Google Weiterleitung

lenny8284 · 25.08.2012, 20:34

Hallo zusammen,
habe seit heute Mittag folgendes Problem. Wenn ich bei Google ein Suchbegrif eingebe, dann erscheinen zwar die Ergebnisse, wenn ich diese dann anklicke lande ich auf einer völlig anderen Seite. Habe in verschiedenen Foren schon häufiger von diesem Problem gelesen. Anbei poste ich mal die Logdaten von Maywarebytes und OTL. Mir ist auch aufgefallen, dass das Problem für ca. 5 Minuten nicht auftritt, wenn man den Router kurz vom Strom nimmt, danach ist es allerdings wieder da.
Ich bin für jeden Ratschlag dankbar!

Also anbei die Logdaten:

Malwarebytes:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.25.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
xxxxxxxxxxxxxx :: NAME-909F30V83H [Administrator]

Schutz: Aktiviert

25.08.2012 16:43:39
mbam-log-2012-08-25 (16-43-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 303485
Laufzeit: 3 Stunde(n), 2 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

--------------------------------------------------------------------

von OTL Teil 1:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.08.2012 20:09:00 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Dokumente und Einstellungen\Juliane Mehls\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,86 Mb Total Physical Memory | 99,77 Mb Available Physical Memory | 9,84% Memory free
2,38 Gb Paging File | 1,49 Gb Available in Paging File | 62,61% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 82,82 Gb Total Space | 18,45 Gb Free Space | 22,28% Space Free | Partition Type: NTFS
Drive D: | 61,29 Gb Total Space | 52,34 Gb Free Space | 85,40% Space Free | Partition Type: NTFS
 
Computer Name: NAME-909F30V83H | User Name: xxxxxxxxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Juliane Mehls\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
PRC - C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (SRS Labs, Inc.)
PRC - C:\Programme\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\Programme\EeePC\ACPI\GMA500.dll ()
MOD - C:\Programme\ASUS\Eee Docking\Eee Docking.exe ()
MOD - C:\Programme\ASUS\Eee Storage\EcaremeDLL.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Programme\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (osppsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SRS_VolSync_Service) -- C:\Programme\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (SRS Labs, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{16CD818D-D298-4CE8-9443-19A6B1994B14}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{E1A4C54B-4771-48A7-90BC-9750299D695E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.23 19:11:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.23 19:11:19 | 000,000,000 | ---D | M]
 
