Hermes_V01

beastmaster · 20.07.2012, 19:17

Liebe Foristen,

auch ich habe vor wenigen Tagen von der Bank einen Brief erhalten, ich hätte den Trojaner "Hermes_V01" auf meinem Rechner.

Zu meiner Schande muss ich gestehen, dass mein Computerwissen unterirdisch ist.

Aber bevor ich Euch hier mit meinem Laientum nerve, habe ich die Anweisungen gelesen und versucht, diese auch zu befolgen, dementsprechend findet Ihr im Anhang die geforderten Logdateien. Ich hoffe sehr, dass ich da alles soweit richtig gemacht.

Vorweg möchte ich mich auch schon einmal bei den möglich Helfern bedanken!! Ich wäre Euch wirklich unendlich dankbar dafür, wenn Ihr mir eine kurze Hilfestellung dazu geben könntet, wie ich das blöde Ding schnellstmöglich wieder loswerde.

Ein schönes Wochenende an alle Foristen!

kira · 22.07.2012, 06:28

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Hast Du OTL falsch installiert:
OTL muss auf dem Desktop gespechert werden!
Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
also entfernen und erneut herunterladen:
-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
Nach installation in der Log-Datei soll etwa so aussehen:

Zitat:

Folder = C:\Users\***\Desktop

3.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

beastmaster · 22.07.2012, 16:50

Hallo Kira,

vielen Dank schon einmal für Deine Antwort!! Ich melde mich dann, wenn ich die Logfiles richtig erstellt habe.

Ich nochmal,

anbei jetzt die extras.txt und otl.txt, die ich jetzt als Administrator und vom Desktop aus ausgeführt habe...

Puuh, ist das viel Text!

Danke schon mal für jegliche Form der Hilfestellungen

Liebe Grüße

extras:

:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 22.07.2012 19:12:59 - Run 7
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Anja\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 71,26% Memory free
15,89 Gb Paging File | 13,43 Gb Available in Paging File | 84,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 558,89 Gb Free Space | 85,37% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,54 Gb Free Space | 91,54% Space Free | Partition Type: NTFS
Drive E: | 63,67 Gb Total Space | 32,41 Gb Free Space | 50,91% Space Free | Partition Type: NTFS
Drive G: | 3,91 Gb Total Space | 0,00 Gb Free Space | 0,05% Space Free | Partition Type: FAT32
 
