows Installer nicht richtig installiert wurde. Wenden Sie sich an den Support, um weitere Unterstützung zu erhalten.

edit

Zitat:

Ask Toolbar Ask.com
Ask Toolbar Updater Ask.com
Yahoo! Toolbar
Norton Security Scan
Searchqu Toolbar

Norton Security scan, verlangte einen Neustart, den ich auch durchführte. Ich versuchte eben noch einmal im normalen Modus von Windows rein zu kommen. Doch leider öffnet sich immer noch das tolle Fenster. Trojaner scheint nach wie vor noch drauf zu sein.

Die zwei lassen sich auch nach dem Neustart nicht entfernen:
Ask Toolbar Ask.com
Ask Toolbar Updater Ask.com

und ich bin immer noch im Abgesichertem Modus+Netzwerktreibern

kira · 28.04.2012, 23:56

Zitat:

Zitat von Miniemäusche

wie deinstalliere ich das? im CCleaner?

edit

im CCleaner lässt sich ask toolbar nicht deinstallieren, folgendes Hinweis Fenster öffnet sich:

darf ich dich bitten NUR das machen was in der Anweisungen steht?! Wenn ich nicht extra CCleaner erwähnt habe, dann das heißt, über normalen Weg deinstallieren!
Programme deinstalliert man so:

Zitat:

"Start > Systemsteuerung > Programme deinstallieren"

Nach neue Plan bitte nur folgendes machen:

1.
deinstalliere (falls existiert) unter "Start > Systemsteuerung > Programme deinstallieren"

Code:

ATTFilter

Shareaza

die Nutzung der von Filesharing (Filesharing (deutsch "Dateifreigabe" oder "gemeinsamer Dateizugriff", wörtlich "Dateien teilen") )- Plattformen ...

Zitat:

Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!

Selbst wenn du glaubst, dass Du ein „sicheres“ P2P Programm verwendest, nicht mal das Programm selbst sicher, da Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!

Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen!

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht):

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0BE8B3AA-A1FF-479F-A2E3-E6D0E8A9EB62}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000SUDE&apn_uid=AEE9CDC2-CAAA-4C5B-99B2-0A8848586C1E&apn_sauid=745BCDE3-B3DA-4E6C-BFCA-469248EEEE60
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
[2011.04.04 11:48:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\6ip7ogna.default\extensions\engine@conduit.com
[2012.04.28 06:55:21 | 000,002,519 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\6ip7ogna.default\searchplugins\locked-Search_Results.xml.pgrn
[2012.03.29 17:46:53 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2011.11.15 08:14:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [1847620C] C:\Users\Sandra\AppData\Roaming\Ynwusjfefdf\D7AE9EFE1847620CE0C6.exe (Pigna colada)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe
[2012.04.28 14:43:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.28 06:59:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.28 06:56:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595052920-396674201-1122903867-1001UA.job
[2012.04.28 04:33:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3595052920-396674201-1122903867-1001UA.job
[2012.04.27 16:29:01 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sandra.job
[2012.04.27 13:33:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3595052920-396674201-1122903867-1001Core.job
[2012.04.27 11:56:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3595052920-396674201-1122903867-1001Core.job
@Alternate Data Stream - 16 bytes -> C:\Users\Sandra\Downloads:Shareaza.GUID

:Files
C:\Users\Sandra\AppData\Roaming\Ynwusjfefdf\D7AE9EFE1847620CE0C6.exe
C:\Users\Sandra\AppData\Roaming\Ynwusjfefdf
ipconfig /flushdns /c
:Commands
[purity]
[REBOOT]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

kannst jetzt im normalen Modus starten?

Miniemäusche · 29.04.2012, 11:22

Hallo Kira, tut mir leid, dass wollte ich nicht!
Ich gelobe verbesserung und fahre nur noch anhand deiner Anweißungen vor.

die zwei Ask Programme lassen sich nach wie vor nicht entfernen.

aber ich konnte alle anderen Programme ganz normal über die Systemsteuerung entfernen. Das mit dem Programm Shareaza, wusste ich nicht! Hier gehen leider mehrere Leute an den Laptop, von daher weiß ich nicht wer der Übeltäter war!
Aber auch dieses Programm hab ich entfernt!