[2009.08.07 01:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Mozilla\Extensions
[2012.08.23 18:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Mozilla\Firefox\Profiles\4miay63v.default\extensions
[2010.06.10 01:25:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Mozilla\Firefox\Profiles\4miay63v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.20 15:07:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Mozilla\Firefox\Profiles\4miay63v.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.08.23 15:44:38 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Mozilla\Firefox\Profiles\4miay63v.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.02.24 23:50:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Mozilla\Firefox\Profiles\4miay63v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.17 18:10:42 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Mozilla\Firefox\Profiles\4miay63v.default\searchplugins\conduit.xml
[2012.08.23 15:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.23 16:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.08.23 16:02:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.06.30 19:03:44 | 000,535,912 | ---- | M] (iLinc Communications, Inc.) -- C:\Programme\mozilla firefox\plugins\NPCltInstall.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.08.15 11:30:17 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.15 11:30:17 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.08.15 11:30:17 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.15 11:30:17 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.15 11:30:17 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.15 11:30:17 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: 20-20 3D Viewer for IKEA (Enabled) = C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\NP_2020Player_IKEA.dll
CHR - plugin: Intel(R) Threading Building Blocks for Windows (Enabled) = C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbb.dll
CHR - plugin: Intel(R) Threading Building Blocks for Windows (Enabled) = C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbbmalloc.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 10.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPCltInstall.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Programme\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: 20-20 3D Viewer for IKEA = C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EasyMode] C:\Programme\ASUS\Easy Mode\Easy Mode.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D05722-56FC-4E7A-9ACF-E5922BCB87AB}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igdlogin: DllName - (igdlogin.dll) - C:\WINDOWS\System32\igdlogin.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.04 12:10:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0a8e9b82-eff8-11de-a07b-002243f2772c}\Shell - "" = AutoRun
O33 - MountPoints2\{0a8e9b82-eff8-11de-a07b-002243f2772c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a8e9b82-eff8-11de-a07b-002243f2772c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ALEX.vbs
O33 - MountPoints2\{1d269908-4d15-11df-a155-0025d344b1ec}\Shell - "" = AutoRun
O33 - MountPoints2\{1d269908-4d15-11df-a155-0025d344b1ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1d269908-4d15-11df-a155-0025d344b1ec}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{255f710a-827e-11df-a1ca-0025d344b1ec}\Shell\AutoRun\command - "" = E:\Menu.exe
O33 - MountPoints2\{7aa8e0f3-f497-11df-a26d-0025d344b1ec}\Shell - "" = AutoRun
O33 - MountPoints2\{7aa8e0f3-f497-11df-a26d-0025d344b1ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7aa8e0f3-f497-11df-a26d-0025d344b1ec}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{abd60dfa-7dc9-11e1-a41d-0025d344b1ec}\Shell - "" = AutoRun
O33 - MountPoints2\{abd60dfa-7dc9-11e1-a41d-0025d344b1ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abd60dfa-7dc9-11e1-a41d-0025d344b1ec}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d04ff67e-aa03-11de-9feb-002243f2772c}\Shell - "" = AutoRun
O33 - MountPoints2\{d04ff67e-aa03-11de-9feb-002243f2772c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d04ff67e-aa03-11de-9feb-002243f2772c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d04ff67f-aa03-11de-9feb-002243f2772c}\Shell - "" = AutoRun
O33 - MountPoints2\{d04ff67f-aa03-11de-9feb-002243f2772c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d04ff67f-aa03-11de-9feb-002243f2772c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs
O33 - MountPoints2\{d8a6bfe8-c4b5-11de-a029-002243f2772c}\Shell - "" = AutoRun
O33 - MountPoints2\{d8a6bfe8-c4b5-11de-a029-002243f2772c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d8a6bfe8-c4b5-11de-a029-002243f2772c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bouha_diable.vbs
O33 - MountPoints2\{f6a6af1a-d2e5-11de-a045-0025d344b1ec}\Shell - "" = AutoRun
O33 - MountPoints2\{f6a6af1a-d2e5-11de-a045-0025d344b1ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6a6af1a-d2e5-11de-a045-0025d344b1ec}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bouha_diable.vbs
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.25 16:20:11 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.08.25 16:17:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Malwarebytes
[2012.08.25 16:17:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.08.25 16:17:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.08.25 16:17:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.25 16:17:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.08.25 14:46:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Anwendungsdaten\Sun
[2012.08.25 02:58:05 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Risxtd
[2012.08.25 02:57:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ResearchSoft
[2012.08.25 02:57:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\EndNote
[2012.08.25 02:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\EndNote
[2012.08.25 02:56:12 | 000,000,000 | ---D | C] -- C:\ZENAPPS
[2012.08.25 02:55:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers
[2012.08.25 02:32:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SharePoint
