Wie bekomme ich ChatZum von meinem Computer?

cosinus · 09.10.2012, 14:32

Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Ainhoa · 09.10.2012, 18:46

So hier der neuste log:

Code:

ATTFilter

# AdwCleaner v2.004 - Datei am 09/10/2012 um 19:45:30 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzer : Svenja - AINHOA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Svenja\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\ChatZum Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gefunden : HKLM\Software\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Schlüssel Gefunden : HKU\S-1-5-21-2339853823-2107313754-116825072-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Profilname : default 
Datei : C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\fqelcgji.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\dq4vluvq.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Svenja\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.2.1578.0

Datei : C:\Users\Svenja\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [26176 octets] - [02/10/2012 16:07:11]
AdwCleaner[R2].txt - [26237 octets] - [02/10/2012 16:08:21]
AdwCleaner[R3].txt - [26298 octets] - [02/10/2012 16:19:22]
AdwCleaner[R4].txt - [26314 octets] - [05/10/2012 19:26:34]
AdwCleaner[S1].txt - [26660 octets] - [06/10/2012 19:35:24]
AdwCleaner[R5].txt - [2540 octets] - [09/10/2012 19:45:30]

########## EOF - C:\AdwCleaner[R5].txt - [2600 octets] ##########

Ich habe auch noch eine Frage. Ich habe mir als ich den Müll entdeckt habe, auf das andere Laufwerk Ubuntu gespielt und arbeite seitdem damit... Wichtige Dateien habe ich auf einen Stick kopiert und benutze sie unter ubuntu. Ist ubuntu auch anfällig für solche Kram oder kann ich davon ausgehen, dass das "sauber" ist ?

Danke für die ganzen Mühen und die Hilfe!!!

cosinus · 09.10.2012, 19:19

Zitat:

Ist ubuntu auch anfällig für solche Kram oder kann ich davon ausgehen, dass das "sauber" ist ?

Ubuntu bzw. Linux allgemein hat solche Probleme nicht, bzw. noch nicht. Da ich sag mal 99% der Software unter Linux aber auf eine völlig andere Weise installiert wird wie unter Windows - und damit meine ich v.a. wie man es macht - kann eigentlich nicht mal eben weil der User bei einem Setup etwas übersieht mit Toolbars und Werbekacke zugekleistert werden

und deswegen wird das IMHO auch lange noch so bleiben unter Ubuntu bzw. Linux allgemein

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Ainhoa · 12.10.2012, 14:32

So, finally:

# AdwCleaner v2.004 - Datei am 12/10/2012 um 15:22:13 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (32 bits)
# Benutzer : Svenja - AINHOA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Svenja\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Profilname : default
Datei : C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\fqelcgji.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\dq4vluvq.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Svenja\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.2.1578.0

Datei : C:\Users\Svenja\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [26176 octets] - [02/10/2012 16:07:11]
AdwCleaner[R2].txt - [26237 octets] - [02/10/2012 16:08:21]
AdwCleaner[R3].txt - [26298 octets] - [02/10/2012 16:19:22]
AdwCleaner[R4].txt - [26314 octets] - [05/10/2012 19:26:34]
AdwCleaner[S1].txt - [26660 octets] - [06/10/2012 19:35:24]
AdwCleaner[R5].txt - [2669 octets] - [09/10/2012 19:45:30]
AdwCleaner[R6].txt - [2729 octets] - [12/10/2012 15:21:31]
AdwCleaner[S2].txt - [2501 octets] - [12/10/2012 15:22:13]

########## EOF - C:\AdwCleaner[S2].txt - [2561 octets] ##########

cosinus · 12.10.2012, 16:53

Die Logs bitte in CODE-Tags!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Ainhoa · 23.10.2012, 22:42

So, nach dem ich nun 1o Tage vom Internet getrennt war, hier der log:

Code:

ATTFilter

OTL logfile created on: 10/23/2012 10:59:02 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Svenja\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.57% Memory free
5.98 Gb Paging File | 4.59 Gb Available in Paging File | 76.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 52.84 Gb Free Space | 37.34% Space Free | Partition Type: NTFS
 
Computer Name: AINHOA | User Name: Svenja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Svenja\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\HPSIsvc.exe (HP)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HPSIService) -- C:\Windows\System32\HPSIsvc.exe (HP)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vpnva) -- system32\DRIVERS\vpnva.sys File not found
DRV - (hwusbfake) -- system32\DRIVERS\ewusbfake.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (mvusbews) -- C:\Windows\System32\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (CryptOSD) -- C:\Windows\System32\drivers\CryptOSD.sys (Phoenix Technologies Ltd.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\..\SearchScopes\{DBDFC5E5-E6ED-4A2B-A093-889253A7FAD2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=87837D07-3F70-45E9-B5DC-3701AAB357B7&apn_sauid=B4096E54-DEC7-48A4-AEDD-C981C0ED6058
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://searchsafer.com/"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011/08/12 20:15:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/22 20:18:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/06/10 18:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Svenja\AppData\Roaming\mozilla\Extensions
[2012/10/02 13:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Svenja\AppData\Roaming\mozilla\Firefox\Profiles\fqelcgji.default\extensions
[2012/07/31 14:03:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Svenja\AppData\Roaming\mozilla\Firefox\Profiles\fqelcgji.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/07/26 08:36:52 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Svenja\AppData\Roaming\mozilla\firefox\profiles\fqelcgji.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/02 12:34:05 | 000,000,642 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\mozilla\firefox\profiles\fqelcgji.default\searchplugins\search-safer.xml
[2012/10/02 13:25:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/06/20 12:59:45 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010/06/10 18:13:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\Svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn\1.0.0_0\
CHR - Extension: No name found = C:\Users\Svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\Svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb\1.0.6_0\
CHR - Extension: No name found = C:\Users\Svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
 