Ich hab dir mal ne neue Textdatei raus gelassen was nun zum aktuellen Zeitpunkt noch für Programme drauf sind:

Code:

ATTFilter

Acrobat.com	Adobe Systems Incorporated	15.09.2010	1,61MB	1.6.65
Adobe AIR	Adobe Systems Inc.	15.09.2010		1.5.0.7220
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	05.05.2011	6,00MB	10.1.102.64
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	12.02.2011	6,00MB	10.2.152.26
Adobe Photoshop Elements 8.0	Adobe Systems Incorporated	21.10.2010	1.577MB	8.0
Adobe Reader 9.1 MUI	Adobe Systems Incorporated	15.09.2010	650MB	9.1.0
Ask Toolbar	Ask.com	20.04.2012	4,75MB	1.15.1.0
Ask Toolbar Updater	Ask.com	20.04.2012		1.2.1.22229
Avira AntiVir Personal - Free Antivirus	Avira GmbH	13.02.2012	67,7MB	10.2.0.707
Broadcom Gigabit NetLink Controller	Broadcom Corporation	15.09.2010	0,37MB	12.52.04
CCleaner	Piriform	27.04.2012		3.18
DAEMON Tools Lite	DT Soft Ltd	24.04.2011		4.40.2.0131
Die Sims™ 3	Electronic Arts	25.04.2011		1.19.44
Die Sims™ 3 Design-Garten-Accessoires	Electronic Arts	25.04.2011		7.0.55
Die Sims™ 3 Luxus-Accessoires	Electronic Arts	25.04.2011		3.0.38
Die Sims™ 3 Reiseabenteuer	Electronic Arts	25.04.2011		2.0.86
Die*Sims™*3 Erstelle einen Sim	Electronic Arts	25.04.2011		1.0.25
DivX-Setup	DivX, LLC	14.04.2012		2.6.1.8
Efficient Diary 1.98	Efficient Software	04.09.2011	13,2MB	
EuroTalk Talk Now!	EuroTalk Interactive	16.02.2011	23,7MB	2.4.5.3
Facebook Video Calling 1.2.0.159	Skype Limited	20.03.2012	4,76MB	1.2.159
Free Audio CD Burner version 1.4.8	DVDVideoSoft Limited.	26.05.2011	10,6MB	
Free YouTube to MP3 Converter version 3.10.15.1228	DVDVideoSoft Ltd.	03.01.2012	85,6MB	
GiftBox+	Breakpoint Software Development	07.06.2011		1.0
Google Chrome	Google Inc.	02.02.2011		18.0.1025.162
Google Earth Plug-in	Google	19.04.2012	48,7MB	6.2.2.6613
HP Customer Participation Program 13.0	HP	24.09.2011		13.0
HP Imaging Device Functions 13.0	HP	24.09.2011		13.0
HP Photosmart Essential 3.5	HP	24.09.2011		3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B	HP	24.09.2011		13.0
HP Smart Web Printing 4.51	HP	24.09.2011		4.51
HP Solution Center 13.0	HP	24.09.2011		13.0
HP Update	Hewlett-Packard	24.09.2011	3,73MB	4.000.011.006
Identity Card	Packard Bell	21.10.2010		1.00.3003
iLivid	Bandoo Media Inc	28.03.2012		1.92
Intel(R) Management Engine Components	Intel Corporation	16.09.2010		6.0.0.1179
Intel(R) Rapid Storage Technology	Intel Corporation	16.09.2010		9.6.2.1001
Intel(R) Turbo Boost Technology Driver	Intel Corporation	22.10.2010		01.02.00.1002
Java(TM) 6 Update 22	Oracle	03.02.2011	97,1MB	6.0.220
Java(TM) 6 Update 29	Oracle	13.12.2011	95,0MB	6.0.290
JDownloader	AppWork UG (haftungsbeschränkt)	03.04.2011		
Launch Manager	Packard Bell	21.10.2010		4.0.14
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	27.04.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	06.02.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	06.02.2011	2,94MB	4.0.30319
Microsoft Office 2010	Microsoft Corporation	21.10.2010	6,31MB	14.0.4763.1000
