Scrollen nicht mehr möglich/Google Chrome Rechtsklick nicht mehr möglich

JerseyGirl · 21.03.2012, 23:55

Liebe Forum-Mitglieder,

seit einigen Wochen stürzt mein Windows Explorer regelmässig ab. Seit gestern ist es im Explorer und in einigen anderen Windows-Programmen (z.B. Notepad) nicht mehr möglich, zu scrollen, egal ob mit der Maus oder mit den Pfeiltasten. Außerdem kann ich seit gestern in Google Chrome keinen Rechtsklick mehr ausführen sowie einige Funktionstasten nicht mehr anklicken.

Ich habe zunächst im Chrome Support Forum nach Hilfe gesucht, jedoch brachten zwei Neuinstallationen sowie eine Profiländerung keine Abhilfe. Daher liegt evtl. der Verdacht eines Malware-Befalls nahe.

Ich habe Scans mit Ad-Adware sowie Trojan Remover durchgeführt, jedoch ohne Ergebnis.

Ich habe eure Anweisungen so gut ich konnte befolgt und hoffe, ich habe alles richtig gemacht (leider konnte ich den McAfee nicht ausschalten - falls das ein Außschlusskriterium ist, kann mir jemand vielleicht einen Tipp geben und ich scanne neu?) und hoffe nun sehr, dass mir jemand helfen kann. Vielen Dank im Voraus!

Am Ende des GMER Scans kam die Meldung
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity

Hier mein dds logfile:

.DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_29
Run by Sandra at 23:10:38 on 2012-03-21
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3067.1866 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\PLFSetI.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Sandra\AppData\Local\Akamai\netsession_win.exe
C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\FRITZ!DSL\FwebProt.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Sandra\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Program Files\FRITZ!DSL\StCenter.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=156.56.250.226:3128
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Akamai NetSession Interface] "c:\users\sandra\appdata\local\akamai\netsession_win.exe"
uRun: [Google Update] "c:\users\sandra\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
dRun: [FRITZ!protect] FwebProt.exe
StartupFolder: c:\users\sandra\appdata\roaming\micros~1\windows\startm~1\programs\startup\fritz!~1.lnk - c:\program files\fritz!dsl\FwebProt.exe
StartupFolder: c:\users\sandra\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - c:\users\sandra\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\sandra\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\fritz!dsl\\sarah.dll
Trusted Zone: lht-portal.de\leos
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{1A9B0331-8D93-4DF5-8555-7BAFF79C3F04} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{38D8F68E-6BAD-45C8-8E40-E000C3BBE0F7} : DhcpNameServer = 192.168.1.104 192.168.1.102
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-7 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-5-14 343664]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-21 135664]
R2 IGDCTRL;AVM IGD CTRL Service;c:\program files\fritz!dsl\IGDCTRL.EXE [2009-7-28 73528]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-10-22 21256]
R2 McAfeeFramework;McAfee Framework-Dienst;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-10-22 146448]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-10-22 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-14 70728]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-6-24 91456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-5-14 91672]
R3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-10-28 2152152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-12 54632]
S3 fsssvc;Windows Live Family Safety-Dienst;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-21 135664]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-5-14 43288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-5-14 65448]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-18 19968]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-10-19 64032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-11 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-11 52224]
.
=============== Created Last 30 ================
.
2012-03-21 21:43:50	388096	----a-r-	c:\users\sandra\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-21 21:43:48	--------	d-----w-	c:\program files\TrendMicro
2012-03-21 21:28:29	--------	d-----w-	c:\program files\Trend Micro
2012-03-20 22:31:16	75264	----a-w-	c:\windows\system32\unacev2.dll
2012-03-20 22:31:16	153088	----a-w-	c:\windows\system32\UNRAR3.dll
2012-03-20 22:31:09	--------	d-----w-	c:\users\sandra\appdata\roaming\Simply Super Software
2012-03-20 22:31:09	--------	d-----w-	c:\programdata\Simply Super Software
2012-03-20 22:31:09	--------	d-----w-	c:\program files\Trojan Remover
2012-03-14 08:56:59	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-14 08:56:58	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 08:39:34	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 08:39:32	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 08:39:01	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 08:39:01	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:39:00	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 08:38:58	919040	----a-w-	c:\windows\system32\rdpcorets.dll
2012-03-14 08:38:57	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 08:38:56	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 08:38:55	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-11 18:05:28	--------	d-----w-	c:\program files\iPod
2012-03-11 00:19:03	--------	d-----w-	c:\users\sandra\appdata\local\DDMSettings
.
==================== Find3M  ====================
.
2012-03-11 17:52:18	47	----a-w-	c:\users\sandra\appdata\roaming\tigersetting.dll
2012-01-04 08:58:41	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-01-04 00:48:42	354176	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-30 05:27:56	478720	----a-w-	c:\windows\system32\timedate.cpl
.
============= FINISH: 23:11:08,91 ===============