O1 HOSTS File: ([2012/06/20 12:48:32 | 000,000,861 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 134.95.7.4	vpngate.uni-koeln.de
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-21-2339853823-2107313754-116825072-1001..\Run: [EPSON Stylus DX4000 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2339853823-2107313754-116825072-1001..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil11g_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Svenja\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25E5EC99-7CB0-4BB6-8BCE-20C4774EC441}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F25D5C4-4424-4C27-87BC-F4D72E857695}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3269D983-67ED-432E-81E0-FB82FE7FD53C}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC1D0B97-808D-4314-B978-D70926A2E3CF}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBDFAB2B-910A-440B-9C10-99BB89CE3500}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16cc7e69-02eb-11e1-86a6-98b2ad46e3f0}\Shell - "" = AutoRun
O33 - MountPoints2\{16cc7e69-02eb-11e1-86a6-98b2ad46e3f0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{67670b30-f4e1-11e0-971b-c2e30368c5f6}\Shell - "" = AutoRun
O33 - MountPoints2\{67670b30-f4e1-11e0-971b-c2e30368c5f6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{71a17970-3d5a-11e1-914f-9cf8d9222817}\Shell - "" = AutoRun
O33 - MountPoints2\{71a17970-3d5a-11e1-914f-9cf8d9222817}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{71a17986-3d5a-11e1-914f-9cf8d9222817}\Shell - "" = AutoRun
O33 - MountPoints2\{71a17986-3d5a-11e1-914f-9cf8d9222817}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{73538194-41e8-11e1-a285-a07adf532287}\Shell - "" = AutoRun
O33 - MountPoints2\{73538194-41e8-11e1-a285-a07adf532287}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{735381b8-41e8-11e1-a285-a07adf532287}\Shell - "" = AutoRun
O33 - MountPoints2\{735381b8-41e8-11e1-a285-a07adf532287}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{958a3554-c502-11e0-b9a2-c426a42505fd}\Shell - "" = AutoRun
O33 - MountPoints2\{958a3554-c502-11e0-b9a2-c426a42505fd}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9d9df0df-53f9-11df-bae8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9df0df-53f9-11df-bae8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\wubi.exe
O33 - MountPoints2\{ef622c49-c5e2-11e0-8f8b-da345cb110e6}\Shell - "" = AutoRun
O33 - MountPoints2\{ef622c49-c5e2-11e0-8f8b-da345cb110e6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\wubi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/23 22:57:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Svenja\Desktop\OTL.exe
[2012/10/08 23:34:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Svenja\Documents\OTL.exe
[2012/10/06 22:46:21 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\Opera
[2012/10/06 22:46:21 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Local\Opera
[2012/10/06 22:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/10/06 22:45:21 | 012,272,352 | ---- | C] (Opera Software ASA) -- C:\Users\Svenja\Desktop\Opera_1202_int_Setup.exe
[2012/10/04 22:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/02 18:39:30 | 000,000,000 | ---D | C] -- C:\Sichern
[2012/10/02 14:47:10 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\Malwarebytes
[2012/10/02 14:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/02 14:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/02 14:47:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/10/02 14:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/02 12:51:35 | 000,000,000 | ---D | C] -- C:\Users\Svenja\eTeks
[2012/10/02 12:40:06 | 032,741,848 | ---- | C] (eTeks                                                       ) -- C:\Users\Svenja\Desktop\SweetHome3D-3.6-windows-oc.exe
[2012/10/02 12:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IKEA HomePlanner
[2012/10/02 12:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner
[2012/10/02 12:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/23 22:57:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Svenja\Desktop\OTL.exe
[2012/10/23 22:56:49 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/23 22:56:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/23 22:22:47 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/23 22:22:47 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/23 22:22:11 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/22 19:54:30 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/10/22 19:54:30 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/10/22 19:54:30 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/10/22 19:54:30 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/10/22 19:38:56 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/09 19:44:19 | 000,538,327 | ---- | M] () -- C:\Users\Svenja\Desktop\adwcleaner.exe
[2012/10/08 23:35:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Svenja\Documents\OTL.exe
[2012/10/06 22:46:13 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/10/06 22:45:45 | 012,272,352 | ---- | M] (Opera Software ASA) -- C:\Users\Svenja\Desktop\Opera_1202_int_Setup.exe
[2012/10/02 14:47:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/02 14:00:24 | 000,302,592 | ---- | M] () -- C:\Users\Svenja\Desktop\qqgy4u6z.exe
[2012/10/02 13:53:44 | 000,000,120 | ---- | M] () -- C:\Users\Svenja\Desktop\redirect-to.htm
[2012/10/02 12:40:23 | 032,741,848 | ---- | M] (eTeks                                                       ) -- C:\Users\Svenja\Desktop\SweetHome3D-3.6-windows-oc.exe
[2012/10/02 12:32:40 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2012/10/02 12:32:03 | 020,488,704 | ---- | M] () -- C:\Users\Svenja\Desktop\IKEA_Home_Planner_FY10.exe
