Virenprogramme hängen sich auf, Incredibar wurde angezeigt
Hallo,
mein Antivirus hängt sich immer auf ( bei ca. 4 %) und zwar immer bei der gleichen Datei: c:\users\dörte\appdata\local\microsoft\windows\temporary Internet files\...\utm[3].gif. Dann habe ich versucht einen Scan mit Malwarebytes zu machen. Aber dort habe ich nach 7 Stunden abgebrochen, da scheinbar immer die gleichen Dateien immer wieder durchsucht werden. Ich poste unten den Log bis dahin. Im Spybot zeigte es vor ein paar Tagen Incredibar an. Auch dazu poste ich den Log.
Malwarebytes: Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.05.04.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Dörte :: SAMSI [Administrator]
04.05.2013 11:23:44
mbam-log-2013-05-04 (11-23-44).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 583072
Laufzeit: 7 Stunde(n), 51 Sekunde(n) [Abgebrochen]
Infizierte Speicherprozesse: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1184 -> Löschen bei Neustart.
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart.
(Ende)
Spybot: Code:
Search results from Spybot - Search & Destroy
01.05.2013 21:46:02
Scan took 00:27:55.
139 items found.
IncrediBar: [SBI $4A0F744C] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.ExtensionHelperObject
IncrediBar: [SBI $4A0F744C] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
IncrediBar: [SBI $4A0F744C] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
IncrediBar: [SBI $4A0F744C] Browser helper object (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
IncrediBar: [SBI $4A0F744C] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
IncrediBar: [SBI $4A0F744C] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
IncrediBar: [SBI $4A0F744C] Browser helper object (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
IncrediBar: [SBI $4A0F744C] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.ExtensionHelperObject
IncrediBar: [SBI $418BC215] Library (File, nothing done)
C:\Program Files\Web Assistant\Extension32.dll
Properties.size=170840
Properties.md5=EED3815E5FD1F81C4CACF9E1A90BE9A7
Properties.filedate=1353420540
Properties.filedatetext=2012-11-20 16:09:00
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\93.114.45.68\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\a.vimeocdn.com\com.conviva.livePass.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\aka.zero.jibjab.com\jj_player.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\canstatic.cbs.com\cbs_canplayer_data_cbs.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.abclocal.go.com\com.quantserve.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.flashtalking.com\ftLocalComms.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.flashtalking.com\FT_cookie.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.movad.net\movad.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.so-networks.net\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.yycast.com\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.zopim.com\H6iySMcIMFUn7DXsVNJZW5dalv1A4scaSession_SO.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.zopim.com\H6iySMcIMFUn7DXsVNJZW5dalv1A4scaVolatile_SO.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cfiles.5min.com\Storage5minCookie.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\content.yieldmanager.edgesuite.net\avazu.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\files.leton.tv\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\flash.quantserve.com\com.quantserve.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\fr-himedia.cdn.videoplaza.tv\com.videoplaza.adplayer.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\fr-himedia.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\fr-m6.cdn.videoplaza.tv\com.videoplaza.adplayer.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\fr-m6.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\ia.media-imdb.com\IMDBTEST.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\images-na.ssl-images-amazon.com\mercury.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\imagesrv.adition.com\movad.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\img.playa-games.com\papayaSoc221.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\imgdn.net\fsipages___2Fdbl__2FGlobalPDF__2Fprospekt__2F286__5F0Gte9ded__2Fde__2F.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\is.myvideo.de\com.conviva.livePass.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\is1.myvideo.de\com.conviva.livePass.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\is2.myvideo.de\com.conviva.livePass.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\jjcast.com\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\live.meinbvb.de\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\pagead2.googlesyndication.com\movad.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\play.snacktv.de\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.ilive.to\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.longtailvideo.com\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.ooyala.com\auth.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.ooyala.com\auth2.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.ooyala.com\auth_id.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.ooyala.com\perf.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\rama-cremefine.de\tracer_struct.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\rama-cremefine.de\unilever_cremolition.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\s.ytimg.com\soundData.