--- --- ---

cosinus · 24.03.2012, 19:15

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

JerseyGirl · 25.03.2012, 21:20

Vielen Dank erstmal für die Antwort.
Hier schon mal der Malwarebytes log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sandra :: ACERCHEN [Administrator]

Schutz: Aktiviert

25.03.2012 12:44:45
mbam-log-2012-03-25 (12-44-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 332762
Laufzeit: 1 Stunde(n), 44 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Den anderen Scan werde ich voraussichtlich morgen vormittag durchführen.

Viele Grüße
Sandra

cosinus · 26.03.2012, 14:16

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

JerseyGirl · 26.03.2012, 15:04

Nein, ich hab vorher noch nie mit Malwarebytes gescannt.
AUSSERDEM hat sich das Problem mit dem Scrollen und Rechtsklicken plötzlich von selber erledigt - es funktioniert jetzt wieder (schon vor dem Malwarebytes-Scan). Da mir das aber trotzdem alles sehr merkwürdig vorkommt (kann es sein dass mein Windows 7 Profil irgendwie ne Macke hat?!?), hier noch die Ergebnisse des ESET Scans:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dddee102ae0d364992a3eb16a4f26c1e
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 09:20:31
# local_time=2012-03-25 11:20:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 27401954 84338394 0 0
# compatibility_mode=8192 67108863 100 0 300 300 0 0
# scanned=53464
# found=10
# cleaned=0
# scan_time=3228
C:\Documents and Settings\All Users\Anwendungsdaten\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Documents and Settings\All Users\Application Data\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Documents and Settings\All Users\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Documents and Settings\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0006ed	a variant of Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Documents and Settings\Sandra\Downloads\registrybooster (1).exe	a variant of Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Documents and Settings\Sandra\Downloads\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\All Users\Application Data\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\All Users\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0006ed	a variant of Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dddee102ae0d364992a3eb16a4f26c1e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-26 01:41:58
# local_time=2012-03-26 03:41:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 27454223 84390663 0 0
# compatibility_mode=8192 67108863 100 0 52569 52569 0 0
# scanned=231557
# found=18
# cleaned=0
# scan_time=9846
C:\Documents and Settings\All Users\Anwendungsdaten\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Documents and Settings\All Users\Application Data\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Documents and Settings\All Users\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Documents and Settings\Sandra\Downloads\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\All Users\Application Data\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\All Users\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\Sandra\Downloads\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Win7codecs\Tools\renderer32.exe	Win32/Packed.Autoit.E.Gen application (unable to clean)	00000000000000000000000000000000	I
C:\ProgramData\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Win7codecs\Tools\renderer32.exe	Win32/Packed.Autoit.E.Gen application (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\Anwendungsdaten\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\Application Data\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\Win7codecs\{F939D6AB-D68C-45D4-9E94-59CE851B7C3F}\Win7codecs.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sandra\Downloads\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\98b792.msi	multiple threats (unable to clean)	00000000000000000000000000000000	I

Den Registry Booster, der hier erscheint, habe ich nur mal kurz installiert und dann gleich wieder deinstalliert.
Vielen Dank für die Hilfe!

cosinus · 26.03.2012, 18:21

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

JerseyGirl · 26.03.2012, 21:16

Sorry, aber der OLT hängt sich immer auf und bringt als Fehlermeldung 'Out of memory'

cosinus · 27.03.2012, 10:20

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

JerseyGirl · 27.03.2012, 14:54

OLT txt:

Code:

ATTFilter

OTL logfile created on: 27.03.2012 15:25:48 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Sandra\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,66% Memory free
5,99 Gb Paging File | 4,89 Gb Available in Paging File | 81,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 54,55 Gb Free Space | 37,87% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 32,32 Gb Free Space | 23,01% Space Free | Partition Type: NTFS
 
Computer Name: ACERCHEN | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sandra\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Sandra\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Programme\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Programme\McAfee\Common Framework\cryptocme2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll ()
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (MotoConnect Service) -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 7A 76 CA EF 29 CC 01  [binary data]
IE - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\..\SearchScopes\{2DB5DC80-E4E6-429E-8943-EE6F8E737962}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=156.56.250.226:3128
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Sandra\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.11 02:17:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.18 11:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.01.21 18:10:45 | 000,000,000 | ---D | M]
 