Computer Name: ANJA-PC | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0591C32F-FE4D-4D52-928B-5D33AEF548D6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0BFA45AC-D94F-4723-BCAB-80C1DE3DCF75}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0ED2AB4F-9A07-4016-9442-C0EEF5F58B4A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{19F1BC3B-B897-4A8F-B8D3-64B78AD0DD3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E041922-EDEC-4D25-96FB-798768C78794}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31154085-BD77-4E0F-B806-695284914F20}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3B5F0A71-63B4-4E6D-8644-66AAA1C398FB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3CC2D1C1-7F3F-4EB3-B5C0-9E8552E6C077}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40396513-91F7-491D-9211-EC868D7470F3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D5B4452-B42B-4F64-A828-816E2B342C2E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5A8689AF-490A-4A87-98E9-36968E074363}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{60EF460D-4A05-4EC6-962A-C2814ED7EBD4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6A09EB51-3FB8-4F77-9FBC-532CCE802990}" = rport=445 | protocol=6 | dir=out | app=system | 
"{82C9F906-1B9A-41CE-81C1-F4AFAEB7AFEE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{962D02C4-F2A5-47DE-8A2C-B9AEB04B6038}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9D9D57AD-6ED2-4AE5-B6AE-3C4996FD395F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C293A6B0-CF86-42C5-8046-3B67A311ACD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEA99A2E-BA52-4D71-A4D3-F843C0C8996D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DD6E474F-7C87-4B21-A814-E61606CF8333}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DE73A56E-E61B-4D39-BE11-6D8B7480B9D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E669AD83-6529-4BEF-BBF6-3BDF4AC6F875}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC156D75-3C76-4213-9E90-7E9BE0C81590}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F8746051-76CB-4B6B-B4BB-DACAF33F0A73}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1520DE6B-360A-460B-8094-F4C4B0594153}" = protocol=6 | dir=out | app=system | 
"{1FAC6FD4-CDBB-4AE9-BE3D-4D38906773AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20E2304A-B4FC-49DE-ACD1-C8C75EB9BC2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{27157EF5-6E94-438F-9390-983AE6B561AE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{369F476A-1A9E-4EA4-8D1E-0BC303CA5D68}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4729FDE5-F5F5-401C-882E-41DEFFC7FAB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C03D387-820D-4963-B219-8D7154080C3B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5FF2A4C3-4283-4D42-8B0B-CD2DC4754422}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7349A4EF-ED83-4E3C-8801-375CDE0F45BC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{75E24883-FC5F-465B-AF87-FCE3945B93A8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{76A8719E-AE9C-4239-8A44-5ABBBBCC8858}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{7C16BB99-41F7-441B-B0C2-F1CD3A0917CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E81CB71-CBE5-4975-BF46-48469FDE2CE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8428EA95-6112-4685-8027-8C4512CB042D}" = protocol=17 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8ADA4724-1AD9-4294-B078-F9B671FCC6B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8BED7999-BA9F-4654-923E-3989EB4ADAF6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{93C84A97-E333-4342-A8F1-3F9E946186C0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9A500F27-BC27-48D3-911C-8E74B01447C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B0669848-42E3-4131-9327-0A1309997CF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2338C2A-11FC-4F52-ADB2-C783F8C5BD2A}" = protocol=6 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BB8F94A9-2D5F-40FF-90F9-20D209B119A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD9FA313-7033-47CA-A2E4-5F732D2D48EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1F10E06-E40A-4760-91B2-EE3C51A877FF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D4727B8A-8B14-4F1B-BB29-BB7C92E8A863}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E229D70A-3A43-4A5E-A5D4-7AF9D56743AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F518E643-F4A5-4BB9-986D-A9DB4EC15FF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F807BEFA-DC43-43EA-B9FC-A2DF536B67E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{B6E9B485-B6A0-4360-A4D6-D5377BF3DBC2}C:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3FD2A96C-5407-4CC2-AF13-68EE4BDDC456}C:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2A21DA0C-F50D-DF54-70AD-C0826158FBF2}" = ccc-utility64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6502B973-9DB9-683F-2BE3-4B83F54F78FF}" = WMV9/VC-1 Video Playback
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C3E6E2B5-DEB5-235A-4999-4D424C11788B}" = ATI Catalyst Install Manager
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"GIMP-2_is1" = GIMP 2.8.0
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0389A677-241F-6EEC-54B0-2D07F620776E}" = Catalyst Control Center Localization All
"{03D98FB6-0E27-5614-864A-961248BD89E8}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19555808-AF6B-9E99-366C-A2D8C6FB3D07}" = CCC Help English
"{19643FA2-3DDD-1C05-A474-E4FB28638F65}" = Catalyst Control Center InstallProxy
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{271B24E3-1505-B13A-BF3E-282CF0C54B68}" = PX Profile Update
"{29172463-C766-9812-F399-82380F03761A}" = CCC Help Korean
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{2E6D4F14-C94C-758B-46E4-9AD21852108F}" = CCC Help Portuguese
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DBFE2A1-945C-9F14-17F6-1F74CB4F82A5}" = CCC Help Japanese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4504861F-2770-D8F2-F0B1-B723FADF315F}" = CCC Help Polish
"{50210E48-FB67-0045-3853-C3FBEB470127}" = CCC Help French
"{5035C1F3-6147-3C83-3C39-37B6DBDAC163}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F1DD61A-0C22-E924-3A81-DFFCC14A5A97}" = CCC Help Russian
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A2BF2A-E7E5-BA48-7525-02BD5B7425C7}" = CCC Help Chinese Standard
"{744C5097-94C7-DE34-5B1F-43EDFDBD5E35}" = CCC Help Dutch
"{795062B9-1B7A-7ACA-1C7D-7B3D61F4116A}" = ccc-core-static
"{7D5B0DA2-9AAE-3ADF-B692-685EA3DC64C6}" = CCC Help Italian
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC173F3-DBEC-ED42-68EF-49BCB95FC49F}" = CCC Help Swedish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96A84750-A54D-C7C3-44AA-5C28C36C5640}" = CCC Help German
"{96B17AEC-9C54-0969-5613-4C9B33BFEAFF}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1751DF-188D-591B-3887-1825F597007A}" = CCC Help Spanish
"{A44B2324-CB46-A9F9-7FDC-7FD087AEC7FC}" = Catalyst Control Center Profiles Mobile
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD40A06A-77AB-4E2E-B2AA-FDE106A9977A}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B34E1065-711C-7B9E-C77D-9E071DAAFC31}" = CCC Help Finnish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA0F92C2-2012-0AF0-A2CE-62E220A0AF06}" = CCC Help Hungarian
"{BCFC4789-7C5E-B050-CBB1-8C6CA46990A8}" = CCC Help Greek
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCB6DF61-A144-02B4-EDC7-D7478AF7B27D}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7FC3EAE-C6D8-92D1-B065-29DECFD5A8E7}" = Catalyst Control Center Graphics Previews Common
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8B2AA7F-956F-D943-F1C0-42843041B108}" = CCC Help Czech
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC2C6FBD-01DC-36D8-5F4B-7033B00C9963}" = CCC Help Turkish
"7-Zip" = 7-Zip 9.20
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Samsung ML-1630 Series" = Samsung ML-1630 Series
"Scribus 1.4.1" = Scribus 1.4.1
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.2012 10:55:31 | Computer Name = Anja-PC | Source = VSS | ID = 8193
Description = 
 
Error - 29.06.2012 14:59:47 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 29.06.2012 14:59:47 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 29.06.2012 14:59:47 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 29.06.2012 20:16:14 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2012 10:18:01 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 01.07.2012 10:20:33 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2012 12:19:48 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2012 12:22:06 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 01.07.2012 17:32:16 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 18.07.2012 09:41:48 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.07.2012 18:41:21 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.07.2012 18:51:04 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.07.2012 18:54:20 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%109
 
Error - 18.07.2012 18:56:52 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.07.2012 18:57:25 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 SBSD Security Center Service erreicht.
 
Error - 18.07.2012 18:57:25 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 18.07.2012 19:10:06 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.07.2012 19:56:20 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 19.07.2012 12:30:20 | Computer Name = Anja-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "E:" können nicht gelesen werden.
 