[2012/09/24 15:30:56 | 000,015,494 | ---- | M] () -- C:\Users\Svenja\Desktop\wohnungen.odt
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/09 19:44:19 | 000,538,327 | ---- | C] () -- C:\Users\Svenja\Desktop\adwcleaner.exe
[2012/10/06 22:46:13 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/10/06 22:46:13 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/10/02 14:47:07 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/02 14:00:20 | 000,302,592 | ---- | C] () -- C:\Users\Svenja\Desktop\qqgy4u6z.exe
[2012/10/02 13:53:43 | 000,000,120 | ---- | C] () -- C:\Users\Svenja\Desktop\redirect-to.htm
[2012/10/02 12:32:40 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2012/10/02 12:31:55 | 020,488,704 | ---- | C] () -- C:\Users\Svenja\Desktop\IKEA_Home_Planner_FY10.exe
[2012/09/24 15:24:00 | 000,015,494 | ---- | C] () -- C:\Users\Svenja\Desktop\wohnungen.odt
[2012/07/24 12:00:44 | 001,511,424 | ---- | C] () -- C:\windows\System32\HP1100SM.EXE
[2012/07/24 12:00:43 | 000,151,552 | ---- | C] () -- C:\windows\System32\HP1100LM.DLL
[2012/07/24 12:00:28 | 000,284,160 | ---- | C] () -- C:\windows\System32\mvhlewsi.dll
[2012/07/24 12:00:22 | 000,081,920 | ---- | C] () -- C:\windows\System32\mvusbews.dll
[2012/07/24 12:00:21 | 000,054,272 | ---- | C] () -- C:\windows\System32\HP1100SMs.dll
[2012/05/06 23:25:46 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012/05/06 23:25:46 | 000,000,034 | ---- | C] () -- C:\windows\System32\BD5280DW.DAT
[2011/12/20 13:23:00 | 000,006,656 | ---- | C] () -- C:\Users\Svenja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/25 11:45:02 | 000,001,473 | ---- | C] () -- C:\Users\Svenja\.recently-used.xbel
[2010/06/10 23:11:27 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/06/10 18:15:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/09/30 21:14:54 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Bytemobile
[2011/09/30 21:14:55 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Vodafone
[2011/03/23 23:00:56 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Academic Software Zurich
[2010/08/17 12:46:26 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Amazon
[2011/08/12 20:16:35 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Bytemobile
[2012/10/23 22:15:59 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Dropbox
[2012/07/31 14:04:07 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\DVDVideoSoft
[2012/07/31 14:03:53 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/03/26 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Foxit Software
[2010/12/12 15:32:06 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\gtk-2.0
[2011/01/09 23:48:31 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Local
[2010/06/12 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\OpenOffice.org
[2012/10/06 22:46:21 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Opera
[2011/10/06 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Thunderbird
[2011/08/12 20:16:54 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Vodafone
[2011/08/12 23:00:14 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Vodafone Mobile Connect
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/03/23 23:00:56 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Academic Software Zurich
[2010/06/10 19:45:19 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Adobe
[2010/08/17 12:46:26 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Amazon
[2011/03/21 16:41:15 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Apple Computer
[2011/03/28 23:39:26 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Avira
[2012/08/13 10:47:45 | 000,000,000 | R--D | M] -- C:\Users\Svenja\AppData\Roaming\Brother
[2011/08/12 20:16:35 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Bytemobile
[2011/01/09 23:48:19 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\DivX
[2012/10/23 22:15:59 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Dropbox
[2012/09/01 22:15:01 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\dvdcss
[2012/07/31 14:04:07 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\DVDVideoSoft
[2012/07/31 14:03:53 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/12 20:23:37 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\FLEXnet
[2012/03/26 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Foxit Software
[2010/06/10 18:04:23 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Google
[2010/12/12 15:32:06 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\gtk-2.0
[2010/06/10 23:30:03 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Identities
[2011/01/09 23:48:31 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Local
[2010/06/10 20:33:01 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Macromedia
[2012/10/02 14:47:10 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Malwarebytes
[2010/03/06 00:03:20 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Media Center Programs
[2011/03/04 19:34:49 | 000,000,000 | --SD | M] -- C:\Users\Svenja\AppData\Roaming\Microsoft
[2010/06/10 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Mozilla
[2010/06/12 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\OpenOffice.org
[2012/10/06 22:46:21 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Opera
[2012/10/02 18:35:54 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Skype
[2012/09/17 08:56:57 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\skypePM
[2011/10/06 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Thunderbird
[2012/09/08 13:06:25 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\vlc
[2011/08/12 20:16:54 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Vodafone
[2011/08/12 23:00:14 | 000,000,000 | ---D | M] -- C:\Users\Svenja\AppData\Roaming\Vodafone Mobile Connect
 