[2012.08.25 02:32:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office
[2012.08.25 02:29:46 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2012.08.25 02:29:42 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER
[2012.08.25 02:28:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2012.08.25 02:28:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Microsoft
[2012.08.25 02:25:23 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2012.08.25 02:22:41 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2012.08.25 02:19:46 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.08.25 02:11:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\OpenOffice.org
[2012.08.25 02:01:53 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.4.1
[2012.08.25 01:58:14 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3
[2012.08.25 01:54:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Juliane Mehls\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2012.08.24 08:25:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\EndNote
[2012.08.23 19:10:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012.08.23 19:09:59 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2012.08.23 15:53:36 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.08.23 15:53:12 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012.08.23 15:53:12 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.08.23 15:52:48 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.08.23 15:52:48 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.08.23 15:52:48 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012.08.23 15:46:51 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.08.23 11:21:32 | 000,000,000 | ---D | C] -- C:\Programme\de_office_professional_plus_2010_w32_x16-32254
[2012.08.22 12:11:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Juliane Mehls\Desktop\Doktorarbeit NOTEBOOK
[2012.08.02 22:53:19 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Juliane Mehls\Eigene Dateien\Dropbox
[2012.08.02 22:50:23 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2012.08.02 22:49:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Juliane Mehls\Startmenü\Programme\Dropbox
[2012.08.02 22:48:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Dropbox
[2012.08.01 15:11:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Search Settings
[2012.08.01 15:11:34 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2012.08.01 15:11:32 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2012.08.01 15:11:32 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[8 C:\Dokumente und Einstellungen\Juliane Mehls\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Juliane Mehls\Desktop\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.25 20:14:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.25 20:02:05 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.25 16:20:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.08.25 16:17:15 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.25 16:10:32 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.25 16:10:28 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\tijo.job
[2012.08.25 16:10:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.25 15:29:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.08.25 15:11:47 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012.08.25 14:39:03 | 000,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.08.25 02:01:55 | 000,000,909 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk
[2012.08.23 19:10:50 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.08.23 19:05:29 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2012.08.23 16:08:20 | 000,106,496 | RHS- | M] () -- C:\WINDOWS\System32\ksproxy0.dll
[2012.08.23 16:00:00 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.08.23 15:51:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012.08.23 15:51:16 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.08.23 15:51:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.08.23 15:51:14 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.08.23 15:51:14 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012.08.23 15:51:11 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012.08.23 15:51:10 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012.08.23 15:46:52 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.08.23 15:46:51 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.08.23 11:03:00 | 000,112,128 | ---- | M] () -- C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.22 09:09:20 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.08.17 12:00:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.14 21:47:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.08.02 22:53:19 | 000,001,032 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxxxx\Desktop\Dropbox.lnk
[8 C:\Dokumente und Einstellungen\xxxxxxxxxxx\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\xxxxxxxxxxxx\Desktop\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.25 16:17:15 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.25 02:01:55 | 000,000,909 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk
[2012.08.23 19:10:50 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.08.23 19:05:28 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
[2012.08.23 19:05:28 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2012.08.23 16:08:21 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\tijo.job
[2012.08.23 16:08:20 | 000,106,496 | RHS- | C] () -- C:\WINDOWS\System32\ksproxy0.dll
[2012.08.23 15:46:54 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.02 22:53:19 | 000,001,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Juliane Mehls\Desktop\Dropbox.lnk
[2012.02.17 00:20:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.25 03:29:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.14 23:35:36 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.12.22 13:36:25 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2009.08.07 02:35:37 | 000,112,128 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.07 02:03:24 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat

