Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundestrojaner "Verstoß gegen Gesetze der Bundesrep Dtschl" Log Auswertung benötigt!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 03.09.2012, 11:59   #1
MrsSoundso
 
Bundestrojaner "Verstoß gegen Gesetze der Bundesrep Dtschl" Log Auswertung benötigt! - Ausrufezeichen

Bundestrojaner "Verstoß gegen Gesetze der Bundesrep Dtschl" Log Auswertung benötigt!



Ich habe gestern (um eine Anleitung zur Entfernung des Trojaners im Internet zu befolgen)versucht, im abgesicherten Eingabemodus den Pfad zur eigentlichen Schadsoftware zu finden, diese hieß jedoch schon "explorer.exe". Nun kann ich nicht mehr nach dieser Anleitung vorgehen und bräuchte dringend Hilfe!!



Malware-Bytes Anti-Malware Log:

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\xy\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\Users\xy\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xy\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xy\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-3736949601-474418939-1212209564-1000\$RSSE0VU.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


OTL Log:OTL Logfile:

Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 79,94% Memory free
6,18 Gb Paging File | 5,85 Gb Available in Paging File | 94,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,94 Gb Total Space | 130,78 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 1,90 Gb Free Space | 24,31% Space Free | Partition Type: NTFS


Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\xy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (SftService) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FAService) -- C:\Programme\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (zlportio) -- C:\Program Files\UltraStar Deluxe\zlportio.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EraserUtilDrvI10) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (FACAP) -- C:\Windows\System32\drivers\facap.sys (Sensible Vision )
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (RLDesignVirtualAudioCableWdm) -- C:\Windows\System32\drivers\livecamv.sys ()
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3081217
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3081217
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca65a24700000000000000ff7ec76c54
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=ca65a24700000000000000ff7ec76c54
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKCU\..\SearchScopes\{C478A7D0-AA47-4EC3-B0E1-7AA61F8E1343}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DADE_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.10.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\xy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.08.26 12:17:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 17:15:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.30 17:15:04 | 000,000,000 | ---D | M]