[2010.08.21 01:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions
[2010.08.21 01:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.07.20 19:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\73et16ye.default\extensions
[2010.05.08 00:16:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\73et16ye.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.08 00:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\7up16tcy.Test\extensions
[2010.05.08 00:16:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\7up16tcy.Test\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.21 14:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.04 20:12:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.22 18:57:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.06 22:24:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.14 21:31:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.22 20:02:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.17 23:18:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.20 20:32:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
File not found (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.04.01 23:45:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.04 20:12:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.22 18:57:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.06 22:24:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.14 21:31:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.22 20:02:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.17 23:18:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2009.10.22 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Sandra\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000..\Run: [Akamai NetSession Interface] C:\Users\Sandra\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3096772320-3513131272-1492561160-1000\..Trusted Domains: lht-portal.de ([leos] https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A9B0331-8D93-4DF5-8555-7BAFF79C3F04}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38D8F68E-6BAD-45C8-8E40-E000C3BBE0F7}: DhcpNameServer = 192.168.1.104 192.168.1.102
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.25 22:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.24 23:45:25 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Malwarebytes
[2012.03.24 23:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.24 23:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.24 23:45:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.24 23:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.24 01:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.24 01:18:29 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Wise Disk Cleaner
[2012.03.24 01:02:54 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Wise Registry Cleaner
[2012.03.24 01:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
[2012.03.24 01:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2012.03.24 01:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2012.03.24 01:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2012.03.23 00:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.23 00:48:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.03.23 00:48:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.03.23 00:48:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.03.23 00:28:39 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012.03.21 23:43:52 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.03.21 23:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2012.03.21 23:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.03.21 17:59:20 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.03.21 00:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.03.21 00:31:24 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Documents\Simply Super Software
[2012.03.14 10:56:59 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.03.14 10:56:58 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.14 10:39:34 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 10:39:32 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 10:39:01 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.14 10:39:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.14 10:39:00 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.14 10:38:58 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012.03.14 10:38:57 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.03.11 20:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.11 20:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.11 02:19:03 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\DDMSettings
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.27 15:26:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3096772320-3513131272-1492561160-1000UA.job
[2012.03.27 15:20:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.27 15:20:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.27 10:49:21 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.27 10:49:21 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.27 10:49:21 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.27 10:49:21 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.27 10:48:09 | 000,014,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 10:48:09 | 000,014,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 10:40:29 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.27 10:40:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.27 10:40:02 | 2411,876,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.26 23:26:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3096772320-3513131272-1492561160-1000Core.job
[2012.03.26 23:02:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.03.26 23:02:55 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.03.24 23:45:09 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.24 01:02:20 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
[2012.03.24 01:01:27 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2012.03.23 12:21:42 | 000,002,406 | ---- | M] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2012.03.23 00:48:07 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.03.23 00:48:07 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.03.23 00:48:06 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.03.23 00:48:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.03.23 00:00:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.03.22 00:47:04 | 000,004,694 | ---- | M] () -- C:\Users\Sandra\Desktop\ATTACHGMER.zip
[2012.03.22 00:46:29 | 000,002,073 | ---- | M] () -- C:\Users\Sandra\Desktop\GMER.7z
[2012.03.22 00:03:52 | 000,000,000 | ---- | M] () -- C:\Users\Sandra\defogger_reenable
[2012.03.21 23:43:52 | 000,003,013 | ---- | M] () -- C:\Users\Sandra\Desktop\HiJackThis.lnk
[2012.03.21 13:01:31 | 000,282,913 | ---- | M] () -- C:\Users\Sandra\AppData\Local\census.cache
[2012.03.21 13:01:12 | 000,145,940 | ---- | M] () -- C:\Users\Sandra\AppData\Local\ars.cache
[2012.03.21 12:49:15 | 000,000,036 | ---- | M] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2012.03.17 19:01:57 | 000,527,649 | ---- | M] () -- C:\Users\Sandra\Documents\LH_WEBCKI.DE.STANDALONE.Z9CAtndYNmdO0GXn1XDfw4.pdf
[2012.03.14 12:40:39 | 000,410,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.11 20:06:58 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.11 19:52:59 | 000,124,036 | ---- | M] () -- C:\Users\Sandra\Documents\kl.pdf
[2012.03.11 19:52:18 | 000,000,047 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\tigersetting.dll
[2012.03.11 02:17:55 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012.03.11 02:17:55 | 000,001,590 | ---- | M] () -- C:\Users\Sandra\Desktop\DivX Movies.lnk
[2012.03.11 02:17:19 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012.03.06 01:49:14 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.05 15:06:00 | 000,132,479 | ---- | M] () -- C:\Users\Sandra\Documents\TRAIN TICKETS.pdf
[2012.02.29 23:19:09 | 000,092,855 | ---- | M] () -- C:\Users\Sandra\Documents\LH Ausweis.jpeg
[2012.02.27 23:30:51 | 000,063,720 | ---- | M] () -- C:\Users\Sandra\Documents\pdf.pdf
 