< End of report >

--- --- ---

-----------------------------------------------------------------

von OTL Teil 2:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.08.2012 20:09:00 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Dokumente und Einstellungen\Juliane Mehls\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,86 Mb Total Physical Memory | 99,77 Mb Available Physical Memory | 9,84% Memory free
2,38 Gb Paging File | 1,49 Gb Available in Paging File | 62,61% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 82,82 Gb Total Space | 18,45 Gb Free Space | 22,28% Space Free | Partition Type: NTFS
Drive D: | 61,29 Gb Total Space | 52,34 Gb Free Space | 85,40% Space Free | Partition Type: NTFS
 
Computer Name: NAME-909F30V83H | User Name:xxxxxxxxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Microsoft Office\Office14\GROOVE.EXE" = C:\Programme\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2511D82C-2688-41C2-ABF8-AF237795989B}" = pdfforge Toolbar v6.2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{E4423F16-0E98-4855-BFF4-3EF016C55D67}" = Nokia_Multimedia_Common_Components_2_5
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DE168D-39C0-4378-BD45-C7D150DC5D0E}" = Easy Mode
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6)
"ACDLabs in C__Programme_ACDFREE12_" = ACD/Labs Software in C:\Programme\ACDFREE12\
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS VIBE" = ASUS VIBE
"Avira AntiVir Desktop" = Avira Free Antivirus
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8)
"Eee Docking_is1" = Eee Docking 1.3.2.0
"Eee Storage" = Eee Storage
"EeePC_1101HA" = EeePC_1101HA Screen Saver
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular für Privatanwender
"Free Studio_is1" = Free Studio version 5.0.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.19.412
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LPCO" = Intel(R) Graphics Media Accelerator 500
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uninstall.exe" = iLinc Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XP Codec Pack" = XP Codec Pack
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.08.2012 14:45:30 | Computer Name = NAME-909F30V83H | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2078
 
Error - 24.08.2012 14:45:30 | Computer Name = NAME-909F30V83H | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2078
 