 
< End of report >

--- --- ---

[/code]

und hier die otl.txt:

:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.07.2012 19:12:59 - Run 7
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Anja\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 71,26% Memory free
15,89 Gb Paging File | 13,43 Gb Available in Paging File | 84,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 558,89 Gb Free Space | 85,37% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,54 Gb Free Space | 91,54% Space Free | Partition Type: NTFS
Drive E: | 63,67 Gb Total Space | 32,41 Gb Free Space | 50,91% Space Free | Partition Type: NTFS
Drive G: | 3,91 Gb Total Space | 0,00 Gb Free Space | 0,05% Space Free | Partition Type: FAT32
 
Computer Name: ANJA-PC | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Anja\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Anja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9c5c9e0b5972a39696939f7009df4a08\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4621632eccd0b813535a27e737a8a03\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKCU\..\SearchScopes\{CCB0577D-57B9-4029-B04D-276402EFB52B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=eb225a76-09eb-45a1-be64-658118ce256e&apn_sauid=7E9C68CE-3790-494C-95F9-D7CFE2A4E5A2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=eb225a76-09eb-45a1-be64-658118ce256e&apn_ptnrs=%5EABT&apn_sauid=7E9C68CE-3790-494C-95F9-D7CFE2A4E5A2&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 11:54:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 11:54:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.23 20:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Extensions
[2012.06.29 16:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\y7rof3u4.default\extensions
[2012.06.24 01:57:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\y7rof3u4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.29 16:53:50 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\y7rof3u4.default\extensions\toolbar@ask.com
[2012.06.29 16:53:50 | 000,002,344 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\y7rof3u4.default\searchplugins\askcom.xml
[2012.07.04 08:40:43 | 000,002,101 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\y7rof3u4.default\searchplugins\googlede.xml
[2012.06.23 21:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.19 11:52:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.18 09:21:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Avira Toolbar = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Anja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F088891-61C1-4C1F-B317-41CDB74C211A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.22 19:12:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
[2012.07.22 18:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 18:09:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.07.22 18:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.19 02:49:23 | 000,000,000 | R--D | C] -- C:\Users\Anja\Dropbox
[2012.07.19 02:48:18 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.07.19 02:47:55 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Dropbox
[2012.07.19 02:27:40 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Malwarebytes
[2012.07.19 02:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.19 01:16:49 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Simply Super Software
[2012.07.19 01:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.07.19 01:16:45 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Simply Super Software
[2012.07.19 01:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.07.18 15:37:49 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\adaware
[2012.07.18 15:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.07.18 15:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.07.18 15:37:28 | 000,060,536 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbhips.sys
[2012.07.18 15:37:27 | 000,057,976 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbredrv.sys
[2012.07.18 15:37:27 | 000,045,936 | ---- | C] (GFI Software) -- C:\windows\SysNative\sbbd.exe
[2012.07.18 15:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.07.18 15:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012.07.18 15:37:12 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Downloaded Installations
[2012.07.18 15:35:39 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Ad-Aware Antivirus
[2012.07.18 15:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.07.18 15:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.18 15:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.07.18 14:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012.07.18 14:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.07.11 23:44:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.07.11 23:44:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.07.11 23:44:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.07.11 23:44:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.07.11 23:44:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.07.11 23:44:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.07.11 23:44:55 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.07.11 23:44:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.07.11 23:44:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.07.11 23:44:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.07.11 23:44:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.07.11 23:44:54 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.07.11 23:44:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.07.11 23:25:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012.07.11 23:25:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012.07.11 23:25:00 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012.07.11 23:24:59 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012.07.11 23:24:59 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012.07.07 19:42:26 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe
[2012.07.06 16:13:51 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Russisch B1.1
[2012.06.30 05:37:40 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Soundlabs
[2012.06.30 02:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.06.30 02:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.06.29 16:59:16 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Avira
[2012.06.29 16:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.29 16:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.06.29 16:53:39 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\APN
[2012.06.29 16:53:31 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012.06.29 16:53:31 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012.06.29 16:53:31 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012.06.29 16:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.29 16:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.27 19:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.06.27 19:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.06.27 19:21:48 | 000,000,000 | ---D | C] -- C:\Users\Anja\Desktop\OpenOffice.org 3.4 (de) Installation Files
[2012.06.27 14:01:42 | 000,000,000 | ---D | C] -- C:\windows\de
[2012.06.27 13:14:38 | 000,000,000 | ---D | C] -- C:\Users\Anja\.thumbnails
[2012.06.27 13:05:26 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{26575724-16A5-4626-9279-AC10E5FF262B}
[2012.06.27 13:05:15 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{EA2BE906-17A7-469E-99AF-7680166AED53}
[2012.06.27 13:05:04 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{85198240-934E-4BBA-A8BF-9AF18A8ED60F}
[2012.06.27 13:04:54 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{CAA22CD0-7A39-4609-A050-71B0F7EFC904}
[2012.06.27 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{172D028B-6BE3-4E94-BAC2-7BAE5F0FDF41}
[2012.06.27 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{8E2921EE-B937-43CE-89AB-1083AF78A305}
[2012.06.27 13:04:02 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{9070F943-6114-4E2C-8A3D-BF91EB0208F5}
[2012.06.27 13:03:51 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{07999DE0-6363-4F57-869B-EA023287FE1E}
[2012.06.27 12:11:00 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{3374EBD5-CA0A-4418-BB67-096747F9AF69}
[2012.06.27 09:06:06 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Unikram
[2012.06.27 09:04:55 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\*** und Mittelstand
[2012.06.27 08:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.06.26 16:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2012.06.26 16:06:12 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Conexant