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\s.ytimg.com\videostats.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\s0.2mdn.net\ftLocalComms.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\s0.2mdn.net\movad.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\secure-a.vimeocdn.com\com.conviva.livePass.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\secure-us.imrworldwide.com\_ggCvar.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\secure-us.imrworldwide.com\_ggCvar_temp.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\secure-us.imrworldwide.com\_ggMCvar_1.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\secureinclude.ebaystatic.com\ebayLSO.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\secureinclude.ebaystatic.com\ebayT.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\sportstudio.zdf.de\com.conviva.livePass.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\ssl.hurra.com\restore.hurra.com.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\suche.baur.de\REGISTRY.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\suche.baur.de\sol.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\suche.universal.at\REGISTRY.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\suche.universal.at\sol.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\tools.casamundo.de\pap20.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.baur.de\REGISTRY.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.baur.de\sol.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.bvb.de\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.dailymotion.com\com.dm.player.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.dw.de\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.heine.de\REGISTRY.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.heine.de\sol.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.hyundai.de\hyundai_home_v1.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.meinbvb.de\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.paypalobjects.com\ppLsoTest.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.rama-cremefine.de\tracer_struct.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.rama-cremefine.de\unilever_cremolition.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.reyhq.com\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.spiegel.de\BandwidthCache.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.tripadvisor.de\TA.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.zdf.de\com.conviva.livePass.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www1.belboon.de\000018820.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\aa.online-metrix.net\fpc.swf\session.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\adventskalender.he-webpack.de\adventskalender.swf\user.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\js.adscale.de\adscale-playlist.swf\ADSCALE_VOLUME.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\js.adscale.de\flowplayer.unlimited-3.2.12.swf\org.flowplayer.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\maps-4-u.com\lso.swf\e.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\ndirect.ppro.de\vft\clickIDs.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\p1.soundcloud.com\player.swf\SCPlayer.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.traileraddict.com\player.swf\traileraddict.com.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\a.affil.io\s\af.swf\afstorage.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\a248.e.akamai.net\swf.soundcloud.com\player.swf\SCPlayer.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cachinga.tape.tv\static\embedV2-14030.swf\tapeTvStats.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\cdn.zopim.com\swf\ZClientController2.swf\ZopConfig.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\d.hawawu.com\v1\st.swf\c.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\download.hornbach.de\onlinekat\OnlineKatShell.swf\WH_0213_DE.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\heias.com\x\heias_sc.swf\heias.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\iframe.sponsorpay.com\flash\flashcookie.swf\sponsorpay.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\lads.myspace.com\videos\MSVideoPlayer.swf\preferences.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\pagead2.googlesyndication.com\pagead\imgad\movad.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\player.mastorage.net\ma\movadplayer.swf\Moveadplayeruid.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.helpster.de\swf\flowplayer.commercial-3.2.7.swf\org.flowplayer.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.laola1.tv\swf\hdplayer.18042013.swf\Akamai_AnalyticsMetrics_clientId.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www.laola1.tv\swf\hdplayer.swf\Akamai_AnalyticsMetrics_clientId.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Dörte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKA2QTTB\www2l.incredimail.com\fc\fc.swf\im.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Log: [SBI $8E73A7FB] Install: Directx.log (File, nothing done)
C:\Windows\Directx.log
Properties.size=29401
Properties.md5=4385B2FBFDFB357D9B9E49B70C321FA4
Properties.filedate=1294479101
Properties.filedatetext=2011-01-08 11:31:41
Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=158166
Properties.md5=353C253EEEA411971FF928D8D4024CDF
Properties.filedate=1367433237
Properties.filedatetext=2013-05-01 20:33:56
Log: [SBI $8E73A7FB] Install: DtcInstall.log (File, nothing done)