Error - 24.08.2012 14:45:32 | Computer Name = NAME-909F30V83H | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.08.2012 14:45:32 | Computer Name = NAME-909F30V83H | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4141
 
Error - 24.08.2012 14:45:32 | Computer Name = NAME-909F30V83H | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4141
 
Error - 24.08.2012 14:45:35 | Computer Name = NAME-909F30V83H | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.08.2012 14:45:35 | Computer Name = NAME-909F30V83H | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6516
 
Error - 24.08.2012 14:45:35 | Computer Name = NAME-909F30V83H | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6516
 
Error - 24.08.2012 21:02:25 | Computer Name = NAME-909F30V83H | Source = MsiInstaller | ID = 11719
Description = Produkt: Microsoft Office Professional Plus 2010 -- Fehler 1719.Auf
 den Windows Installer-Dienst konnte nicht zugegriffen werden. Dies kann auftreten,
 wenn Windows im abgesicherten Modus ausgeführt wird oder wenn der Windows Installer
 nicht korrekt installiert wurde. Setzen Sie sich mit dem Supportpersonal in Verbindung,
 um weitere Unterstützung zu erhalten.
 
Error - 24.08.2012 21:02:25 | Computer Name = NAME-909F30V83H | Source = MsiInstaller | ID = 1024
Description = Produkt: Microsoft Office Professional Plus 2010 - Update "Security
 Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition" konnte nicht installiert
 werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der
 Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu
 sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung
 zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
 
[ System Events ]
Error - 11.08.2012 10:21:10 | Computer Name = NAME-909F30V83H | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.102 für die Netzwerkkarte mit der Netzwerkadresse
 0025D344B1EC wurde durch  den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server 
hat eine DHCPNACK-Meldung gesendet).
 
Error - 11.08.2012 10:23:20 | Computer Name = NAME-909F30V83H | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 11.08.2012 10:23:20 | Computer Name = NAME-909F30V83H | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 14.08.2012 13:41:39 | Computer Name = NAME-909F30V83H | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 14.08.2012 13:41:39 | Computer Name = NAME-909F30V83H | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 24.08.2012 07:42:37 | Computer Name = NAME-909F30V83H | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "iPod 
Service" mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error - 24.08.2012 07:42:38 | Computer Name = NAME-909F30V83H | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst iPod-Dienst.
 
Error - 24.08.2012 07:42:38 | Computer Name = NAME-909F30V83H | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 24.08.2012 21:02:31 | Computer Name = NAME-909F30V83H | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Security Update for Microsoft PowerPoint 2010
 (KB2553185) 32-Bit Edition
 
Error - 25.08.2012 09:13:16 | Computer Name = NAME-909F30V83H | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.109 für die Netzwerkkarte mit der Netzwerkadresse
 0025D344B1EC wurde durch  den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server 
hat eine DHCPNACK-Meldung gesendet).
 
 
< End of report >

--- --- ---

-------------------------------------------------------------------------------------------------------------------

Anbei noch die Logdatei von AdwCleaner, falls das was bringt:

# AdwCleaner v1.801 - Logfile created 08/25/2012 at 21:47:40
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Juliane Mehls - NAME-909F30V83H
# Boot Mode : Normal
# Running from : C:\Dokumente und Einstellungen\xxxxxxxxxxxxxxx\Eigene Dateien\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

Folder Found : C:\DOKUME~1\JULIAN~1\LOKALE~1\Temp\AskSearch
Folder Found : C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\pdfforge
Folder Found : C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Search Settings
Folder Found : C:\Programme\Application Updater
Folder Found : C:\Programme\AskBarDis
Folder Found : C:\Programme\Conduit
Folder Found : C:\Programme\DVDVideoSoftTB
Folder Found : C:\Programme\pdfforge Toolbar
Folder Found : C:\Programme\Gemeinsame Dateien\spigot

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\DVDVideoSoftTB
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Smartbar
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DVDVideoSoftTB
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7F34F40-A6AA-4966-9B3C-6B662B9E5777}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40B50E99-5A2E-4F94-937C-56BF19AAE7C6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3318 octets] - [25/08/2012 21:47:40]