[2012.06.26 14:55:36 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Anja2
[2012.06.26 14:42:07 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\download
[2012.06.26 14:34:06 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\eicfg_removal_utility
[2012.06.26 14:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.06.25 08:32:21 | 000,000,000 | ---D | C] -- C:\windows\Samsung
[2012.06.25 08:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung ML-1630 Series
[2012.06.25 08:22:22 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml2.dll
[2012.06.25 08:22:22 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml4r.dll
[2012.06.25 08:22:22 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\windows\SysWow64\ssdevm.dll
[2012.06.25 08:22:22 | 000,074,240 | ---- | C] (Samsung Electronics) -- C:\windows\SysNative\ssdevm64.dll
[2012.06.25 08:22:22 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\windows\SysWow64\ssusbpn.dll
[2012.06.25 08:22:22 | 000,047,104 | ---- | C] (Samsung Electronics) -- C:\windows\SysNative\ssusbp64.dll
[2012.06.25 08:22:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml4a.dll
[2012.06.25 08:22:22 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml2r.dll
[2012.06.25 08:22:22 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml2a.dll
[2012.06.25 08:21:48 | 000,011,576 | ---- | C] (Samsung Electronics) -- C:\windows\SysNative\drivers\SSPORT.SYS
[2012.06.25 08:21:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012.06.25 08:21:40 | 000,000,000 | ---D | C] -- C:\Temp
[2012.06.25 08:21:11 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012.06.25 08:21:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012.06.25 08:21:11 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012.06.24 15:43:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.06.24 15:00:32 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012.06.24 15:00:19 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2012.06.24 15:00:19 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2012.06.24 15:00:17 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012.06.24 15:00:16 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012.06.24 15:00:16 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012.06.24 15:00:16 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012.06.24 15:00:13 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012.06.24 15:00:12 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012.06.24 15:00:12 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012.06.24 15:00:12 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012.06.24 15:00:12 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012.06.24 15:00:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012.06.24 15:00:08 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
[2012.06.24 15:00:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2012.06.24 15:00:05 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl
[2012.06.24 15:00:05 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl
[2012.06.24 15:00:00 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2012.06.24 15:00:00 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2012.06.24 14:59:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012.06.24 14:59:58 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012.06.24 14:59:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012.06.24 14:59:51 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012.06.24 14:59:49 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012.06.24 14:59:48 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012.06.24 14:59:10 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2012.06.24 14:59:10 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2012.06.24 14:59:09 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2012.06.24 14:59:08 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2012.06.24 14:59:04 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2012.06.24 14:59:00 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012.06.24 14:58:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012.06.24 14:58:14 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll
[2012.06.24 14:58:06 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2012.06.24 14:58:06 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll
[2012.06.24 14:58:05 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2012.06.24 14:58:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2012.06.24 14:57:27 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012.06.24 14:57:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012.06.24 14:57:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2012.06.24 04:49:27 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Sicherung Netbook
[2012.06.24 03:24:10 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Adobe
[2012.06.24 03:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.06.24 03:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.06.24 03:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.06.24 02:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2012.06.24 02:03:01 | 000,000,000 | ---D | C] -- C:\Users\Anja\dwhelper
[2012.06.24 01:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.06.24 00:01:52 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Macromedia
[2012.06.24 00:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.06.24 00:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.06.24 00:01:23 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.06.24 00:01:23 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.24 00:01:22 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012.06.23 23:01:57 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012.06.23 23:01:57 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012.06.23 23:01:57 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012.06.23 23:01:46 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012.06.23 23:01:46 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012.06.23 23:01:46 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012.06.23 23:00:03 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012.06.23 23:00:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012.06.23 22:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012.06.23 21:58:18 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Skype
[2012.06.23 21:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.06.23 21:58:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.06.23 21:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.06.23 21:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.06.23 21:12:27 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\fontconfig
[2012.06.23 21:12:26 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\gegl-0.2
[2012.06.23 21:12:26 | 000,000,000 | ---D | C] -- C:\Users\Anja\.gimp-2.8
[2012.06.23 21:08:19 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Scribus
[2012.06.23 20:57:45 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.1
[2012.06.23 20:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Scribus 1.4.1
[2012.06.23 20:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.06.23 20:44:55 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Windows Live
[2012.06.23 20:44:40 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Mozilla
[2012.06.23 20:44:40 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Mozilla
[2012.06.23 20:44:37 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{93F59023-3B97-4026-B99F-B86C86DC613A}
[2012.06.23 20:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.23 20:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.23 20:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.06.23 20:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.06.23 20:39:13 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Youcam
[2012.06.23 20:39:11 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\CyberLink
[2012.06.23 20:39:11 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\CyberLink
[2012.06.23 20:31:47 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Macromedia
[2012.06.23 20:31:47 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Adobe
[2012.06.23 20:27:01 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\SoftGrid Client
[2012.06.23 20:27:01 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\SoftGrid Client
[2012.06.23 20:26:29 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012.06.23 20:26:29 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012.06.23 20:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.06.23 20:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012.06.23 20:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.06.23 20:25:27 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\TP