< %APPDATA%\*.exe /s >
[2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012/05/24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Svenja\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012/05/24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Svenja\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/11/20 07:59:26 | 000,432,664 | ---- | M] (Intel Corporation) MD5=EDF5ECC965FAAA533D35E02F47B9132E -- C:\Windows\System32\drivers\iaStor.sys
[2009/11/20 07:59:26 | 000,432,664 | ---- | M] (Intel Corporation) MD5=EDF5ECC965FAAA533D35E02F47B9132E -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_a3da184953a37ce8\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\FirewallAPI.dll
[2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\LocationApi.dll
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< End of report >

cosinus · 24.10.2012, 13:39

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\..\SearchScopes\{DBDFC5E5-E6ED-4A2B-A093-889253A7FAD2}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=87837D07-3F70-45E9-B5DC-3701AAB357B7&apn_sauid=B4096E54-DEC7-48A4-AEDD-C981C0ED6058
FF - prefs.js..browser.startup.homepage: "http://searchsafer.com/"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:Files
C:\ProgramData\FullRemove.exe
C:\Windows\System32\Rezip.exe
C:\Users\Svenja\Downloads\Softonic*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ainhoa · 25.10.2012, 10:35

so. und wieder ein ein log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Error: Unable to stop service Rezip!
Service Rezip deleted successfully!
C:\Windows\System32\Rezip.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-2339853823-2107313754-116825072-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DBDFC5E5-E6ED-4A2B-A093-889253A7FAD2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBDFC5E5-E6ED-4A2B-A093-889253A7FAD2}\ not found.
Prefs.js: "hxxp://searchsafer.com/" removed from browser.startup.homepage
Prefs.js: helperbar@helperbar.com:1.0 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
C:\ProgramData\FullRemove.exe moved successfully.
File\Folder C:\Windows\System32\Rezip.exe not found.
C:\Users\Svenja\Downloads\SoftonicDownloader76279.exe moved successfully.
C:\Users\Svenja\Downloads\SoftonicDownloader_fuer_ikea-home-planer.exe moved successfully.
C:\Users\Svenja\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Svenja\Desktop\cmd.bat deleted successfully.
C:\Users\Svenja\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 301856 bytes
->Temporary Internet Files folder emptied: 279610 bytes
->FireFox cache emptied: 6590292 bytes
 
User: Public
 
User: Svenja
->Temp folder emptied: 915470353 bytes
->Temporary Internet Files folder emptied: 75739710 bytes
->Java cache emptied: 108310 bytes
->FireFox cache emptied: 72442885 bytes
->Google Chrome cache emptied: 819568 bytes
->Apple Safari cache emptied: 7663616 bytes
->Opera cache emptied: 53828497 bytes
->Flash cache emptied: 15784 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 90112 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 311695391 bytes
RecycleBin emptied: 2156428148 bytes
 
Total Files Cleaned = 3,435.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10252012_105813

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 25.10.2012, 11:46

Ok, eine Kontrolle bitte

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Ainhoa · 25.10.2012, 13:00

Nr. 1:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10/25/2012 1:44:43 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Svenja\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.62% Memory free
5.98 Gb Paging File | 4.66 Gb Available in Paging File | 77.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 55.30 Gb Free Space | 39.08% Space Free | Partition Type: NTFS
Drive D: | 1.89 Gb Total Space | 0.43 Gb Free Space | 22.94% Space Free | Partition Type: FAT32
 