########## EOF - C:\AdwCleaner[R1].txt - [3446 octets] ##########

t'john · 26.08.2012, 00:02

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) 
DRV - (WDICA) -- File not found 
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys File not found 
DRV - (PDRFRAME) -- File not found 
DRV - (PDRELI) -- File not found 
DRV - (PDFRAME) -- File not found 
DRV - (PDCOMP) -- File not found 
DRV - (PCIDump) -- File not found 
DRV - (lbrtfdc) -- File not found 
DRV - (i2omgmt) -- File not found 
DRV - (Changer) -- File not found 
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys () 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie 
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC 
IE - HKCU\..\SearchScopes\{16CD818D-D298-4CE8-9443-19A6B1994B14}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\..\SearchScopes\{E1A4C54B-4771-48A7-90BC-9750299D695E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.startup.homepage: "www.google.de" 
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=2&q=" 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. 
O4 - HKLM..\Run: [EasyMode] C:\Programme\ASUS\Easy Mode\Easy Mode.exe () 
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found 
O4 - HKCU..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O20 - Winlogon\Notify\igdlogin: DllName - (igdlogin.dll) - C:\WINDOWS\System32\igdlogin.dll () 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.06.04 12:10:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] 
O33 - MountPoints2\{0a8e9b82-eff8-11de-a07b-002243f2772c}\Shell - "" = AutoRun 
O33 - MountPoints2\{0a8e9b82-eff8-11de-a07b-002243f2772c}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{0a8e9b82-eff8-11de-a07b-002243f2772c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ALEX.vbs 
O33 - MountPoints2\{1d269908-4d15-11df-a155-0025d344b1ec}\Shell - "" = AutoRun 
O33 - MountPoints2\{1d269908-4d15-11df-a155-0025d344b1ec}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{1d269908-4d15-11df-a155-0025d344b1ec}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a 
O33 - MountPoints2\{255f710a-827e-11df-a1ca-0025d344b1ec}\Shell\AutoRun\command - "" = E:\Menu.exe 
O33 - MountPoints2\{7aa8e0f3-f497-11df-a26d-0025d344b1ec}\Shell - "" = AutoRun 
O33 - MountPoints2\{7aa8e0f3-f497-11df-a26d-0025d344b1ec}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{7aa8e0f3-f497-11df-a26d-0025d344b1ec}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a 
O33 - MountPoints2\{abd60dfa-7dc9-11e1-a41d-0025d344b1ec}\Shell - "" = AutoRun 
O33 - MountPoints2\{abd60dfa-7dc9-11e1-a41d-0025d344b1ec}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{abd60dfa-7dc9-11e1-a41d-0025d344b1ec}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a 
O33 - MountPoints2\{d04ff67e-aa03-11de-9feb-002243f2772c}\Shell - "" = AutoRun 
O33 - MountPoints2\{d04ff67e-aa03-11de-9feb-002243f2772c}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{d04ff67e-aa03-11de-9feb-002243f2772c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a 
O33 - MountPoints2\{d04ff67f-aa03-11de-9feb-002243f2772c}\Shell - "" = AutoRun 
O33 - MountPoints2\{d04ff67f-aa03-11de-9feb-002243f2772c}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{d04ff67f-aa03-11de-9feb-002243f2772c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs 
O33 - MountPoints2\{d8a6bfe8-c4b5-11de-a029-002243f2772c}\Shell - "" = AutoRun 
O33 - MountPoints2\{d8a6bfe8-c4b5-11de-a029-002243f2772c}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{d8a6bfe8-c4b5-11de-a029-002243f2772c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bouha_diable.vbs 
O33 - MountPoints2\{f6a6af1a-d2e5-11de-a045-0025d344b1ec}\Shell - "" = AutoRun 
O33 - MountPoints2\{f6a6af1a-d2e5-11de-a045-0025d344b1ec}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{f6a6af1a-d2e5-11de-a045-0025d344b1ec}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bouha_diable.vbs 
O33 - MountPoints2\F\Shell - "" = AutoRun 
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a 
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
[2012.08.23 16:08:20 | 000,106,496 | RHS- | M] () -- C:\WINDOWS\System32\ksproxy0.dll 