[2012.06.23 20:22:48 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Google
[2012.06.23 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Intel Corporation
[2012.06.23 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\ATI
[2012.06.23 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\ATI
[2012.06.23 19:56:45 | 000,000,000 | R--D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.23 19:56:45 | 000,000,000 | R--D | C] -- C:\Users\Anja\Searches
[2012.06.23 19:56:45 | 000,000,000 | R--D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.23 19:56:25 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Identities
[2012.06.23 19:56:20 | 000,000,000 | R--D | C] -- C:\Users\Anja\Contacts
[2012.06.23 19:56:10 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\VirtualStore
[2012.06.23 19:55:37 | 000,000,000 | --SD | C] -- C:\Users\Anja\AppData\Roaming\Microsoft
[2012.06.23 19:55:37 | 000,000,000 | R--D | C] -- C:\Users\Anja\Videos
[2012.06.23 19:55:37 | 000,000,000 | R--D | C] -- C:\Users\Anja\Saved Games
[2012.06.23 19:55:37 | 000,000,000 | R--D | C] -- C:\Users\Anja\Pictures
[2012.06.23 19:55:37 | 000,000,000 | R--D | C] -- C:\Users\Anja\Music
[2012.06.23 19:55:37 | 000,000,000 | R--D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.23 19:55:37 | 000,000,000 | R--D | C] -- C:\Users\Anja\Links
[2012.06.23 19:55:37 | 000,000,000 | R--D | C] -- C:\Users\Anja\Favorites
[2012.06.23 19:55:37 | 000,000,000 | R--D | C] -- C:\Users\Anja\Downloads
[2012.06.23 19:55:37 | 000,000,000 | R--D | C] -- C:\Users\Anja\Documents
[2012.06.23 19:55:37 | 000,000,000 | R--D | C] -- C:\Users\Anja\Desktop
[2012.06.23 19:55:37 | 000,000,000 | R--D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\Vorlagen
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\AppData\Local\Verlauf
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\AppData\Local\Temporary Internet Files
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\Startmenü
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\SendTo
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\Recent
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\Netzwerkumgebung
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\Lokale Einstellungen
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\Documents\Eigene Videos
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\Documents\Eigene Musik
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\Eigene Dateien
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\Documents\Eigene Bilder
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\Druckumgebung
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\Cookies
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\AppData\Local\Anwendungsdaten
[2012.06.23 19:55:37 | 000,000,000 | -HSD | C] -- C:\Users\Anja\Anwendungsdaten
[2012.06.23 19:55:37 | 000,000,000 | -H-D | C] -- C:\Users\Anja\AppData
[2012.06.23 19:55:37 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Temp
[2012.06.23 19:55:37 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Microsoft
[2012.06.23 19:55:37 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Media Center Programs
[2012.06.23 19:55:37 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2012.06.23 19:55:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.06.23 19:55:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.06.23 19:55:20 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.06.23 19:55:20 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.06.23 19:55:20 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.06.23 19:55:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.06.23 19:55:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.06.23 19:55:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.06.23 19:55:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.06.23 19:55:20 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.06.23 19:55:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.06.23 19:55:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.22 19:12:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
[2012.07.22 19:01:50 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 19:01:50 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 19:00:54 | 001,500,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.07.22 19:00:54 | 000,654,610 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.07.22 19:00:54 | 000,616,452 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.07.22 19:00:54 | 000,130,192 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.07.22 19:00:54 | 000,106,574 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.07.22 18:54:47 | 000,261,045 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.07.22 18:54:21 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.22 18:54:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.22 18:54:01 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.22 18:50:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.07.22 18:43:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 18:09:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.22 17:55:47 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.07.20 19:41:24 | 000,000,000 | ---- | M] () -- C:\Users\Anja\defogger_reenable
[2012.07.20 19:21:42 | 000,093,685 | ---- | M] () -- C:\Users\Anja\Desktop\nationalismus15.png
[2012.07.20 19:20:56 | 000,104,006 | ---- | M] () -- C:\Users\Anja\Desktop\nationalismus14.png
[2012.07.20 19:20:19 | 000,097,503 | ---- | M] () -- C:\Users\Anja\Desktop\nationalismus13.png
[2012.07.20 19:19:20 | 000,087,054 | ---- | M] () -- C:\Users\Anja\Desktop\nationalismus11.png
[2012.07.20 19:17:49 | 000,098,752 | ---- | M] () -- C:\Users\Anja\Desktop\nationalismus12.png
[2012.07.20 18:40:30 | 000,329,520 | ---- | M] () -- C:\Users\Anja\Documents\v7464_pdf.pdf
[2012.07.19 18:50:13 | 000,001,118 | ---- | M] () -- C:\Users\Anja\Desktop\Cyberlink Power2Go.lnk
[2012.07.19 17:52:02 | 3192,264,704 | ---- | M] () -- C:\Users\Anja\Documents\X15-65741.iso
[2012.07.19 02:49:23 | 000,001,037 | ---- | M] () -- C:\Users\Anja\Desktop\Dropbox.lnk
[2012.07.19 02:48:26 | 000,001,047 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.18 15:13:11 | 000,001,258 | ---- | M] () -- C:\Users\Anja\Desktop\Spybot - Search & Destroy.lnk
[2012.07.18 14:56:30 | 000,002,093 | ---- | M] () -- C:\Users\Anja\Desktop\HijackThis.lnk
[2012.07.18 12:05:56 | 000,032,335 | ---- | M] () -- C:\Users\Anja\AppData\Local\recently-used.xbel
[2012.07.17 18:50:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.07.17 18:50:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.17 18:39:04 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.17 18:25:15 | 000,283,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.06.30 18:08:59 | 000,029,429 | ---- | M] () -- C:\Users\Anja\Desktop\Anja Hoffmann.odt
[2012.06.30 18:08:25 | 000,105,383 | ---- | M] () -- C:\Users\Anja\Desktop\aufhebung.pdf
[2012.06.30 05:40:02 | 1972,494,926 | ---- | M] () -- C:\Users\Anja\Documents\Anja.zip
[2012.06.30 05:39:09 | 052,465,817 | ---- | M] () -- C:\Users\Anja\Documents\download.zip
[2012.06.29 20:07:18 | 000,005,213 | ---- | M] () -- C:\Users\Anja\Documents\utze.odt
[2012.06.29 20:07:18 | 000,000,162 | -H-- | M] () -- C:\Users\Anja\Documents\~$utze.odt
[2012.06.29 16:54:00 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.27 19:23:18 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.06.27 19:23:18 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.06.27 09:06:33 | 000,001,759 | ---- | M] () -- C:\Users\Anja\Desktop\Unikram - Verknüpfung.lnk
[2012.06.27 09:05:39 | 000,001,973 | ---- | M] () -- C:\Users\Anja\Desktop\*** und Mittelstand - Verknüpfung.lnk
[2012.06.25 08:32:24 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2012.06.25 08:24:00 | 001,500,444 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.06.24 04:15:52 | 000,159,772 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2012.06.24 04:15:52 | 000,159,772 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2012.06.24 03:23:10 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.06.24 01:42:59 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.06.24 01:42:59 | 000,002,094 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.06.24 01:42:32 | 000,002,239 | ---- | M] () -- C:\Users\Anja\Desktop\OneKey Recovery.lnk
[2012.06.23 21:58:15 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.23 20:58:22 | 000,001,061 | ---- | M] () -- C:\Users\Anja\Desktop\Scribus 1.4.1.lnk
[2012.06.23 20:44:36 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.23 20:30:17 | 000,004,241 | ---- | M] () -- C:\Users\Anja\Documents\heimnetzwerk.odt
 