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	15.09.2011		14.0.4763.1000
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	15.09.2011		14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	16.02.2012	174,2MB	4.1.10111.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	21.10.2010	1,72MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	23.01.2012	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	12.04.2011	0,77MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	12.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	15.09.2010	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	15.09.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	15.09.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,59MB	9.0.30729.6161
Microsoft WSE 3.0 Runtime	Microsoft Corp.	24.04.2011	0,92MB	3.0.5305.0
Mozilla Firefox (3.6.25)	Mozilla	25.12.2011		3.6.25 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	05.02.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	05.02.2011	1,33MB	4.20.9876.0
Nero 9 Essentials	Nero AG	15.09.2010		
NuvaTime	Organon Inc.	26.03.2012	1,06MB	1.00.0000
NVIDIA Display Control Panel	NVIDIA Corporation	21.10.2010	135,0MB	6.14.12.5922
NVIDIA Drivers	NVIDIA Corporation	21.10.2010	65,1MB	1.10.62.40
NVIDIA PhysX	NVIDIA Corporation	21.10.2010	80,1MB	9.10.0224
OCR Software by I.R.I.S. 13.0	HP	24.09.2011		13.0
Octoshape Streaming Services	Octoshape ApS	13.05.2011		
OpenOffice.org 3.3	OpenOffice.org	03.02.2011	415MB	3.3.9567
Packard Bell Games	WildTangent	21.10.2010		1.0.1.3
Packard Bell InfoCentre	Packard Bell	21.10.2010		3.02.3000
Packard Bell MyBackup	NewTech Infosystems	15.09.2010	33,3MB	2.0.0.68
Packard Bell Power Management	Packard Bell	21.10.2010		5.00.3005
Packard Bell Recovery Management	Packard Bell	15.09.2010		4.05.3013
Packard Bell Registration	Packard Bell	21.10.2010		1.03.3003
Packard Bell ScreenSaver	Packard Bell 	21.10.2010		1.1.0806.2010
Packard Bell Social Networks	CyberLink Corp.	15.09.2010	25,9MB	1.0.1901
Packard Bell Updater	Packard Bell	15.09.2010		1.02.3001
PhotoScape		10.03.2012		
PowerISO	PowerISO Computing, Inc.	24.04.2011		4.7
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	21.10.2010		6.0.1.6141
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	15.09.2010		6.1.7600.30122
SDFormatter	SD Association	11.05.2011	1,21MB	3.0.0
Shop for HP Supplies	HP	24.09.2011		13.0
Skype™ 5.1	Skype Technologies S.A.	02.02.2011	22,7MB	5.1.112
Synaptics Pointing Device Driver	Synaptics Incorporated	21.10.2010		14.0.19.0
Uninstall 1.0.0.1		26.05.2011	11,2MB	
Video Web Camera	Chicony Electronics Co.,Ltd.	21.10.2010		1.7.137.706
Welcome Center	Packard Bell	21.10.2010		1.02.3004
Windows Live Essentials	Microsoft Corporation	03.02.2011		15.4.3508.1109
Windows Live Sync	Microsoft Corporation	21.10.2010	2,79MB	14.0.8117.416
WinRAR 4.00 (32-Bit)	win.rar GmbH	03.04.2011		4.00.0
Überwachungstool für die Intel® Turbo-Boost-Technik	Intel	21.10.2010	1,13MB	1.0.186.6