[2012.08.01 15:11:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Search Settings 
[2012.08.01 15:11:34 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater 
[2012.08.01 15:11:32 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot 
[2012.08.01 15:11:32 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar 
[2012.08.25 20:14:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job 
[2012.08.25 20:02:05 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.25 16:10:32 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.25 16:10:28 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\tijo.job 

:Files


C:\Users\Juliane Mehls\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Juliane Mehls\AppData\Local\Temp\*.exe
C:\Users\Juliane Mehls\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

lenny8284 · 26.08.2012, 11:30

Danke schonmal für Deine Hilfe.
Hier die Logfile von OTL:

All processes killed
========== OTL ==========
Error: No service named Application Updater was found to stop!
Service\Driver key Application Updater not found.
File C:\Programme\Application Updater\ApplicationUpdater.exe not found.
Error: No service named WDICA was found to stop!
Service\Driver key WDICA not found.
File File not found not found.
Error: No service named vsdatant was found to stop!
Service\Driver key vsdatant not found.
File C:\WINDOWS\system32\vsdatant.sys File not found not found.
Error: No service named PDRFRAME was found to stop!
Service\Driver key PDRFRAME not found.
File File not found not found.
Error: No service named PDRELI was found to stop!
Service\Driver key PDRELI not found.
File File not found not found.
Error: No service named PDFRAME was found to stop!
Service\Driver key PDFRAME not found.
File File not found not found.
Error: No service named PDCOMP was found to stop!
Service\Driver key PDCOMP not found.
File File not found not found.
Error: No service named PCIDump was found to stop!
Service\Driver key PCIDump not found.
File File not found not found.
Error: No service named lbrtfdc was found to stop!
Service\Driver key lbrtfdc not found.
File File not found not found.
Error: No service named i2omgmt was found to stop!
Service\Driver key i2omgmt not found.
File File not found not found.
Error: No service named Changer was found to stop!
Service\Driver key Changer not found.
File File not found not found.
Error: No service named SRS_PremiumSound_Service was found to stop!
Service\Driver key SRS_PremiumSound_Service not found.
File C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{16CD818D-D298-4CE8-9443-19A6B1994B14}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16CD818D-D298-4CE8-9443-19A6B1994B14}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1A4C54B-4771-48A7-90BC-9750299D695E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1A4C54B-4771-48A7-90BC-9750299D695E}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: toolbar@ask.com:3.11.3.15590 removed from extensions.enabledItems
Prefs.js: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 removed from extensions.enabledItems
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EasyMode deleted successfully.
C:\Programme\ASUS\Easy Mode\Easy Mode.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Eee Docking deleted successfully.
C:\Programme\ASUS\Eee Docking\Eee Docking.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igdlogin\ deleted successfully.
C:\WINDOWS\system32\igdlogin.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a8e9b82-eff8-11de-a07b-002243f2772c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a8e9b82-eff8-11de-a07b-002243f2772c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a8e9b82-eff8-11de-a07b-002243f2772c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a8e9b82-eff8-11de-a07b-002243f2772c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a8e9b82-eff8-11de-a07b-002243f2772c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a8e9b82-eff8-11de-a07b-002243f2772c}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ALEX.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d269908-4d15-11df-a155-0025d344b1ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d269908-4d15-11df-a155-0025d344b1ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d269908-4d15-11df-a155-0025d344b1ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d269908-4d15-11df-a155-0025d344b1ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d269908-4d15-11df-a155-0025d344b1ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d269908-4d15-11df-a155-0025d344b1ec}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{255f710a-827e-11df-a1ca-0025d344b1ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{255f710a-827e-11df-a1ca-0025d344b1ec}\ not found.
File E:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aa8e0f3-f497-11df-a26d-0025d344b1ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aa8e0f3-f497-11df-a26d-0025d344b1ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aa8e0f3-f497-11df-a26d-0025d344b1ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aa8e0f3-f497-11df-a26d-0025d344b1ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aa8e0f3-f497-11df-a26d-0025d344b1ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aa8e0f3-f497-11df-a26d-0025d344b1ec}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abd60dfa-7dc9-11e1-a41d-0025d344b1ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abd60dfa-7dc9-11e1-a41d-0025d344b1ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abd60dfa-7dc9-11e1-a41d-0025d344b1ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abd60dfa-7dc9-11e1-a41d-0025d344b1ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abd60dfa-7dc9-11e1-a41d-0025d344b1ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abd60dfa-7dc9-11e1-a41d-0025d344b1ec}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d04ff67e-aa03-11de-9feb-002243f2772c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d04ff67e-aa03-11de-9feb-002243f2772c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d04ff67e-aa03-11de-9feb-002243f2772c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d04ff67e-aa03-11de-9feb-002243f2772c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d04ff67e-aa03-11de-9feb-002243f2772c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d04ff67e-aa03-11de-9feb-002243f2772c}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d04ff67f-aa03-11de-9feb-002243f2772c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d04ff67f-aa03-11de-9feb-002243f2772c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d04ff67f-aa03-11de-9feb-002243f2772c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d04ff67f-aa03-11de-9feb-002243f2772c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d04ff67f-aa03-11de-9feb-002243f2772c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d04ff67f-aa03-11de-9feb-002243f2772c}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8a6bfe8-c4b5-11de-a029-002243f2772c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8a6bfe8-c4b5-11de-a029-002243f2772c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8a6bfe8-c4b5-11de-a029-002243f2772c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8a6bfe8-c4b5-11de-a029-002243f2772c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8a6bfe8-c4b5-11de-a029-002243f2772c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8a6bfe8-c4b5-11de-a029-002243f2772c}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bouha_diable.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a6af1a-d2e5-11de-a045-0025d344b1ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6a6af1a-d2e5-11de-a045-0025d344b1ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a6af1a-d2e5-11de-a045-0025d344b1ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6a6af1a-d2e5-11de-a045-0025d344b1ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a6af1a-d2e5-11de-a045-0025d344b1ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6a6af1a-d2e5-11de-a045-0025d344b1ec}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bouha_diable.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET78.tmp deleted successfully.
C:\WINDOWS\system32\ksproxy0.dll moved successfully.
C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Search Settings\temp folder moved successfully.
C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Search Settings\res folder moved successfully.
C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\Search Settings folder moved successfully.
C:\Programme\Application Updater folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\chrome\content folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\chrome folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Lang folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot folder moved successfully.
C:\Programme\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Programme\pdfforge Toolbar\Res folder moved successfully.
C:\Programme\pdfforge Toolbar\IE\6.2 folder moved successfully.
C:\Programme\pdfforge Toolbar\IE folder moved successfully.
C:\Programme\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Programme\pdfforge Toolbar\FF folder moved successfully.
C:\Programme\pdfforge Toolbar folder moved successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\tijo.job moved successfully.
========== FILES ==========
File\Folder C:\Users\Juliane Mehls\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Juliane Mehls\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\Juliane Mehls\AppData\LocalLow\Sun\Java\Deployment\cache not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Juliane Mehls\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Juliane Mehls\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Juliane Mehls
->Temp folder emptied: 1110599394 bytes
->Temporary Internet Files folder emptied: 304923060 bytes
->Java cache emptied: 58145455 bytes
->FireFox cache emptied: 61282823 bytes
->Google Chrome cache emptied: 86949300 bytes
->Flash cache emptied: 506 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33036 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 335361345 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25378198 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.891,00 mb