Computer Name: AINHOA | User Name: Svenja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE4FB64-14D7-4693-910C-42B9D546CC64}" = rport=137 | protocol=17 | dir=out | app=system | 
"{24AB448E-EF4D-42BF-A9CB-A68703713342}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{26C90117-AD65-4C3D-937F-F1B6C7D783C4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2F09F8E8-C671-40CD-9594-02FCD1166DD2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2FF80DEA-2C30-47E5-88C6-6D414B0C32AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{469AC8F5-3A73-41DE-B4DD-E299330C69A8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{493E20C1-3026-4E1F-8E10-D52B1928CC0D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4A3A8FBA-F752-4A74-BA53-4EBF630D5DE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{50CBE265-1B0A-45CB-8FFA-0B56D53A5F41}" = rport=139 | protocol=6 | dir=out | app=system | 
"{59627B24-7BA8-4D62-873E-E87039B08A3A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5EA00162-87DD-4542-8C36-B0EFE13D30F0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{76180859-3A4E-46E1-B850-57AE33709D9C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{808CA3F3-4649-4BCC-AB0F-0EF2244DA16B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{80C44B96-00BC-4FCF-A777-A2D4F11BC923}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{82EEDAC6-5312-43C0-ADCB-CD1926693B4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{94093768-CD5B-43E5-B854-656905CA79A2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{994DC493-7C01-4FE4-8C39-D1312E5CAB71}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9D79211A-3A06-4649-B706-B3CCDBB78262}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9ED11F61-1F9B-4D84-BFBF-A62FBBEFDE9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A194B1AC-C884-4E26-B616-0773A46EEFF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A581115D-89BA-4D60-8DCF-4B50FF4097D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A98549C2-3074-4367-964E-7D93CFDC0350}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B2481417-4023-41A6-B106-2355F90BD402}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B8453859-0E8D-4369-875B-418AEB33C46F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BBA6CFFD-3515-43B1-8DD0-472F959806E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C45CD376-A384-4B4B-9F5B-BC78C113EA8B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CF4AADCB-145A-4F49-8795-04940427C1E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D2E656FD-8679-4B4D-A6D4-EB2F40F36827}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D7114FFA-9CE2-40A3-BDE1-DAA52B052282}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DE147BE8-F275-4410-9A78-FDFDAD82C84C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EA06C10D-8976-4B97-9F47-A742EB528DD3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A43D49F-83CF-46E0-83A9-D2B54EFBC5C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0FD56E1B-99D0-40FE-A47F-B3A262DEB4E3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{12E71751-92CC-4C34-BDF9-5E41A7D58AE4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{13897549-DDD6-4F8A-BE13-56DC28900647}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{19B1B9B7-A918-43A5-8D73-BA6AF6F39078}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1AED6988-F109-4BEE-A030-7FBA5C8D648F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1BA43D05-57B1-47C2-B5B6-4CCA62019B58}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{24A2FEA0-757A-43DF-85B0-B9C7E18A7DEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{27312109-6373-427E-98C5-E5249E704982}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{4289C17E-224B-4869-A072-D16D7417DE51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4DF99107-CBFA-435B-A450-F329A06D27C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6028BC51-3183-4A20-8CDE-8E46C5FCA79A}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{6D465291-2090-42C4-9B1D-F05B2698C43D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{70C8FE5C-CB5F-4D3A-8A37-4BCA0537FB73}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{77620AAE-87B2-4DA7-AD96-2A470E13D3A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7FB2CFD0-21BC-431F-8B06-E9BCD10EA166}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{842DEB30-5FA2-4AEF-BDA5-D0408E340865}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8A8E57E1-AAAA-49CD-807B-11B308BCCB66}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8EB54D4D-8AD3-4A16-96A0-B8FBD223A2B4}" = protocol=17 | dir=in | app=c:\users\svenja\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9E029358-DE5A-44A8-B1B9-3521EA4032D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A2376AF4-41F2-4F18-86BA-B80CC7A14F86}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B02B15F0-2649-4640-B5F5-853B16A02BC6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B8BC6DAD-55B7-4CEB-88B3-2408C3198A33}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BAACA1BC-7E7F-45DC-9D60-C6B9B24D7C7B}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C1D9073B-5E5A-4340-84BE-1A7B4D9BC503}" = protocol=6 | dir=out | app=system | 
"{D01D8115-B033-46E5-8539-11EF02BD1709}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D81A9F5F-C3DD-454A-BF13-326360F71A6A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E2CC4B3E-8CFD-47D2-9C53-3DAF200CBBA3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F3883D88-1DED-4E33-83CF-E9F72BDADFB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FEA28816-1DC9-4B2F-9849-C9C88984A1D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{13AA285E-F418-4D55-A9C9-460E81C451F7}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{52BCBA46-19C3-499D-B3D4-F6B4F64A08C2}C:\users\svenja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\svenja\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{8F687433-111E-47FF-B4BE-ACA28610EA09}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{B4FDA8A0-D22D-4FF8-880C-557080884A26}C:\program files\spssinc\paswstatistics18\paswstat.exe" = protocol=6 | dir=in | app=c:\program files\spssinc\paswstatistics18\paswstat.exe | 
"UDP Query User{0CDD69C5-4546-46D0-88A9-332C08EC3443}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{470839D3-D327-43DD-ABD2-36ED9D34CB93}C:\users\svenja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\svenja\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{6B8D442D-B7DB-4E80-9956-497647CA9F33}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{6FAF252D-E0A8-4894-8670-B191E94A330C}C:\program files\spssinc\paswstatistics18\paswstat.exe" = protocol=17 | dir=in | app=c:\program files\spssinc\paswstatistics18\paswstat.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A353130-D22C-41DD-8C67-1B02A05F2CE0}" = Samsung Support Center
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5200" = Canon iP5200
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.0.0
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP79.DLL" = Canon iP5200
"Citavi" = Citavi 2.5
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader 5.0
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Google Chrome" = Google Chrome
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mobile Partner" = Mobile Partner
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.02.1578" = Opera 12.02
"PixelNet Foto Client" = PixelNet Foto Client 4.8
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/5/2012 10:28:21 AM | Computer Name = Ainhoa | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4711
 
Error - 7/5/2012 10:28:22 AM | Computer Name = Ainhoa | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/5/2012 10:28:22 AM | Computer Name = Ainhoa | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5787
 
Error - 7/5/2012 10:28:22 AM | Computer Name = Ainhoa | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5787
 
Error - 7/5/2012 10:28:23 AM | Computer Name = Ainhoa | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/5/2012 10:28:23 AM | Computer Name = Ainhoa | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6895
 
Error - 7/5/2012 10:28:23 AM | Computer Name = Ainhoa | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6895
 
Error - 7/5/2012 10:28:24 AM | Computer Name = Ainhoa | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/5/2012 10:28:24 AM | Computer Name = Ainhoa | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8439
 
Error - 7/5/2012 10:28:24 AM | Computer Name = Ainhoa | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8439
 
[ Cisco AnyConnect VPN Client Events ]
Error - 6/20/2012 7:19:15 AM | Computer Name = Ainhoa | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::createSingletonInstance File: .\MainThread.cpp
Line:
 529 Invoked Function: CMainThread::CMainThread Return Code: -31522784 (0xFE1F0020)
Description:
 SOCKETTRANSPORT_ERROR_BIND 
 
Error - 6/20/2012 7:19:15 AM | Computer Name = Ainhoa | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 316 Invoked
 Function: CMainThread::createSingletonInstance Return Code: -31522784 (0xFE1F0020)
Description:
 SOCKETTRANSPORT_ERROR_BIND 
 
Error - 6/20/2012 7:19:15 AM | Computer Name = Ainhoa | Source = vpnagent | ID = 67108866
Description = Function: service_main_NT File: .\Agent.cpp Line: 694 Invoked Function:
 WaitForSingleObject Return Code: 6 (0x00000006) Description: Das Handle ist ungültig.


 
Error - 6/20/2012 7:19:20 AM | Computer Name = Ainhoa | Source = vpnagent | ID = 67108866
Description = Function: CTcpListenTransport::initiateListening File: .\IPC\SocketTransport.cpp
Line:
 1832 Invoked Function: bind Return Code: 10013 (0x0000271D) Description: Der Zugriff
 auf einen Socket war aufgrund der Zugriffsrechte des Sockets unzulässig.   
 