Bei Punkt zwei, waren plötzlich zwei neue Textdokumente da, ich poste dir einfach mal bei.

Code:

ATTFilter

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Internet Explorer.lnk=@%windir%\System32\ie4uinit.exe,-734

und das zweite Textdokument:

Code:

ATTFilter

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
User's Guide (Packard Bell InfoCentre).lnk=@C:\Program Files (x86)\Packard Bell\InfoCentre\MUIInfoCentre.dll,-101
Packard Bell Registration.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Enregistrement Packard Bell.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Registrazione Packard Bell.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Registro de Packard Bell.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell Registratie.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell Registrierung.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Registo Packard Bell.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Registrering af Packard Bell.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell Rekisteröinti.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell-registrering.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Registrace Packard Bell.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell Εγγραφή.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell Regisztráció.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Rejestracja — Packard Bell.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell Kayıt.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Înregistrare Packard Bell.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Регистрация Packard Bell.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell ユーザー登録.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell 注册.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell 註冊.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell Registreerimine.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell Registracija.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell Reģistrācija.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell Регистрация.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
การลงทะเบียน Packard Bell.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell تسجيل.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell - Registrácia.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Registracija Packard Bell.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104
Packard Bell 등록.lnk=@C:\Program Files (x86)\Packard Bell\Registration\GlobalRegistrationMUI.dll,-104

nach dem Neustart hab ich OTL noch mal durchgeführt wie angegeben:
Textdatei Extras:

Code:

ATTFilter

OTL Extras logfile created on: 29.04.2012 12:12:14 - Run 2
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\Sandra\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 3,19 Gb Available Physical Memory | 82,55% Memory free
7,73 Gb Paging File | 7,08 Gb Available in Paging File | 91,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 343,44 Gb Free Space | 75,87% Space Free | Partition Type: NTFS
 