C:\Windows\DtcInstall.log
Properties.size=3549
Properties.md5=5433445639697F48A82BFBCC343734CA
Properties.filedate=1294374908
Properties.filedatetext=2011-01-07 06:35:07
7-Zip: [SBI $B0066D4E] Compressed archives history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\7-ZIP\Compression\ArcHistory
7-Zip: [SBI $0D2606FE] Extracted archives history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\7-ZIP\Extraction\PathHistory
7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\7-ZIP\FM\FolderHistory
7-Zip: [SBI $3D5692BD] Last used folder (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\7-ZIP\FM\PanelPath0
Internet Explorer: [SBI $FF589D0C] Download directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\Download Directory
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (70) (Browser: Cache, nothing done)
--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---
2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-05-01 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
So OTL hat wenigstens geklappt: Code:
OTL Extras logfile created on: 5/4/2013 6:44:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dörte\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.97 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.54% Memory free
5.93 Gb Paging File | 4.05 Gb Available in Paging File | 68.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.37 Gb Total Space | 24.42 Gb Free Space | 9.68% Space Free | Partition Type: NTFS
Drive D: | 198.29 Gb Total Space | 100.08 Gb Free Space | 50.47% Space Free | Partition Type: NTFS
Computer Name: SAMSI | User Name: Dörte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01194C1D-292E-46F9-BAB6-E0A35DEB3751}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{028F8307-31C0-4E5B-A806-E2C2338A7C6B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0EEC0D59-EE68-490B-B5DE-2FBAA34F4329}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1710171A-6647-4D88-926D-0B779F943962}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1991CB25-24E9-4073-8AEC-CA144F953DCC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A76A187-0697-4569-9942-586AB4859517}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25C22034-280E-485F-ADAA-BFFB0F208595}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2FB7862C-6C98-4BBD-9AFF-C5C047FAA327}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3542FEFD-A9B6-4D1E-B72A-6561E5D3D9DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{550ACDBE-76AC-4605-A107-D867DF3771E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59168365-5F22-4AC1-A394-01DC8A80496A}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{5DFD2BF3-7B29-4BF3-904B-C183BCF38FBE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{609B6FAB-8908-4E32-A36B-A3DC83FF685F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61D2F1F1-AF79-4E6B-9B6F-CC6242768A3B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73D49BD8-61B5-47A5-B53F-53F16E463663}" = lport=445 | protocol=6 | dir=in | app=system |
"{73DB40F1-BF3D-4AD7-84DE-75A9B2808600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A4EEF89-E1C1-430B-A4DC-F1C58476920D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8F69250C-6C1E-4560-ABB0-68D7ACE6BB8C}" = rport=137 | protocol=17 | dir=out | app=system |
"{9D8E3A18-BDB1-4118-934D-975CC2ED249C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AD56E941-D9EB-4263-A82D-EA1E1C63F8D7}" = lport=138 | protocol=17 | dir=in | app=system |
"{B2DF7E61-63B6-4795-94DF-FB2B6626980F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B924F32F-BF92-4E1E-A16E-7929B96F1AD1}" = rport=445 | protocol=6 | dir=out | app=system |
"{D66F0F4F-6C5B-4389-9B1A-9D8C27BAF9E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D9F5E18E-3A25-4FFB-97AC-0AC94BE2FE25}" = lport=137 | protocol=17 | dir=in | app=system |
"{DAA7E269-7266-49FE-9099-A3FC621C2E97}" = lport=139 | protocol=6 | dir=in | app=system |
"{E33B5616-454E-40DF-8078-BD366719E5DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{EEBD75F7-8819-42B0-9422-E8A355E39A14}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E8FE4C-57CA-4C1F-8D9F-B6F300E3C70F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{12D73CF3-8AF9-44B1-9B21-419948D8E438}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{141BC40F-9E33-42D4-B84D-6343CAADD4BC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1D916C1B-2732-4C1A-9205-51E89BC9FFDE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1EE92CE8-1640-474B-BBED-8ADBD2463BB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24AA9404-17B8-4E6D-82A8-07F0479B2005}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{28CF7431-403B-4865-938B-D1AE8553321D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{29EB38E5-6CB4-4C9C-AD9D-0DE53355403D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2A4561A4-34CC-40AB-8AEA-F141933F9E3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F965A48-43A5-4858-814F-F121E6552444}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{341704E6-BDC6-4251-9C06-D9DB98FDDFB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42D4C7F4-5914-4106-8284-4E70D05CEA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4DB125B5-3FB6-4222-AB4C-C5FA6D75560E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FCDA1DE-4CB7-4661-8C29-B2C16377598F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4FFC7C22-3D7C-4464-84CD-D6066FB6767A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{63BF550D-54CB-49E1-9921-8EAF06AF7E4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{77B17CE6-2F95-417C-9C32-2F0EF9116530}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9C94BCB3-724D-4018-A0F1-5A4E5B884630}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A63146B7-C2BB-4E23-8D62-A5C0B047F338}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0F2EA4D-134B-49D9-8EC5-FAF983A74106}" = protocol=6 | dir=out | app=system |