Error - 6/20/2012 7:19:20 AM | Computer Name = Ainhoa | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::initiateIpcListening File: .\IPC\IPCDepot.cpp Line:
 364 Invoked Function: CTcpListenTransport::initiateListening Return Code: -31522784
 (0xFE1F0020) Description: SOCKETTRANSPORT_ERROR_BIND 
 
Error - 6/20/2012 7:19:20 AM | Computer Name = Ainhoa | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::startIpcDepot File: .\MainThread.cpp Line: 1097
Invoked
 Function: CIpcDepot::initiateIpcListening Return Code: -31522784 (0xFE1F0020) Description:
 SOCKETTRANSPORT_ERROR_BIND 
 
Error - 6/20/2012 7:19:20 AM | Computer Name = Ainhoa | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::CMainThread File: .\MainThread.cpp Line: 821 Invoked
 Function: CMainThread::startIpcDepot Return Code: -31522784 (0xFE1F0020) Description:
 SOCKETTRANSPORT_ERROR_BIND 
 
Error - 6/20/2012 7:19:20 AM | Computer Name = Ainhoa | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::createSingletonInstance File: .\MainThread.cpp
Line:
 529 Invoked Function: CMainThread::CMainThread Return Code: -31522784 (0xFE1F0020)
Description:
 SOCKETTRANSPORT_ERROR_BIND 
 
Error - 6/20/2012 7:19:20 AM | Computer Name = Ainhoa | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 316 Invoked
 Function: CMainThread::createSingletonInstance Return Code: -31522784 (0xFE1F0020)
Description:
 SOCKETTRANSPORT_ERROR_BIND 
 
Error - 6/20/2012 7:19:20 AM | Computer Name = Ainhoa | Source = vpnagent | ID = 67108866
Description = Function: service_main_NT File: .\Agent.cpp Line: 694 Invoked Function:
 WaitForSingleObject Return Code: 6 (0x00000006) Description: Das Handle ist ungültig.


 
[ Media Center Events ]
Error - 8/16/2010 3:15:24 PM | Computer Name = Ainhoa | Source = MCUpdate | ID = 0
Description = 21:15:23 - Fehler beim Herstellen der Internetverbindung.  21:15:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/16/2010 3:15:57 PM | Computer Name = Ainhoa | Source = MCUpdate | ID = 0
Description = 21:15:54 - Fehler beim Herstellen der Internetverbindung.  21:15:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/17/2010 12:11:17 PM | Computer Name = Ainhoa | Source = MCUpdate | ID = 0
Description = 18:11:16 - Fehler beim Herstellen der Internetverbindung.  18:11:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/17/2010 12:11:49 PM | Computer Name = Ainhoa | Source = MCUpdate | ID = 0
Description = 18:11:46 - Fehler beim Herstellen der Internetverbindung.  18:11:46 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/17/2010 1:12:40 PM | Computer Name = Ainhoa | Source = MCUpdate | ID = 0
Description = 19:12:40 - Fehler beim Herstellen der Internetverbindung.  19:12:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/17/2010 1:13:12 PM | Computer Name = Ainhoa | Source = MCUpdate | ID = 0
Description = 19:13:09 - Fehler beim Herstellen der Internetverbindung.  19:13:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/17/2010 3:09:47 PM | Computer Name = Ainhoa | Source = MCUpdate | ID = 0
Description = 21:09:47 - Fehler beim Herstellen der Internetverbindung.  21:09:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/17/2010 3:10:17 PM | Computer Name = Ainhoa | Source = MCUpdate | ID = 0
Description = 21:10:16 - Fehler beim Herstellen der Internetverbindung.  21:10:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/17/2010 7:00:12 PM | Computer Name = Ainhoa | Source = MCUpdate | ID = 0
Description = 01:00:12 - Fehler beim Herstellen der Internetverbindung.  01:00:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/17/2010 7:00:44 PM | Computer Name = Ainhoa | Source = MCUpdate | ID = 0
Description = 01:00:41 - Fehler beim Herstellen der Internetverbindung.  01:00:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 10/25/2012 6:10:49 AM | Computer Name = Ainhoa | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10/25/2012 6:19:28 AM | Computer Name = Ainhoa | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10/25/2012 6:19:28 AM | Computer Name = Ainhoa | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10/25/2012 6:23:07 AM | Computer Name = Ainhoa | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10/25/2012 6:23:34 AM | Computer Name = Ainhoa | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10/25/2012 7:41:40 AM | Computer Name = Ainhoa | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 10/25/2012 7:41:43 AM | Computer Name = Ainhoa | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10/25/2012 7:41:43 AM | Computer Name = Ainhoa | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10/25/2012 7:46:42 AM | Computer Name = Ainhoa | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10/25/2012 7:51:17 AM | Computer Name = Ainhoa | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >

--- --- ---

Nr. 2

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10/25/2012 1:44:43 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Svenja\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.62% Memory free
5.98 Gb Paging File | 4.66 Gb Available in Paging File | 77.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 55.30 Gb Free Space | 39.08% Space Free | Partition Type: NTFS
Drive D: | 1.89 Gb Total Space | 0.43 Gb Free Space | 22.94% Space Free | Partition Type: FAT32
 