[2009.01.24 15:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Extensions
[2012.08.30 17:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\x860lk98.default\extensions
[2010.04.29 20:43:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\x860lk98.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.08.30 17:16:03 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\x860lk98.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.25 23:53:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\x860lk98.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.04.09 13:40:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\x860lk98.default\extensions\moveplayer@movenetworks.com
[2012.08.27 11:56:46 | 000,000,931 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Mozilla\Firefox\Profiles\x860lk98.default\searchplugins\conduit.xml
[2012.08.30 17:16:12 | 000,005,212 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Mozilla\Firefox\Profiles\x860lk98.default\searchplugins\ecosia.xml
[2012.08.30 17:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.18 16:47:42 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2012.08.30 17:15:53 | 000,017,696 | ---- | M] () (No name found) -- C:\USERS\xy\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X860LK98.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI
[2012.08.30 17:15:56 | 000,395,892 | ---- | M] () (No name found) -- C:\USERS\xy\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X860LK98.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI
[2012.08.30 17:15:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.04 23:58:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.08.30 17:14:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.20 15:25:23 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.30 17:14:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.30 17:14:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.30 17:14:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.30 17:14:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.30 17:14:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\xy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Google Mail = C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Programme\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Programme\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\xy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe ()
O4 - HKCU..\Run: [TaskSchdPS] C:\Users\xy\AppData\Local\Microsoft\Windows\3760\TaskSchdPS.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\xy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73AA750D-8BDF-43C6-9C83-56F206ADA241}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF1AB3D0-605A-46CD-9BBF-CB6A0966BFA0}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll) - C:\Programme\Sensible Vision\Fast Access\FALogNot.dll ()
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.11.26 21:09:58 | 000,000,000 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{366a7068-dc44-11df-a315-002268e1697c}\Shell\AutoRun\command - "" = xcr.exe
O33 - MountPoints2\{366a7068-dc44-11df-a315-002268e1697c}\Shell\open\Command - "" = xcr.exe
O33 - MountPoints2\{6ecf9408-8dd5-11df-a0e3-002268e1697c}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.01 21:02:07 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe
[2012.09.01 16:50:01 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\hellomoto
[2012.08.30 17:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.30 17:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.08.27 22:14:02 | 000,000,000 | ---D | C] -- C:\Users\xy\Desktop\bgb übung fortgeschrittene
[2012.08.20 20:12:02 | 000,000,000 | ---D | C] -- C:\Users\xy\Desktop\billabong
[2009.01.23 12:56:12 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\xy\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.02 16:56:21 | 000,000,000 | ---- | M] () -- C:\Users\xy\defogger_reenable
[2012.09.02 16:55:23 | 000,050,477 | ---- | M] () -- C:\Users\xy\Desktop\Defogger.exe
[2012.09.02 13:13:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 13:13:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 06:33:31 | 000,007,620 | ---- | M] () -- C:\Users\xy\AppData\Local\d3d9caps.dat
[2012.09.02 06:16:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.02 06:13:55 | 000,279,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.01 21:02:09 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe
[2012.09.01 17:48:01 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.01 17:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.01 02:57:02 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3736949601-474418939-1212209564-1000UA.job
[2012.08.31 23:57:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3736949601-474418939-1212209564-1000Core.job
[2012.08.27 19:53:01 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.27 19:53:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.27 19:53:01 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.27 19:53:01 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.26 12:17:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.08.26 00:54:22 | 000,076,800 | ---- | M] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.24 15:58:36 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.08.22 05:50:48 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.02 16:56:21 | 000,000,000 | ---- | C] () -- C:\Users\xy\defogger_reenable
[2012.09.02 16:55:40 | 000,050,477 | ---- | C] () -- C:\Users\xy\Desktop\Defogger.exe
[2012.08.30 17:15:05 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.29 22:15:51 | 000,001,459 | ---- | C] () -- C:\Users\xy\.recently-used.xbel
[2011.09.02 05:37:08 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2010.07.06 10:43:32 | 000,028,915 | ---- | C] () -- C:\Users\xy\AppData\Roaming\UserTile.png
[2009.11.23 23:02:31 | 000,000,016 | ---- | C] () -- C:\Users\xy\persistent_state
[2009.09.09 00:40:08 | 000,000,045 | ---- | C] () -- C:\Users\xy\.gtk-bookmarks
[2009.09.07 00:23:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.10 15:23:31 | 000,007,620 | ---- | C] () -- C:\Users\xy\AppData\Local\d3d9caps.dat
[2008.12.25 01:00:51 | 000,076,800 | ---- | C] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012.04.20 15:25:14 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\Babylon
[2010.12.12 19:50:18 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2012.03.31 13:38:19 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\DesktopIconForAmazon
[2012.08.27 14:13:52 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\DVDVideoSoft
[2011.01.25 23:53:17 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.15 01:44:45 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\Feedreader
[2012.05.29 22:15:51 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\gtk-2.0
[2012.09.01 16:50:13 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\hellomoto
[2012.08.25 22:12:24 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\ICQ
[2011.01.03 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\OCS
[2010.12.12 19:54:37 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\Opera
[2009.10.12 13:44:39 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\Patches
[2011.01.13 14:14:08 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\PC-FAX TX
[2010.11.26 20:10:23 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\PCDr
[2010.07.06 10:43:31 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\PeerNetworking
[2009.02.22 12:28:36 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\QIP
[2010.02.04 20:26:52 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\ScanSoft
[2009.01.22 22:20:08 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\TeamViewer
[2010.12.04 02:45:01 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\TuneUp Software
[2012.08.31 23:57:03 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3736949601-474418939-1212209564-1000Core.job
[2012.09.01 02:57:02 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3736949601-474418939-1212209564-1000UA.job
[2012.09.01 17:48:01 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

--- --- ---

--- --- ---
xy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 79,94% Memory free
6,18 Gb Paging File | 5,85 Gb Available in Paging File | 94,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,94 Gb Total Space | 130,78 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 1,90 Gb Free Space | 24,31% Space Free | Partition Type: NTFS


Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\xy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (SftService) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FAService) -- C:\Programme\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (zlportio) -- C:\Program Files\UltraStar Deluxe\zlportio.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EraserUtilDrvI10) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (FACAP) -- C:\Windows\System32\drivers\facap.sys (Sensible Vision )
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (RLDesignVirtualAudioCableWdm) -- C:\Windows\System32\drivers\livecamv.sys ()
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3081217
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3081217
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=ca65a24700000000000000ff7ec76c54
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=ca65a24700000000000000ff7ec76c54
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKCU\..\SearchScopes\{C478A7D0-AA47-4EC3-B0E1-7AA61F8E1343}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DADE_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.10.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\xy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.08.26 12:17:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 17:15:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.30 17:15:04 | 000,000,000 | ---D | M]