========== Files Created - No Company Name ==========
 
[2012.07.22 18:09:42 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 19:41:24 | 000,000,000 | ---- | C] () -- C:\Users\Anja\defogger_reenable
[2012.07.20 19:21:41 | 000,093,685 | ---- | C] () -- C:\Users\Anja\Desktop\nationalismus15.png
[2012.07.20 19:20:55 | 000,104,006 | ---- | C] () -- C:\Users\Anja\Desktop\nationalismus14.png
[2012.07.20 19:20:18 | 000,097,503 | ---- | C] () -- C:\Users\Anja\Desktop\nationalismus13.png
[2012.07.20 19:19:19 | 000,087,054 | ---- | C] () -- C:\Users\Anja\Desktop\nationalismus11.png
[2012.07.20 19:17:48 | 000,098,752 | ---- | C] () -- C:\Users\Anja\Desktop\nationalismus12.png
[2012.07.20 18:56:07 | 000,329,520 | ---- | C] () -- C:\Users\Anja\Documents\v7464_pdf.pdf
[2012.07.19 02:49:23 | 000,001,037 | ---- | C] () -- C:\Users\Anja\Desktop\Dropbox.lnk
[2012.07.19 02:48:26 | 000,001,047 | ---- | C] () -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.19 02:16:12 | 3192,264,704 | ---- | C] () -- C:\Users\Anja\Documents\X15-65741.iso
[2012.07.18 15:37:43 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.07.18 15:13:11 | 000,001,258 | ---- | C] () -- C:\Users\Anja\Desktop\Spybot - Search & Destroy.lnk
[2012.07.18 14:56:30 | 000,002,093 | ---- | C] () -- C:\Users\Anja\Desktop\HijackThis.lnk
[2012.07.18 12:05:56 | 000,032,335 | ---- | C] () -- C:\Users\Anja\AppData\Local\recently-used.xbel
[2012.06.30 18:08:57 | 000,029,429 | ---- | C] () -- C:\Users\Anja\Desktop\Anja Hoffmann.odt
[2012.06.30 18:08:24 | 000,105,383 | ---- | C] () -- C:\Users\Anja\Desktop\aufhebung.pdf
[2012.06.30 05:39:01 | 052,465,817 | ---- | C] () -- C:\Users\Anja\Documents\download.zip
[2012.06.30 05:38:37 | 1972,494,926 | ---- | C] () -- C:\Users\Anja\Documents\Anja.zip
[2012.06.29 20:07:18 | 000,000,162 | -H-- | C] () -- C:\Users\Anja\Documents\~$utze.odt
[2012.06.29 20:07:16 | 000,005,213 | ---- | C] () -- C:\Users\Anja\Documents\utze.odt
[2012.06.29 16:54:00 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.27 19:23:18 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.06.27 19:23:18 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.06.27 09:06:33 | 000,001,759 | ---- | C] () -- C:\Users\Anja\Desktop\Unikram - Verknüpfung.lnk
[2012.06.27 09:05:39 | 000,001,973 | ---- | C] () -- C:\Users\Anja\Desktop\*** und Mittelstand - Verknüpfung.lnk
[2012.06.25 08:22:29 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2012.06.25 08:22:27 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2012.06.24 03:23:10 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.06.24 03:23:10 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.06.24 00:01:26 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.06.24 00:01:26 | 000,002,094 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.06.24 00:01:23 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.06.23 21:58:15 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.23 20:58:22 | 000,001,061 | ---- | C] () -- C:\Users\Anja\Desktop\Scribus 1.4.1.lnk
[2012.06.23 20:57:50 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.06.23 20:44:36 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.23 20:44:36 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.23 20:30:13 | 000,004,241 | ---- | C] () -- C:\Users\Anja\Documents\heimnetzwerk.odt
[2012.06.23 20:26:01 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.06.23 19:56:49 | 000,001,405 | ---- | C] () -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.06.23 19:56:46 | 000,001,439 | ---- | C] () -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.23 19:55:37 | 000,002,239 | ---- | C] () -- C:\Users\Anja\Desktop\OneKey Recovery.lnk
[2012.06.23 19:55:37 | 000,001,118 | ---- | C] () -- C:\Users\Anja\Desktop\Cyberlink Power2Go.lnk
[2012.06.23 19:55:37 | 000,000,189 | ---- | C] () -- C:\Users\Anja\Desktop\Lenovo Telephony Start Now.url
[2012.03.06 18:51:22 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012.03.06 18:51:22 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012.03.06 18:33:31 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012.03.06 18:33:31 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012.03.06 18:33:31 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012.03.06 18:33:31 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.03.06 18:33:25 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012.03.06 18:23:47 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2012.03.06 18:20:42 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2012.03.06 18:11:25 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.03.06 18:08:49 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2012.03.06 18:06:01 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.03.06 18:02:38 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.03.06 18:02:37 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.03.06 18:02:35 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
========== LOP Check ==========
 