"{C7CEF5FD-6F9F-4585-9AB8-F751FAFF88C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D2CD92F2-8FA6-4CF8-A6C4-3A60941BB1D2}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{EAB5CDA9-455F-4155-A4A0-C07E5CF05087}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F36D7888-15D9-4B44-927D-F33CE5672FD7}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{F57F4C97-9995-4D31-A048-1D8FEA420475}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{AF799A05-2A41-4C4B-B7B4-1064A41895E9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FABAF02A-8220-4C8C-AADF-0500DC481311}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.550
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.1.0
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C38D079C-950D-4F18-BF7B-CE58DE86D3BD}" = Image Resizer Powertoy Clone for Windows
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.10.305
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804
"GIMP-2_is1" = GIMP 2.8.0
"IncrediMail" = IncrediMail 2.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mein Königreich für die Prinzessin" = Mein Königreich für die Prinzessin
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Retter in der Not" = Retter in der Not
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"UseNeXT_is1" = UseNeXT
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.3.0.9
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/3/2013 10:52:20 AM | Computer Name = Samsi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x13ce2074 ID des fehlerhaften
Prozesses: 0x61c Startzeit der fehlerhaften Anwendung: 0x01ce480a8ba13c44 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 0dc284cc-b401-11e2-b59e-00245423bff1
Error - 5/3/2013 10:52:41 AM | Computer Name = Samsi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x13cb301a ID des fehlerhaften
Prozesses: 0x61c Startzeit der fehlerhaften Anwendung: 0x01ce480a8ba13c44 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 1a954cce-b401-11e2-b59e-00245423bff1
Error - 5/3/2013 10:52:46 AM | Computer Name = Samsi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x13cc9fa7 ID des fehlerhaften
Prozesses: 0x61c Startzeit der fehlerhaften Anwendung: 0x01ce480a8ba13c44 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 1d1fa1a2-b401-11e2-b59e-00245423bff1
Error - 5/3/2013 10:52:47 AM | Computer Name = Samsi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x13cca671 ID des fehlerhaften
Prozesses: 0x61c Startzeit der fehlerhaften Anwendung: 0x01ce480a8ba13c44 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 1e2c2fbb-b401-11e2-b59e-00245423bff1
Error - 5/3/2013 10:52:50 AM | Computer Name = Samsi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x13d070e2 ID des fehlerhaften
Prozesses: 0x61c Startzeit der fehlerhaften Anwendung: 0x01ce480a8ba13c44 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 1fd7bd0e-b401-11e2-b59e-00245423bff1
Error - 5/3/2013 11:17:20 AM | Computer Name = Samsi | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16537 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1bc8 Startzeit: 01ce480f9010cab4 Endzeit: 250 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 5/3/2013 11:40:33 AM | Computer Name = Samsi | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 13.6.0.986 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1488 Startzeit:
01ce4809ead15fa7 Endzeit: 60000 Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe
Berichts-ID:
9ffff7e7-b407-11e2-b59e-00245423bff1
Error - 5/3/2013 12:03:24 PM | Computer Name = Samsi | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 13.6.0.986 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13ac Startzeit:
01ce4815c63a06dd Endzeit: 60000 Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe
Berichts-ID:
d15d1e87-b40a-11e2-a4cd-00245423bff1
Error - 5/4/2013 8:08:07 AM | Computer Name = Samsi | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/04 14:08:07.632]: [00003536]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.178.20]
Error - 5/4/2013 10:21:21 AM | Computer Name = Samsi | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 13.6.0.986 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16cc Startzeit:
01ce48a188d88e36 Endzeit: 60000 Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe
Berichts-ID:
ba04bc23-b4c5-11e2-b9ea-00245423bff1
[ Media Center Events ]
Error - 12/2/2009 5:20:20 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 6:20:15 PM - Error connecting to the internet. 6:20:15 PM - Unable
to contact server..
Error - 12/2/2009 6:22:12 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 7:22:11 PM - Error connecting to the internet. 7:22:12 PM - Unable
to contact server..
Error - 12/2/2009 6:22:22 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 7:22:17 PM - Error connecting to the internet. 7:22:17 PM - Unable
to contact server..
Error - 12/3/2009 3:52:35 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 4:52:35 PM - Error connecting to the internet. 4:52:35 PM - Unable
to contact server..
Error - 12/3/2009 3:52:45 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 4:52:40 PM - Error connecting to the internet. 4:52:40 PM - Unable
to contact server..