========== Files Created - No Company Name ==========
 
[2012.03.27 10:40:29 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.24 23:45:09 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.24 01:02:20 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
[2012.03.24 01:01:27 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2012.03.22 00:47:04 | 000,004,694 | ---- | C] () -- C:\Users\Sandra\Desktop\ATTACHGMER.zip
[2012.03.22 00:46:29 | 000,002,073 | ---- | C] () -- C:\Users\Sandra\Desktop\GMER.7z
[2012.03.22 00:03:52 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\defogger_reenable
[2012.03.21 23:43:52 | 000,003,013 | ---- | C] () -- C:\Users\Sandra\Desktop\HiJackThis.lnk
[2012.03.21 17:59:23 | 000,002,406 | ---- | C] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2012.03.21 13:01:31 | 000,282,913 | ---- | C] () -- C:\Users\Sandra\AppData\Local\census.cache
[2012.03.21 13:01:12 | 000,145,940 | ---- | C] () -- C:\Users\Sandra\AppData\Local\ars.cache
[2012.03.21 12:49:15 | 000,000,036 | ---- | C] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2012.03.21 01:15:39 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3096772320-3513131272-1492561160-1000UA.job
[2012.03.21 01:15:38 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3096772320-3513131272-1492561160-1000Core.job
[2012.03.17 19:01:54 | 000,527,649 | ---- | C] () -- C:\Users\Sandra\Documents\LH_WEBCKI.DE.STANDALONE.Z9CAtndYNmdO0GXn1XDfw4.pdf
[2012.03.11 20:06:58 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.11 19:52:58 | 000,124,036 | ---- | C] () -- C:\Users\Sandra\Documents\kl.pdf
[2012.03.11 02:17:19 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012.03.05 15:05:59 | 000,132,479 | ---- | C] () -- C:\Users\Sandra\Documents\TRAIN TICKETS.pdf
[2012.02.29 23:19:34 | 000,092,855 | ---- | C] () -- C:\Users\Sandra\Documents\LH Ausweis.jpeg
[2012.02.27 23:30:47 | 000,063,720 | ---- | C] () -- C:\Users\Sandra\Documents\pdf.pdf
[2012.01.31 19:17:28 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\AppData\Local\{E0C95C02-4BF6-4B5F-A619-5E6046EB07A2}
[2012.01.21 18:09:13 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\AppData\Local\{60917CE7-5397-4324-909B-6132AEC66863}
[2012.01.20 21:35:29 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\AppData\Local\{ECF267C7-C2AB-4263-8885-4E263688CAB8}
[2012.01.19 21:28:15 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\AppData\Local\{D5A15E0F-9DAC-4DAF-BD91-306501B760C5}
[2011.12.12 16:39:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.11.24 14:38:27 | 000,000,280 | ---- | C] () -- C:\Windows\LilliS.ini
[2011.11.08 01:15:06 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.07.23 19:54:35 | 000,001,490 | ---- | C] () -- C:\Users\Sandra\AppData\Local\RecConfig.xml
[2011.06.21 22:27:31 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\AppData\Local\{A4BB1B96-4935-4D44-8626-A5134FCEE6F3}
[2011.04.25 21:48:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.25 21:48:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.11 19:35:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.11 19:34:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.07.16 17:38:48 | 000,000,047 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\tigersetting.dll
[2010.06.12 23:51:34 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.06.12 23:39:34 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.06.12 23:39:34 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010.06.12 23:39:34 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\Sandra\Documents\LH Ausweis.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

Extras.TXT:

Code:

ATTFilter

OTL Extras logfile created on: 27.03.2012 15:25:48 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Sandra\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,66% Memory free
5,99 Gb Paging File | 4,89 Gb Available in Paging File | 81,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 54,55 Gb Free Space | 37,87% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 32,32 Gb Free Space | 23,01% Space Free | Partition Type: NTFS
 