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DFB7FD-86B1-4650-9204-836292BD0937}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{04844DD8-4D94-4613-9259-69D0DAC8D0F2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{06FE666A-33D6-4463-80FE-47DC504E9488}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{19008A0A-FE48-4359-961C-2420EA171323}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1B7E87DF-0029-4AAD-8535-9DD184983CAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2542A00C-1C27-4CF0-A02C-707185E65C7D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{27CECCE9-771F-46D8-B812-F74A11F475CE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{374CC9D9-8370-491C-B941-ED62209425F4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{38CCDC95-1FFC-4FE7-A98F-C2704768B7CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4FC52700-DF76-4535-AEB1-F0E43DF0F96C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{57102C8F-D853-4751-8081-9B1CE1DC9195}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6F2C8507-CC5E-473A-B5D9-87F84DA841FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{738D763F-04B4-4463-ADAD-5DD94EF3DEC7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{74C30A26-B32C-449A-9B6E-5EA3232D01C3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{860F3874-1125-4766-AEBD-EA7A7D7D288A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{97EEC83D-C743-4AD8-99B3-D7F2A8B315C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A63E7AD-131F-47C7-B1EA-C6AAC2645B28}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A1DBF9F8-CBC7-447E-83C9-831A07EC9FE3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC6ABC1C-98AF-4060-B614-F4D95077ABA7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B13A024B-62FD-4C5F-9947-6C38E858F9FC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B29CB510-DB78-462E-91C4-C365D63A5A61}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C22054A6-ED2E-4AFC-B316-A5BDEF127767}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3326AA9-46CE-4B7B-9763-C100834B91E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C43C59F3-A52C-457A-AF06-6C70571D1A9D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E44613A3-F057-4730-A360-085FA0420355}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF5F94BF-D206-4D08-83FB-90A87F592055}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F5223F75-3499-4353-9054-799104D7590F}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003FB8AB-EB3C-4A43-85D1-7E01ACB0032D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{0462A320-10EF-44F5-A96B-190ACBB332D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{1047783A-044C-40E4-A224-2FB54D279498}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{138FBF3B-9E62-4FF2-ACE2-1AF7EAFE9ED8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{160170BC-B0C6-45C6-8D64-452024485CE4}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{163ECE78-CB5D-4FB5-B0EC-B8311B15B66D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{176FA848-C57E-47BF-B123-210A1B704F1E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{1D456FF8-9BC6-4B18-A2FE-E0656E9ADBC8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{27BDC930-B16F-42A9-8CC1-9AB125E3D771}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{29FE65BA-0DE6-4B76-8307-EADE9A2C360C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E577538-F278-4D74-9AE7-41F08639187C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{4233EECE-9512-4093-B467-B0C4BEC566A7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4254C723-DF3D-4C10-9D7D-9FE1BBB201A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{45120918-A843-44E7-B365-89778ADC5D81}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4C49E354-18BD-40F2-8139-9D5F487FFD44}" = protocol=6 | dir=out | app=system | 
"{56506F0B-1D98-4ACB-BD33-3BDD0A095BC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{5B80B790-0581-4F91-9F4F-9855D278945E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{628B41F4-758A-41B2-8035-5FE4F150063E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{653564B7-18E0-4E2B-80BF-06FC44B1D44C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6A3AE8B1-3FAB-4854-B3E5-7101F4355552}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{6E0231B5-0F9C-409C-ABCE-A8805594E1DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{70B7F53B-1FE0-4231-806E-15A9CE3D668D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{71E33F9D-DE75-41E8-B2F8-C0ECA6165D2F}" = dir=in | app=c:\users\sandra\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{72CC14E9-FB69-4399-BA35-643E4DF15AD1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{73A224A2-0216-4FE7-A76E-643A48F936E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{78378B62-BA10-4874-B917-0D6037B3C9BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{835E749D-CBA0-4955-8BF0-3F229278615F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{83ECBAE0-33AE-4E4C-9940-3047B03601B3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{8D323A25-BBDC-4EDE-B274-60546AF1D8E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DE402AC-6BDE-4131-9429-8E5D41C6DE41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{9194B49A-0F90-46C8-8BB8-E11CB9480D87}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{92C193F0-2C8E-4640-A75E-A81872EB0AC0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{9BC39A99-CAB1-4187-A26B-AACAC7E07BF9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{9CAA6D9C-4061-4688-902A-BB87EBDBB910}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{9DAB76A9-96A0-4EAE-9B81-4E834B5D49D3}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{A376BF8A-7710-45D4-88F2-01DE439F2210}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A577A004-4C14-4FBB-BB56-19E285A07863}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{B05E7FA1-151D-4BEF-8FC3-19BC0556D71B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B39CBF5D-619E-4CBB-A490-30A58FBD43C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B8E979AF-378F-4818-8EDD-4B2FA3F74164}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C7A07F79-5593-4471-A659-A8C4DA442442}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CB4FF92B-2601-48A7-B497-A652A84BE14D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CDCB3A00-4F61-4943-9E77-0821D8A80E48}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{D691343E-178F-44D7-89B0-487730E740F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{E12462AF-110C-4D3F-989F-805BD1F86153}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3F5EEAB-EA2C-40B3-AF5B-BD258152F23A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EC852D20-860C-42FF-9ED3-ABDE25546459}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{F642FCDE-FC73-4B9B-A891-B880501A120E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{FC691478-B48D-4723-84D1-1E339A27D1F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FE3B79D4-FB14-4E5F-A9BF-F79CB9B7CD86}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{77B580A9-3704-437B-ACB2-FD0D17A4CB9A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{85B264F3-F5CA-4F9E-85CD-49D45FD7E417}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{A660C5E9-026C-4F3E-99B1-76E3A5BAECC2}C:\users\sandra\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\sandra\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{CBD8E1F6-73A2-4682-B5B5-44A7A3189B47}C:\program files (x86)\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe | 
"TCP Query User{FF0FDF11-FD70-423F-9F1D-4046EFB79975}C:\program files (x86)\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | 
"UDP Query User{2FF389F7-29EE-408B-8F39-A723BDB1A8C5}C:\program files (x86)\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe | 
"UDP Query User{34435128-648E-49BA-98E1-75118489FD15}C:\program files (x86)\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | 
"UDP Query User{8286FC8E-4D4A-4FC1-888C-9E3D226AE9CF}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{930082C9-0F7D-4660-B3FA-65CB7BC26974}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{93ECE8BC-9742-47D0-A967-63FD35E8875C}C:\users\sandra\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\sandra\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FB5D5F7-5BDD-4135-86D8-0F664D9F3845}" = EuroTalk Talk Now!
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89173B88-384A-459B-B687-9C0BBC934EF4}" = Die*Sims™*3 Erstelle einen Sim
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{a4622ae9-a6a0-4660-af87-65351e0e1d0e}" = Nero 9 Essentials
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B93F248A-3355-45EB-B439-B00455CED6B2}" = NuvaTime
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Efficient Diary_is1" = Efficient Diary 1.98
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"GiftBox+" = GiftBox+
"Identity Card" = Identity Card
"iLivid" = iLivid
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PhotoScape" = PhotoScape
"PowerISO" = PowerISO
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088292" = Zuma Deluxe
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

und Textdolument OTL:

Code:

ATTFilter

OTL logfile created on: 29.04.2012 12:12:14 - Run 2
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\Sandra\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 3,19 Gb Available Physical Memory | 82,55% Memory free
7,73 Gb Paging File | 7,08 Gb Available in Paging File | 91,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 343,44 Gb Free Space | 75,87% Space Free | Partition Type: NTFS
 
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.28 14:55:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.12 09:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
MOD - [2012.04.12 09:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012.04.12 09:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012.04.12 09:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012.04.12 09:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.29 03:37:24 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 03:19:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.22 04:24:22 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.11.02 12:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.09.20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.29 03:37:24 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 03:37:24 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.04.25 18:15:03 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.07.12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.21 21:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.21 12:36:30 | 001,108,000 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010.03.21 11:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.11.02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js - File not found
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Sandra\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sandra\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.25 11:17:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.15 19:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.26 13:31:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.26 13:31:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.25 11:17:31 | 000,000,000 | ---D | M]
 
[2012.04.28 06:55:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions
[2012.04.28 23:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\6ip7ogna.default\extensions
[2012.04.28 06:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\6ip7ogna.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.04.28 06:55:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\6ip7ogna.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.28 06:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\6ip7ogna.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012.04.28 23:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.02.04 17:39:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.04 16:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.07 20:56:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.08.31 14:26:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.12.14 15:43:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.04.15 19:24:51 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.09.25 11:17:31 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6IP7OGNA.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6IP7OGNA.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2011.12.14 15:43:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.15 08:14:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.15 08:14:23 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.15 08:14:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.15 08:14:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=164&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Sandra\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Sandra\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Sandra\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Glow = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb\1.0_0\locked-.cmcc
CHR - Extension: YouTube = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\locked-.kcpl
CHR - Extension: Google-Suche = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\locked-.rsrs
CHR - Extension: PAYBACK Toolbar f\u00FCr Google Chrome = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dakmcddjdjakenhpbpnjhjiekppibiep\1.0.0.16_0\locked-.uzri
CHR - Extension: Stylish = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.8_0\locked-.chby
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.zzzr
CHR - Extension: Google Mail = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\locked-.kesp
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EfficientDiary]  File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Facebook Update] "C:\Users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [Google Update] "C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Sandra\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65C364B0-A726-44C0-91B4-4D9D4CAA4307}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C207321A-ADB5-467F-9E61-A91E16F1FD05}: DhcpNameServer = 82.212.62.62 78.42.43.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.29 12:08:24 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{E30B0A3B-C34F-42F1-ABFE-115328AAA676}
[2012.04.29 12:07:54 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{B579CAC8-4232-4DDB-AA7C-5EE01DBCEB17}
[2012.04.29 12:05:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.28 20:35:55 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\Verschlüsselte Dateien
[2012.04.28 20:33:45 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\neue Dateien
[2012.04.28 14:55:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2012.04.28 14:44:32 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{83130ED1-9B30-4346-B0ED-5F0FCB900532}
[2012.04.28 07:39:14 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Malwarebytes
[2012.04.28 07:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.28 07:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.28 07:39:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.28 07:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.28 07:22:19 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{AE168578-03D2-4A36-A627-B721718DAAA1}
[2012.04.28 07:22:08 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{F3708C86-02A9-4B8B-BFD8-3FECD5C92692}
[2012.04.28 07:03:24 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{FF7265CB-3D45-4961-9959-2FF035DD9B47}
[2012.04.28 07:03:13 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{4CA7F6B0-2646-4AA6-92A6-07498036116B}
[2012.04.24 10:22:47 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\nageldesign fotos
[2012.04.20 22:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.04.17 14:43:21 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\EBAY
[2012.04.13 03:32:33 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\{0ACDB19C-13E7-4C0D-8F26-70651F143FF2}
[2012.04.13 03:05:19 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.13 03:05:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.13 03:05:18 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.13 03:05:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.13 03:05:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.13 03:05:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.13 03:05:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.13 03:05:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.13 03:05:16 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.13 03:05:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.13 03:05:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.13 03:04:58 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.13 03:04:57 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.13 03:04:57 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.13 03:01:09 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.13 03:01:08 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.13 03:01:01 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.10 21:44:25 | 000,000,000 | ---D | C] -- C:\Users\Sandra\.jordan
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.29 12:15:25 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.29 12:15:25 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.29 12:15:25 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.29 12:15:25 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.29 12:15:25 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.29 12:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.29 12:09:09 | 3113,250,816 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.28 21:42:08 | 000,606,208 | ---- | M] () -- C:\Users\Sandra\Documents\MyDiary.edf
[2012.04.28 21:32:03 | 000,004,096 | ---- | M] () -- C:\decrypt.key
[2012.04.28 21:27:22 | 000,004,096 | ---- | M] () -- C:\Users\Sandra\Desktop\decrypt.key
[2012.04.28 20:28:05 | 000,595,284 | ---- | M] () -- C:\Users\Sandra\Desktop\Hydrangeas.jpg
[2012.04.28 15:02:27 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.28 14:55:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2012.04.28 14:54:47 | 000,017,202 | ---- | M] () -- C:\Users\Sandra\Desktop\DecryptHelper-0.5.jar
[2012.04.28 07:39:09 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.28 07:23:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.28 07:23:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.28 06:57:41 | 000,606,208 | ---- | M] () -- C:\Users\Sandra\Documents\locked-MyDiary.edf.ptpf
[2012.04.28 06:53:35 | 000,595,284 | ---- | M] () -- C:\Users\Sandra\Desktop\locked-Hydrangeas.jpg.eetn
[2012.04.13 19:57:33 | 000,002,415 | ---- | M] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.04.28 21:42:07 | 000,606,208 | ---- | C] () -- C:\Users\Sandra\Documents\MyDiary.edf
[2012.04.28 21:32:03 | 000,004,096 | ---- | C] () -- C:\decrypt.key
[2012.04.28 20:31:26 | 000,004,096 | ---- | C] () -- C:\Users\Sandra\Desktop\decrypt.key
[2012.04.28 20:30:41 | 000,595,284 | ---- | C] () -- C:\Users\Sandra\Desktop\locked-Hydrangeas.jpg.eetn
[2012.04.28 20:28:07 | 000,595,284 | ---- | C] () -- C:\Users\Sandra\Desktop\Hydrangeas.jpg
[2012.04.28 14:57:25 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.28 14:54:46 | 000,017,202 | ---- | C] () -- C:\Users\Sandra\Desktop\DecryptHelper-0.5.jar
[2012.04.28 07:39:09 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.09.25 11:12:34 | 000,245,541 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.09.25 11:12:34 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.09.16 18:19:02 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.06 21:07:00 | 000,000,128 | ---- | C] () -- C:\Windows\wininit.ini
[2011.02.03 18:16:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.03 17:36:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.22 04:10:30 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.10.22 04:10:30 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
 