OTL by OldTimer - Version 3.2.59.0 log created on 08262012_121303

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\Juliane Mehls\Lokale Einstellungen\Temp\2011-09-09-1180209001_04-RG.PDF not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

----------------------------------------------------------------------------------------------------------------------------------------

Also das Problem scheint jetzt tatsächlich behoben zu sein!!!

Ich hoffe, dass es auch so bleibt. Macht es eigentlich Sinn, Malwarebytes und Avira gleichzeitig laufen zu lassen, oder behindern die Programme sich gegenseitig?

t'john · 27.08.2012, 02:43

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

lenny8284 · 27.08.2012, 10:05

Hey t`john, wirklich vielen Dank für Deine Hilfe!!!

hier ist die logdatei von malwarebytes:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.08.26.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Juliane Mehls :: NAME-909F30V83H [Administrator]

Schutz: Deaktiviert

27.08.2012 08:03:28
mbam-log-2012-08-27 (08-03-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 318515
Laufzeit: 2 Stunde(n), 57 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

-----------------------------------------------------------------------

und hier die von adwcleaner:

# AdwCleaner v1.801 - Logfile created 08/27/2012 at 11:02:45
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Juliane Mehls - NAME-909F30V83H
# Boot Mode : Normal
# Running from : C:\Dokumente und Einstellungen\Juliane Mehls\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\pdfforge
Folder Found : C:\Programme\AskBarDis
Folder Found : C:\Programme\Conduit
Folder Found : C:\Programme\DVDVideoSoftTB

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\DVDVideoSoftTB
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Smartbar
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DVDVideoSoftTB
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7F34F40-A6AA-4966-9B3C-6B662B9E5777}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40B50E99-5A2E-4F94-937C-56BF19AAE7C6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3449 octets] - [25/08/2012 21:47:40]
AdwCleaner[R2].txt - [2804 octets] - [27/08/2012 11:02:45]

########## EOF - C:\AdwCleaner[R2].txt - [2932 octets] ##########

ist mein netbook damit sozusagen "clean" ?

t'john · 27.08.2012, 18:10

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

lenny8284 · 28.08.2012, 07:45

Logdatei von AdwCleaner:

# AdwCleaner v1.801 - Logfile created 08/27/2012 at 22:52:58
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Juliane Mehls - NAME-909F30V83H
# Boot Mode : Normal
# Running from : C:\Dokumente und Einstellungen\Juliane Mehls\Desktop\sicherheitssoftware\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Dokumente und Einstellungen\Juliane Mehls\Anwendungsdaten\pdfforge
Folder Deleted : C:\Programme\AskBarDis
Folder Deleted : C:\Programme\Conduit
Folder Deleted : C:\Programme\DVDVideoSoftTB

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Smartbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DVDVideoSoftTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7F34F40-A6AA-4966-9B3C-6B662B9E5777}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40B50E99-5A2E-4F94-937C-56BF19AAE7C6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3449 octets] - [25/08/2012 21:47:40]
AdwCleaner[R2].txt - [2933 octets] - [27/08/2012 11:02:45]
AdwCleaner[R3].txt - [2993 octets] - [27/08/2012 11:07:00]
AdwCleaner[S1].txt - [2809 octets] - [27/08/2012 22:52:58]

########## EOF - C:\AdwCleaner[S1].txt - [2937 octets] ##########

-----------------------------------------------------------------

bericht von Emisoft:

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 27.08.2012 23:05:26

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 27.08.2012 23:07:38

C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Dokumente und Einstellungen\Juliane Mehls\Eigene Dateien\Downloads\PDFCreator-1_2_3_setup.exe gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1

Gescannt 581953
Gefunden 2

Scan Ende: 28.08.2012 03:54:17
Scan Zeit: 4:46:39

Und nun?

t'john · 28.08.2012, 19:11

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

lenny8284 · 29.08.2012, 06:31

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a69c87557a2b2440997a0815f53e7518
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-29 12:27:55
# local_time=2012-08-29 02:27:56 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777175 100 0 19559349 19559349 0 0
# compatibility_mode=8192 67108863 100 0 176 176 0 0
# scanned=110635
# found=19
# cleaned=19
# scan_time=20990
C:\Dokumente und Einstellungen\Juliane Mehls\Eigene Dateien\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Dokumente und Einstellungen\Juliane Mehls\Eigene Dateien\Downloads\backups\backup-20120825-154721-555.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Installer\35507.msi probably a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_121303\C_Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Eigene Dateien\setups\SoftonicDownloader_fuer_free-vimeo-downloader.exe a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Eigene Dateien\setups\SoftonicDownloader_fuer_k-lite-codec-pack.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

t'john · 29.08.2012, 06:34

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

lenny8284 · 29.08.2012, 06:52

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 15.0 ist aktuell

Flash (11,4,402,265) ist aktuell.

Java ist Installiert aber nicht aktiviert.

Adobe Reader 10,1,4,38 ist aktuell.

t'john · 29.08.2012, 20:20

Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

lenny8284 · 30.08.2012, 07:49

Super, nochmals vielen herzlichen Dank!!!!!!!!

29.08.2012, 06:34	#10
t'john /// Helfer-Team	Google Weiterleitung Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck __________________ Mfg, t'john Das TB unterstützen

Google Weiterleitung

Plagegeister aller Art und deren Bekämpfung: Google Weiterleitung