[2012.07.19 00:36:24 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Ad-Aware Antivirus
[2012.07.22 19:11:10 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Dropbox
[2012.06.23 21:12:19 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Scribus
[2012.07.19 01:16:45 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Simply Super Software
[2012.07.22 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\SoftGrid Client
[2012.06.23 20:27:11 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\TP
[2009.07.14 07:08:49 | 000,013,226 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Ich möchte ganz dringend nochmal die Einträge bearbeiten. Wo ist denn der "editieren"-Button hin?

kira · 23.07.2012, 07:16

Zitat:

Zitat von beastmaster

Ich möchte ganz dringend nochmal die Einträge bearbeiten. Wo ist denn der "editieren"-Button hin?

hast Du gerade 1 Stunde Zeit deinen Beitrag zu editieren!

Punkt 4. fehlt noch, bitte nachreichen

beastmaster · 24.07.2012, 01:11

Hallo Kira,

verstehe ich das richtig, dass ich, ohne irgendeinen scann, dir jetzt die install.txt hier zukommen lassen soll?

wenn ja, so befindet die sich untenstehend.

danke!

:

Code:

ATTFilter

7-Zip 9.20		30.06.2012		
Ad-Aware Antivirus	Lavasoft Limited	18.07.2012	36,3MB	10.2.21.3698
Ad-Aware Browsing Protection	Lavasoft	18.07.2012		0.9.0.2
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	17.07.2012	6,00MB	11.3.300.265
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	24.06.2012	121MB	10.1.3
Atheros Client Installation Program	Atheros	06.03.2012		7.0
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	06.03.2012		1.0.0.36
ATI Catalyst Install Manager	ATI Technologies, Inc.	06.03.2012	22,4MB	3.0.808.0
ATI Uninstaller	ATI Technologies, Inc.	06.03.2012		8.813.3.2-110324a-116588C-Lenovo
Avira Free Antivirus	Avira	29.06.2012	125MB	12.0.0.1125
Avira SearchFree Toolbar plus Web Protection	Ask.com	29.06.2012	4,67MB	1.15.4.0
Avira SearchFree Toolbar plus Web Protection Updater	Ask.com	29.06.2012		1.3.0.23930
CCleaner	Piriform	22.06.2012		3.20
Conexant HD Audio	Conexant	06.03.2012		8.54.1.0
Dropbox	Dropbox, Inc.	19.07.2012		1.4.11
Energy Management	Lenovo	06.03.2012	16,8MB	6.0.2.0
GIMP 2.8.0	The GIMP Team	23.06.2012	241MB	2.8.0
Google Chrome	Google Inc.	06.03.2012		20.0.1132.57
Google Toolbar for Internet Explorer	Google Inc.	06.03.2012		7.1.1821.1806
HijackThis 2.0.2	TrendMicro	18.07.2012		2.0.2
Intel(R) Control Center	Intel Corporation	06.03.2012		1.2.1.1007
Intel(R) Display Audio Driver	Intel Corporation	06.03.2012		6.14.00.3074
Intel(R) Management Engine Components	Intel Corporation	06.03.2012		7.0.0.1144
Intel(R) Rapid Storage Technology	Intel Corporation	06.03.2012		10.1.5.1001
Lenovo EasyCamera	Suyin Optronics Corp.	06.03.2012		5.8.56000.8
Lenovo EE Boot Optimizer	Lenovo	06.03.2012		0.0.1.6
Lenovo Games Console	Oberon Media Inc.	06.03.2012		1.2.6.436
Lenovo OneKey Recovery	CyberLink Corp.	06.03.2012		7.0.0.3212
Lenovo YouCam	CyberLink Corp.	06.03.2012	135MB	3.1.3728
Malwarebytes Anti-Malware Version 1.62.0.1300	Malwarebytes Corporation	22.07.2012	18,7MB	1.62.0.1300
McAfee Security Scan Plus	McAfee, Inc.	24.06.2012	10,2MB	3.0.207.4
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	27.06.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	27.06.2012	2,93MB	4.0.30319
Microsoft Office 2010	Microsoft Corporation	06.03.2012	6,31MB	14.0.4763.1000
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	23.06.2012		14.0.4763.1000
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	23.06.2012		14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	25.06.2012	40,3MB	4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	06.03.2012	1,69MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	25.06.2012	300KB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	27.06.2012	788KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	28.06.2012	788KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411	Microsoft Corporation	27.06.2012	1,46MB	9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	23.06.2012	592KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	25.06.2012	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	06.03.2012	13,6MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	01.07.2012	16,5MB	10.0.40219
Mozilla Firefox 14.0.1 (x86 de)	Mozilla	18.07.2012	41,1MB	14.0.1
Mozilla Maintenance Service	Mozilla	18.07.2012	309KB	14.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	26.06.2012	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.06.2012	1,33MB	4.20.9876.0
OneKey Recovery	CyberLink Corp.	06.03.2012		7.0.0.3212
PDF24 Creator 4.6.0	PDF24.org	27.06.2012	33,8MB	
Power2Go	CyberLink Corp.	06.03.2012		5.6.0.7303