Computer Name: AINHOA | User Name: Svenja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Svenja\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Users\Svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\HPSIsvc.exe (HP)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - \\?\C:\windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll ()
MOD - C:\windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
MOD - C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HPSIService) -- C:\Windows\System32\HPSIsvc.exe (HP)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vpnva) -- system32\DRIVERS\vpnva.sys File not found
DRV - (hwusbfake) -- system32\DRIVERS\ewusbfake.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (mvusbews) -- C:\Windows\System32\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (CryptOSD) -- C:\Windows\System32\drivers\CryptOSD.sys (Phoenix Technologies Ltd.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2339853823-2107313754-116825072-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011/08/12 20:15:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/22 20:18:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/06/10 18:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Svenja\AppData\Roaming\mozilla\Extensions
[2012/10/02 13:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Svenja\AppData\Roaming\mozilla\Firefox\Profiles\fqelcgji.default\extensions
[2012/07/31 14:03:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Svenja\AppData\Roaming\mozilla\Firefox\Profiles\fqelcgji.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/07/26 08:36:52 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Svenja\AppData\Roaming\mozilla\firefox\profiles\fqelcgji.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/02 12:34:05 | 000,000,642 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\mozilla\firefox\profiles\fqelcgji.default\searchplugins\search-safer.xml
[2012/10/02 13:25:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/06/20 12:59:45 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010/06/10 18:13:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\Svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn\1.0.0_0\
CHR - Extension: No name found = C:\Users\Svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\Svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb\1.0.6_0\
CHR - Extension: No name found = C:\Users\Svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
 
O1 HOSTS File: ([2012/10/25 11:02:05 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-21-2339853823-2107313754-116825072-1001..\Run: [EPSON Stylus DX4000 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Svenja\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25E5EC99-7CB0-4BB6-8BCE-20C4774EC441}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F25D5C4-4424-4C27-87BC-F4D72E857695}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3269D983-67ED-432E-81E0-FB82FE7FD53C}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC1D0B97-808D-4314-B978-D70926A2E3CF}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBDFAB2B-910A-440B-9C10-99BB89CE3500}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16cc7e69-02eb-11e1-86a6-98b2ad46e3f0}\Shell - "" = AutoRun
O33 - MountPoints2\{16cc7e69-02eb-11e1-86a6-98b2ad46e3f0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{67670b30-f4e1-11e0-971b-c2e30368c5f6}\Shell - "" = AutoRun
O33 - MountPoints2\{67670b30-f4e1-11e0-971b-c2e30368c5f6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{71a17970-3d5a-11e1-914f-9cf8d9222817}\Shell - "" = AutoRun
O33 - MountPoints2\{71a17970-3d5a-11e1-914f-9cf8d9222817}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{71a17986-3d5a-11e1-914f-9cf8d9222817}\Shell - "" = AutoRun
O33 - MountPoints2\{71a17986-3d5a-11e1-914f-9cf8d9222817}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{73538194-41e8-11e1-a285-a07adf532287}\Shell - "" = AutoRun
O33 - MountPoints2\{73538194-41e8-11e1-a285-a07adf532287}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{735381b8-41e8-11e1-a285-a07adf532287}\Shell - "" = AutoRun
O33 - MountPoints2\{735381b8-41e8-11e1-a285-a07adf532287}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{958a3554-c502-11e0-b9a2-c426a42505fd}\Shell - "" = AutoRun
O33 - MountPoints2\{958a3554-c502-11e0-b9a2-c426a42505fd}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9d9df0df-53f9-11df-bae8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9df0df-53f9-11df-bae8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\wubi.exe
O33 - MountPoints2\{ef622c49-c5e2-11e0-8f8b-da345cb110e6}\Shell - "" = AutoRun
O33 - MountPoints2\{ef622c49-c5e2-11e0-8f8b-da345cb110e6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\wubi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/25 10:58:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/23 22:57:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Svenja\Desktop\OTL.exe
[2012/10/23 22:21:24 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/10/23 22:21:24 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/10/23 22:20:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2012/10/08 23:34:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Svenja\Documents\OTL.exe
[2012/10/06 22:46:21 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\Opera
[2012/10/06 22:46:21 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Local\Opera
[2012/10/06 22:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/10/06 22:45:21 | 012,272,352 | ---- | C] (Opera Software ASA) -- C:\Users\Svenja\Desktop\Opera_1202_int_Setup.exe
[2012/10/04 22:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/02 18:39:30 | 000,000,000 | ---D | C] -- C:\Sichern
[2012/10/02 17:16:30 | 017,653,976 | ---- | C] (Mozilla) -- C:\Users\Svenja\Desktop\Firefox Setup 15.0.1.exe
[2012/10/02 14:47:10 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\Malwarebytes
[2012/10/02 14:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/02 14:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/02 14:47:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/10/02 14:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/02 12:51:35 | 000,000,000 | ---D | C] -- C:\Users\Svenja\eTeks
[2012/10/02 12:40:06 | 032,741,848 | ---- | C] (eTeks                                                       ) -- C:\Users\Svenja\Desktop\SweetHome3D-3.6-windows-oc.exe
[2012/10/02 12:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IKEA HomePlanner
[2012/10/02 12:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner
[2012/10/02 12:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/25 13:46:06 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/10/25 13:46:06 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/10/25 13:46:06 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/10/25 13:46:06 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/10/25 13:41:47 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/25 13:41:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/25 11:31:40 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/25 11:29:17 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 11:29:17 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 11:22:13 | 000,000,374 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[2012/10/25 11:21:40 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/25 11:02:05 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/10/23 22:57:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Svenja\Desktop\OTL.exe
[2012/10/09 19:44:19 | 000,538,327 | ---- | M] () -- C:\Users\Svenja\Desktop\adwcleaner.exe
[2012/10/08 23:35:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Svenja\Documents\OTL.exe
[2012/10/06 22:46:13 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/10/06 22:45:45 | 012,272,352 | ---- | M] (Opera Software ASA) -- C:\Users\Svenja\Desktop\Opera_1202_int_Setup.exe
[2012/10/02 17:17:07 | 017,653,976 | ---- | M] (Mozilla) -- C:\Users\Svenja\Desktop\Firefox Setup 15.0.1.exe
[2012/10/02 14:47:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/02 14:00:24 | 000,302,592 | ---- | M] () -- C:\Users\Svenja\Desktop\qqgy4u6z.exe
[2012/10/02 13:53:44 | 000,000,120 | ---- | M] () -- C:\Users\Svenja\Desktop\redirect-to.htm
[2012/10/02 12:40:23 | 032,741,848 | ---- | M] (eTeks                                                       ) -- C:\Users\Svenja\Desktop\SweetHome3D-3.6-windows-oc.exe
[2012/10/02 12:32:40 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2012/10/02 12:32:03 | 020,488,704 | ---- | M] () -- C:\Users\Svenja\Desktop\IKEA_Home_Planner_FY10.exe
 