Error - 12/3/2009 7:44:47 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 8:44:47 PM - Error connecting to the internet. 8:44:47 PM - Unable
to contact server..
Error - 12/3/2009 7:44:57 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 8:44:52 PM - Error connecting to the internet. 8:44:52 PM - Unable
to contact server..
Error - 12/17/2009 7:32:56 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 8:32:55 PM - Error connecting to the internet. 8:32:55 PM - Unable
to contact server..
Error - 12/17/2009 7:33:05 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 8:33:01 PM - Error connecting to the internet. 8:33:01 PM - Unable
to contact server..
Error - 1/6/2011 8:28:26 PM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 9:28:23 AM - Fehler beim Herstellen der Internetverbindung. 9:28:23
AM - Serververbindung konnte nicht hergestellt werden..
[ Spybot - Search and Destroy Events ]
Error - 5/1/2013 3:46:47 PM | Computer Name = Samsi | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 5/1/2013 4:58:49 PM | Computer Name = Samsi | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 5/2/2013 11:20:52 AM | Computer Name = Samsi | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 5/1/2013 3:29:02 PM | Computer Name = Samsi | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 5/1/2013 3:29:02 PM | Computer Name = Samsi | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 5/1/2013 4:27:07 PM | Computer Name = Samsi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 5/1/2013 4:27:09 PM | Computer Name = Samsi | Source = DCOM | ID = 10005
Description =
Error - 5/1/2013 4:27:09 PM | Computer Name = Samsi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 5/1/2013 5:03:07 PM | Computer Name = Samsi | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 5/2/2013 10:37:41 AM | Computer Name = Samsi | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 5/3/2013 11:54:02 AM | Computer Name = Samsi | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 5/4/2013 11:08:52 AM | Computer Name = Samsi | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error - 5/4/2013 11:08:52 AM | Computer Name = Samsi | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
< End of report >
Code:
OTL logfile created on: 5/4/2013 6:44:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dörte\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.97 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.54% Memory free
5.93 Gb Paging File | 4.05 Gb Available in Paging File | 68.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.37 Gb Total Space | 24.42 Gb Free Space | 9.68% Space Free | Partition Type: NTFS
Drive D: | 198.29 Gb Total Space | 100.08 Gb Free Space | 50.47% Space Free | Partition Type: NTFS
Computer Name: SAMSI | User Name: Dörte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Dörte\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\KMService.exe ()
PRC - C:\Programme\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Programme\Join Air\AssistantServices.exe ()
PRC - C:\Programme\Join Air\UIExec.exe ()
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\srvany.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\IncrediMail\Bin\PMC.dll ()
MOD - C:\Programme\Join Air\UIExec.exe ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (IB Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UI Assistant Service) -- C:\Programme\Join Air\AssistantServices.exe ()
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
========== Driver Services (SafeList) ==========
DRV - (vtxv) -- C:\Windows\System32\drivers\ehqaprvk.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?t=0
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.10
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/12/05 16:32:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 22:32:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012/12/29 19:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dörte\AppData\Roaming\mozilla\Extensions
[2013/01/11 18:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dörte\AppData\Roaming\mozilla\Firefox\Profiles\lbyul6ij.default\extensions
[2013/01/11 18:56:57 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Dörte\AppData\Roaming\mozilla\firefox\profiles\lbyul6ij.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/09/04 17:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\DöRTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LBYUL6IJ.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
[2011/11/23 22:32:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/23 22:32:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/23 22:32:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 22:32:14 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/23 22:32:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/23 22:32:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/23 22:32:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} hxxp://remote.virtech.nl:81/goglobal/plugins/gg-activex.cab (GO-Global 4)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E546E9A-A665-4AB0-9826-F061E48BF8E2}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{60497fad-2eb3-11e0-83aa-00245423bff1}\Shell - "" = AutoRun
O33 - MountPoints2\{60497fad-2eb3-11e0-83aa-00245423bff1}\Shell\AutoRun\command - "" = F:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/04 18:40:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dörte\Desktop\OTL.exe
[2013/05/04 11:21:06 | 000,000,000 | ---D | C] -- C:\Users\Dörte\AppData\Roaming\Malwarebytes