[2009.01.24 15:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Extensions
[2012.08.30 17:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\x860lk98.default\extensions
[2010.04.29 20:43:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\x860lk98.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.08.30 17:16:03 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\x860lk98.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.25 23:53:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\x860lk98.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.04.09 13:40:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\x860lk98.default\extensions\moveplayer@movenetworks.com
[2012.08.27 11:56:46 | 000,000,931 | ---- | M] () -- C:\Usersxy\AppData\Roaming\Mozilla\Firefox\Profiles\x860lk98.default\searchplugins\conduit.xml
[2012.08.30 17:16:12 | 000,005,212 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Mozilla\Firefox\Profiles\x860lk98.default\searchplugins\ecosia.xml
[2012.08.30 17:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.18 16:47:42 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2012.08.30 17:15:53 | 000,017,696 | ---- | M] () (No name found) -- C:\USERS\xy\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X860LK98.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI
[2012.08.30 17:15:56 | 000,395,892 | ---- | M] () (No name found) -- C:\USERS\xy\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X860LK98.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI
[2012.08.30 17:15:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.04 23:58:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.08.30 17:14:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.20 15:25:23 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.30 17:14:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.30 17:14:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.30 17:14:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.30 17:14:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.30 17:14:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google riginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\F\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Google Mail = C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Programme\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Programme\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\xy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe ()
O4 - HKCU..\Run: [TaskSchdPS] C:\Users\xy\AppData\Local\Microsoft\Windows\3760\TaskSchdPS.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\xy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73AA750D-8BDF-43C6-9C83-56F206ADA241}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF1AB3D0-605A-46CD-9BBF-CB6A0966BFA0}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll) - C:\Programme\Sensible Vision\Fast Access\FALogNot.dll ()
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.11.26 21:09:58 | 000,000,000 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{366a7068-dc44-11df-a315-002268e1697c}\Shell\AutoRun\command - "" = xcr.exe
O33 - MountPoints2\{366a7068-dc44-11df-a315-002268e1697c}\Shell\open\Command - "" = xcr.exe
O33 - MountPoints2\{6ecf9408-8dd5-11df-a0e3-002268e1697c}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.01 21:02:07 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe
[2012.09.01 16:50:01 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\hellomoto
[2012.08.30 17:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.30 17:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.08.27 22:14:02 | 000,000,000 | ---D | C] -- C:\Users\xy\Desktop\bgb übung fortgeschrittene
[2012.08.20 20:12:02 | 000,000,000 | ---D | C] -- C:\Users\xy\Desktop\billabong
[2009.01.23 12:56:12 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\xy\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.02 16:56:21 | 000,000,000 | ---- | M] () -- C:\Users\xy\defogger_reenable
[2012.09.02 16:55:23 | 000,050,477 | ---- | M] () -- C:\Users\xy\Desktop\Defogger.exe
[2012.09.02 13:13:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 13:13:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 06:33:31 | 000,007,620 | ---- | M] () -- C:\Users\xy\AppData\Local\d3d9caps.dat
[2012.09.02 06:16:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.02 06:13:55 | 000,279,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.01 21:02:09 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe
[2012.09.01 17:48:01 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.01 17:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.01 02:57:02 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3736949601-474418939-1212209564-1000UA.job
[2012.08.31 23:57:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3736949601-474418939-1212209564-1000Core.job
[2012.08.27 19:53:01 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.27 19:53:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.27 19:53:01 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.27 19:53:01 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.26 12:17:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.08.26 00:54:22 | 000,076,800 | ---- | M] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.24 15:58:36 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.08.22 05:50:48 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.02 16:56:21 | 000,000,000 | ---- | C] () -- C:\Users\xy\defogger_reenable
[2012.09.02 16:55:40 | 000,050,477 | ---- | C] () -- C:\Users\xyDesktop\Defogger.exe
[2012.08.30 17:15:05 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.29 22:15:51 | 000,001,459 | ---- | C] () -- C:\Users\xy\.recently-used.xbel
[2011.09.02 05:37:08 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2010.07.06 10:43:32 | 000,028,915 | ---- | C] () -- C:\Users/xy\AppData\Roaming\UserTile.png
[2009.11.23 23:02:31 | 000,000,016 | ---- | C] () -- C:\Users\xy\persistent_state
[2009.09.09 00:40:08 | 000,000,045 | ---- | C] () -- C:\Users\xy\.gtk-bookmarks
[2009.09.07 00:23:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.10 15:23:31 | 000,007,620 | ---- | C] () -- C:\Users\xy\AppData\Local\d3d9caps.dat
[2008.12.25 01:00:51 | 000,076,800 | ---- | C] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012.04.20 15:25:14 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\Babylon
[2010.12.12 19:50:18 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2012.03.31 13:38:19 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\DesktopIconForAmazon
[2012.08.27 14:13:52 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\DVDVideoSoft
[2011.01.25 23:53:17 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.15 01:44:45 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\Feedreader
[2012.05.29 22:15:51 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\gtk-2.0
[2012.09.01 16:50:13 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\hellomoto
[2012.08.25 22:12:24 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\ICQ
[2011.01.03 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\OCS
[2010.12.12 19:54:37 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\Opera
[2009.10.12 13:44:39 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\Patches
[2011.01.13 14:14:08 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\PC-FAX TX
[2010.11.26 20:10:23 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\PCDr
[2010.07.06 10:43:31 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\PeerNetworking
[2009.02.22 12:28:36 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\QIP
[2010.02.04 20:26:52 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\ScanSoft
[2009.01.22 22:20:08 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\TeamViewer
[2010.12.04 02:45:01 | 000,000,000 | ---D | M] -- C:\Users\xy\AppData\Roaming\TuneUp Software
[2012.08.31 23:57:03 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3736949601-474418939-1212209564-1000Core.job
[2012.09.01 02:57:02 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3736949601-474418939-1212209564-1000UA.job
[2012.09.01 17:48:01 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