Computer Name: ACERCHEN | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MergeModules
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1" = PDFTigerDriver
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Nur Web
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DE252510-5687-4C60-A705-C43E19F12C9D}_is1" = PDFTiger Kernel
"{DF71EB8A-6E59-4249-BCB8-38EC406E4353}" = CIB pdf brewer
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E492D84D-F8CB-48C7-A78C-D62537D5AE46}" = GMX SMS-Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.6 (Build 124)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"CCleaner" = CCleaner
"com.unitedinternet.ums.sms-mms-manager" = GMX SMS-Manager
"Defraggler" = Defraggler
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoConnect" = MotoConnect 1.1.31
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"PDF Blender" = PDF Blender
"PDFTiger_is1" = PDFTiger
"RarZilla Free Unrar" = RarZilla Free Unrar
"ULTIMATER" = Microsoft Office Ultimate 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.11
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3096772320-3513131272-1492561160-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.03.2012 14:12:38 | Computer Name = Acerchen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.03.2012 14:12:38 | Computer Name = Acerchen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5283848
 
Error - 26.03.2012 14:12:38 | Computer Name = Acerchen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5283848
 
Error - 26.03.2012 14:12:40 | Computer Name = Acerchen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.03.2012 14:12:40 | Computer Name = Acerchen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5285533
 
Error - 26.03.2012 14:12:40 | Computer Name = Acerchen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5285533
 
Error - 26.03.2012 15:39:31 | Computer Name = Acerchen | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce78ca9  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c380b  ID des fehlerhaften
 Prozesses: 0x67c  Startzeit der fehlerhaften Anwendung: 0x01cd0b80ea812b99  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 67ff7202-777b-11e1-970f-00238b1c4945
 
Error - 27.03.2012 09:20:13 | Computer Name = Acerchen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 27.03.2012 09:20:13 | Computer Name = Acerchen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15894911
 
Error - 27.03.2012 09:20:13 | Computer Name = Acerchen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15894911
 
[ OSession Events ]
Error - 10.02.2011 16:19:06 | Computer Name = Acerchen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.03.2012 04:49:29 | Computer Name = Acerchen | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 26.03.2012 04:50:29 | Computer Name = Acerchen | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 26.03.2012 04:51:29 | Computer Name = Acerchen | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 26.03.2012 04:52:29 | Computer Name = Acerchen | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 26.03.2012 04:53:29 | Computer Name = Acerchen | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 26.03.2012 04:54:29 | Computer Name = Acerchen | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 26.03.2012 04:55:29 | Computer Name = Acerchen | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 26.03.2012 04:56:29 | Computer Name = Acerchen | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 26.03.2012 04:57:29 | Computer Name = Acerchen | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 26.03.2012 05:00:42 | Computer Name = Acerchen | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?03.?2012 um 10:43:59 unerwartet heruntergefahren.
 
 
< End of report >

JerseyGirl · 30.03.2012, 22:17

Das Google Chrome Rechtsklick und das Windows Scroll Problem sind jetzt wieder da...

cosinus · 30.03.2012, 23:13

Sry hab deinen Strang übersehen

Zitat:

O2 - BHO: (DivX Plus Web Player HTML5 <video>)

Sagmal gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
Gerade solche Streamingseiten sind für die aktuelle Welle der Erpresserschädlinge verantwortlich, die Windows blockieren und 50 oder 100 EUR erpressen wollen!!

JerseyGirl · 30.03.2012, 23:53

Uhm nö, ich gucke nix über irgendwelche dubiosen Portale?!? Nur youtube und myvideo, meine Musik lade ich bei Amazon runter?!

cosinus · 02.04.2012, 09:05

Ja und wozu brauchst du dann Divx? Deinstallier es bitte komplett. Mach dann wieder ein neues OTL-Log

JerseyGirl · 03.04.2012, 22:41

Sorry, war ungeduldig und hab am Wochenende mein Laptop neu installiert mit Windows 7. Trotzdem danke nochmal! Kannst den Thread dann löschen oder zumachen oder wie auch immer ihr das handhabt :-)

26.03.2012, 14:16	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Scrollen nicht mehr möglich/Google Chrome Rechtsklick nicht mehr möglich Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

02.04.2012, 09:05	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Scrollen nicht mehr möglich/Google Chrome Rechtsklick nicht mehr möglich Ja und wozu brauchst du dann Divx? Deinstallier es bitte komplett. Mach dann wieder ein neues OTL-Log __________________ Logfiles bitte immer in CODE-Tags posten

Scrollen nicht mehr möglich/Google Chrome Rechtsklick nicht mehr möglich

Plagegeister aller Art und deren Bekämpfung: Scrollen nicht mehr möglich/Google Chrome Rechtsklick nicht mehr möglich