========== LOP Check ==========
 
[2012.04.28 06:54:46 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Aquamarin Haushaltsbuch
[2012.04.28 06:54:46 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\DAEMON Tools Lite
[2012.01.04 01:37:47 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\DVDVideoSoft
[2012.04.28 06:54:47 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.05 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Efficient Diary
[2011.02.17 18:44:17 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\EuroTalk
[2011.09.05 09:46:36 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\GetRightToGo
[2011.08.16 09:24:12 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\GiftBoxPlus
[2011.05.14 20:54:17 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Octoshape
[2011.02.04 17:42:55 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\OpenOffice.org
[2012.04.28 06:55:26 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\PhotoScape
[2011.08.16 09:23:13 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Shareaza
[2011.03.20 15:58:44 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\SNS
[2012.04.28 06:59:18 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\SoftGrid Client
[2012.04.28 06:55:36 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\stickies
[2011.09.16 18:20:19 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\TP
[2011.07.04 16:56:21 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Windows Live Writer
[2011.04.15 06:30:19 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\yWorks
[2009.07.14 07:08:49 | 000,024,808 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Sandra\Downloads:Shareaza.GUID

< End of report >

jetzt mach ich erst mal einen Neustart und berichte Dir gleich alles weitere.

Danke nochmals für Deine Geduld und vorallem für deine Hilfe

Windows Verschlüsselungs Trojaner über Email

Log-Analyse und Auswertung: Windows Verschlüsselungs Trojaner über Email