Themen zu Bundestrojaner "Verstoß gegen Gesetze der Bundesrep Dtschl" Log Auswertung benötigt!
antivirus, autorun, avast, babylon toolbar, babylontoolbar, bho, bonjour, converter, defender, desktop, dringend, error, firefox, format, google earth, helper, internet, limited.com/facebook, log, logfile, mp3, plug-in, programme, pup.bundleinstaller.vg, recycle.bin, registry, scan, search the web, symantec, vista, windows, yahoo




Ähnliche Themen: Bundestrojaner "Verstoß gegen Gesetze der Bundesrep Dtschl" Log Auswertung benötigt!


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Windows 8 / IE 10.0.9 : alte "dieStartseite" ist gegen "sm.de" - die Suchmaschine getauscht-Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (1)
  3. "Schweizer-Eidgenossenschafts-Trojaner" (dem "Bundestrojaner" sehr ähnlich)
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (12)
  4. auswertung Logdatei des Trojaner "der Computer ist für die Verletzung der Gesetze der Bundesrepublik deutschland wurde Blockert" Ukash
    Log-Analyse und Auswertung - 03.10.2012 (13)
  5. Verschlüsselungs-Trojaner "Der Computer ist für die Verletzung der Gesetze der BRD wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (14)
  6. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (11)
  7. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (19)
  8. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde gesperrt."
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (2)
  9. "der computer ist für die verletzung der gesetze der bundesrepublik deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (2)
  10. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert".
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (38)
  11. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert".
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (8)
  12. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Log-Analyse und Auswertung - 08.08.2012 (5)
  13. BKA Trojaner neue Variante "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik..."
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (2)
  14. Tumblr spielt Audiodatei nicht ab- "Flash 9 wird benötigt"
    Log-Analyse und Auswertung - 06.02.2012 (1)
  15. Firefox benötigt ewig um die Seiten zu laden ("Skript ist beschädigt"...)
    Plagegeister aller Art und deren Bekämpfung - 23.08.2011 (5)
  16. Hilfe bei Such nach "Win32/TrojanDownloader.Swizzor Trojaner" benötigt
    Log-Analyse und Auswertung - 27.02.2006 (2)
  17. Hilfe für "TR/Click.Libie.C" benötigt
    Plagegeister aller Art und deren Bekämpfung - 01.02.2005 (1)

Zum Thema Bundestrojaner "Verstoß gegen Gesetze der Bundesrep Dtschl" Log Auswertung benötigt! - Ich habe gestern (um eine Anleitung zur Entfernung des Trojaners im Internet zu befolgen)versucht, im abgesicherten Eingabemodus den Pfad zur eigentlichen Schadsoftware zu finden, diese hieß jedoch schon "explorer.exe". Nun - Bundestrojaner "Verstoß gegen Gesetze der Bundesrep Dtschl" Log Auswertung benötigt!...
Archiv
Du betrachtest: Bundestrojaner "Verstoß gegen Gesetze der Bundesrep Dtschl" Log Auswertung benötigt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.