========== Files Created - No Company Name ==========
 
[2012/10/09 19:44:19 | 000,538,327 | ---- | C] () -- C:\Users\Svenja\Desktop\adwcleaner.exe
[2012/10/06 22:46:13 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/10/06 22:46:13 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/10/02 14:47:07 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/02 14:00:20 | 000,302,592 | ---- | C] () -- C:\Users\Svenja\Desktop\qqgy4u6z.exe
[2012/10/02 13:53:43 | 000,000,120 | ---- | C] () -- C:\Users\Svenja\Desktop\redirect-to.htm
[2012/10/02 12:32:40 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2012/10/02 12:31:55 | 020,488,704 | ---- | C] () -- C:\Users\Svenja\Desktop\IKEA_Home_Planner_FY10.exe
[2012/07/24 12:00:44 | 001,511,424 | ---- | C] () -- C:\windows\System32\HP1100SM.EXE
[2012/07/24 12:00:43 | 000,151,552 | ---- | C] () -- C:\windows\System32\HP1100LM.DLL
[2012/07/24 12:00:28 | 000,284,160 | ---- | C] () -- C:\windows\System32\mvhlewsi.dll
[2012/07/24 12:00:22 | 000,081,920 | ---- | C] () -- C:\windows\System32\mvusbews.dll
[2012/07/24 12:00:21 | 000,054,272 | ---- | C] () -- C:\windows\System32\HP1100SMs.dll
[2012/05/06 23:25:46 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012/05/06 23:25:46 | 000,000,034 | ---- | C] () -- C:\windows\System32\BD5280DW.DAT
[2011/12/20 13:23:00 | 000,006,656 | ---- | C] () -- C:\Users\Svenja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/25 11:45:02 | 000,001,473 | ---- | C] () -- C:\Users\Svenja\.recently-used.xbel
[2010/06/10 18:15:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---

cosinus · 25.10.2012, 13:15

Sieht gut aus

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Ainhoa · 29.10.2012, 15:43

Hmm.Habe das grad versucht. Leider wurde auf einmal der Bildschirm blau mit der MEldung der Computer würde jetzt zum schutz heruntergefahren.. Wie soll ich jetzt weiter vorgehen???

Danke!

cosinus · 29.10.2012, 18:01

Nochmal versuchen. Außerdem hab ich noch was gepostet:

Zitat:

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Ainhoa · 30.10.2012, 13:21

So, jetzt aber:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-30 12:56:33
-----------------------------
12:56:33.657    OS Version: Windows 6.1.7600 
12:56:33.657    Number of processors: 4 586 0x2502
12:56:33.657    ComputerName: AINHOA  UserName: Svenja
12:56:35.187    Initialize success
12:56:49.461    AVAST engine defs: 12102900
12:56:59.539    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:56:59.539    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
12:56:59.554    Disk 0 MBR read successfully
12:56:59.554    Disk 0 MBR scan
12:56:59.586    Disk 0 unknown MBR code
12:56:59.601    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
12:56:59.632    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
12:56:59.648    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       144890 MB offset 31664128
12:56:59.679    Disk 0 Partition 4 00     83        Linux            144893 MB offset 328398848
12:56:59.695    Disk 0 scanning sectors +625139712
12:56:59.773    Disk 0 scanning C:\windows\system32\drivers
12:57:11.520    Service scanning
12:57:34.078    Modules scanning
12:57:45.498    Disk 0 trace - called modules:
12:57:45.529    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
12:57:45.544    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87337030]
12:57:45.544    3 CLASSPNP.SYS[8c1d459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x872c5028]
12:57:45.560    Scan finished successfully
13:20:41.185    Disk 0 MBR has been saved successfully to "C:\Users\Svenja\Desktop\MBR.dat"
13:20:41.201    The log file has been saved successfully to "C:\Users\Svenja\Desktop\aswMBR.txt"

cosinus · 31.10.2012, 17:50

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Wie bekomme ich ChatZum von meinem Computer?

Plagegeister aller Art und deren Bekämpfung: Wie bekomme ich ChatZum von meinem Computer?