[2013/05/04 11:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/04 11:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/04 11:17:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/05/04 11:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/01 23:03:46 | 000,000,000 | ---D | C] -- C:\Users\Dörte\Documents\ProcAlyzer Dumps
[2013/05/01 21:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/01 21:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/01 21:15:08 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\windows\System32\sdnclean.exe
[2013/05/01 21:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/05/01 21:14:25 | 000,000,000 | ---D | C] -- C:\Users\Dörte\AppData\Local\Programs
[2013/04/29 21:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
========== Files - Modified Within 30 Days ==========
[2013/05/04 18:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dörte\Desktop\OTL.exe
[2013/05/04 18:37:12 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\ehqaprvk.sys
[2013/05/04 18:17:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/04 10:28:24 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/04 10:28:24 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/04 10:19:55 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/04 10:19:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/04 10:19:36 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/02 21:06:15 | 006,533,375 | ---- | M] () -- C:\Users\Dörte\Desktop\BRO07_13_Diva_Mittelmeer_15_17.pdf
[2013/04/30 18:48:44 | 000,711,706 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/04/30 18:48:44 | 000,663,286 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/04/30 18:48:44 | 000,154,102 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/04/30 18:48:44 | 000,124,480 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/04/10 16:51:35 | 000,414,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013/05/04 18:37:12 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\ehqaprvk.sys
[2013/05/02 21:06:14 | 006,533,375 | ---- | C] () -- C:\Users\Dörte\Desktop\BRO07_13_Diva_Mittelmeer_15_17.pdf
[2013/05/01 21:15:14 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/09/11 17:35:04 | 000,183,040 | ---- | C] () -- C:\windows\PI.EXE
[2011/11/14 18:45:38 | 000,026,624 | ---- | C] () -- C:\windows\System32\spd__l.dll
[2011/11/14 18:45:37 | 000,283,136 | ---- | C] () -- C:\windows\System32\DscPnt.dll
[2011/11/14 18:45:37 | 000,259,888 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/11/14 18:45:37 | 000,151,552 | ---- | C] () -- C:\windows\System32\spd__ci.exe
[2011/06/23 00:05:55 | 000,077,824 | ---- | C] () -- C:\windows\KMService.exe
[2011/06/23 00:05:55 | 000,008,192 | ---- | C] () -- C:\windows\System32\srvany.exe
[2011/03/26 00:50:01 | 000,005,120 | ---- | C] () -- C:\Users\Dörte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/03 14:47:01 | 000,013,540 | ---- | C] () -- C:\Users\Dörte\AppData\Local\slot1.mm1
[2011/01/08 11:17:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/01/01 23:10:27 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\AlawarEntertainment
[2011/05/25 19:40:00 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\aliasworlds
[2012/04/10 10:02:19 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Ashampoo
[2011/05/26 14:24:57 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\BlamGames
[2012/10/24 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Boolat Games
[2013/01/14 21:58:35 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Boomzap
[2013/01/04 21:33:40 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\casualArts
[2011/11/21 21:00:48 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\cerasus.media
[2012/01/03 21:51:07 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\CupcakeCafe
[2011/08/15 17:51:08 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\DVDVideoSoft
[2011/08/15 17:51:00 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/07/29 13:32:04 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\ERS G-Studio
[2011/09/23 10:53:14 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Farm Mania 2.1
[2011/10/07 21:38:15 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Friday's games
[2012/05/06 13:30:38 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\iWin
[2011/12/31 15:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Jane s Hotel
[2011/03/02 12:58:44 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\MysteriousCaseOfJekyllAndHyde
[2011/11/18 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Oberon Games
[2012/04/11 13:19:30 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\Peace Craft
[2011/12/21 23:46:41 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\PetShowCraze
[2012/05/12 14:14:22 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\PlayFirst
[2011/09/20 21:07:24 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\playmink
[2013/01/26 11:24:22 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\UseNeXT
[2011/03/20 15:40:29 | 000,000,000 | ---D | M] -- C:\Users\Dörte\AppData\Roaming\XMedia Recode
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:9ACB70D7
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:EA701346
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D2397415
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:43E95997
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:1709732A
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:969C0C96
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:538B96B5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:1A4BF204
< End of report >
Ich hoffe Ihr könnt mir helfen. Ich bin totaler Laie und habe keine Ahnung was genau los ist.
Viele Grüße und vielen Dank |