Realtek USB 2.0 Reader Driver	Realtek Semiconductor Corp.	06.03.2012		6.1.7600.10003
Renesas Electronics USB 3.0 Host Controller Driver	Renesas Electronics Corporation	06.03.2012	1,00MB	2.0.32.0
Samsung ML-1630 Series	Samsung Electronics CO.,LTD	25.06.2012		
Scribus 1.4.1	The Scribus Team	23.06.2012		1.4.1
Skype Click to Call	Skype Technologies S.A.	17.07.2012	20,8MB	6.1.10441
Skype™ 5.10	Skype Technologies S.A.	23.06.2012	19,4MB	5.10.114
Spybot - Search & Destroy	Safer Networking Limited	18.07.2012		1.6.2
Synaptics Pointing Device Driver	Synaptics Incorporated	06.03.2012	46,4MB	15.3.0.0
UserGuide	Lenovo	06.03.2012	51,3MB	1.0.0.6
VeriFace	Lenovo	06.03.2012		4.0.0.1224
Windows Live Essentials	Microsoft Corporation	27.06.2012		15.4.3555.0308
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	06.03.2012	5,57MB	15.4.5722.2
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)	Lenovo	06.03.2012		12/02/2010 6.1.0.1

kira · 24.07.2012, 08:13

Systemreinigung und Prüfung:

1.
Deinstalliere:

Code:

ATTFilter

"Ad-Aware Free": jetzt läuft mit Anti-Viren-Schutz!

kann es zu einem Systemabsturz kommen!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!

2.
Deinstalliere:

Zitat:

Avira SearchFree Toolbar plus Web Protection Ask.com
Avira SearchFree Toolbar plus Web Protection Updater Ask.com

Info
Hinweise zum Einsatz von Freeware-Version Avira AntiVir Personal:
Hier klicken zum Weiterlesen:
-> http://www.chip.de/news/AntiVir-Serv..._45444953.html
► Wer möchte diese Adware auf seinen Rechner haben?!
Lieber ohne Webguard, als mit Adware denke ich mir...

3.
ALTE VERSION!!!:

Code:

ATTFilter

Logfile of HijackThis 2.0.2

Die neue Version gibt es hier:
also lösche/deinstalliere HijackThis "2.0.2." und lade Dir erneut von hier HijackThis v2.0.4 herunter

4.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:

Code:

ATTFilter

McAfee Security Scan Plus
vermutlich über Adobe (Flash Player) auf dem rechner gelandet!

obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

5.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!) - zeitweise kontrollieren:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

6.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

7.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

beastmaster · 24.07.2012, 14:55

Hallo Kira,

hab alles so ausgeführt. Anbei nochmal die OTL.txt und extras.txt

:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.07.2012 15:43:55 - Run 8
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Anja\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 74,35% Memory free
15,89 Gb Paging File | 13,65 Gb Available in Paging File | 85,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 559,95 Gb Free Space | 85,53% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,54 Gb Free Space | 91,54% Space Free | Partition Type: NTFS
Drive G: | 3,91 Gb Total Space | 0,00 Gb Free Space | 0,05% Space Free | Partition Type: FAT32
 
Computer Name: ANJA-PC | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.22 19:12:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
PRC - [2012.07.18 09:21:01 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.17 18:50:23 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Anja\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.06 18:33:27 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.02.18 10:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.01.29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.09.25 06:00:12 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 09:21:01 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.07.17 18:50:23 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.06.29 15:06:57 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.29 15:06:52 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.06.29 15:06:52 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9c5c9e0b5972a39696939f7009df4a08\IAStorCommon.ni.dll
MOD - [2012.06.29 15:06:51 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.06.29 15:06:50 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4621632eccd0b813535a27e737a8a03\IAStorUtil.ni.dll
MOD - [2012.06.29 15:06:48 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.29 15:06:43 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.29 15:06:33 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.06.29 15:06:30 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.06.29 15:06:29 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.06.29 15:06:23 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.03.06 18:33:27 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012.03.06 09:38:31 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.09.25 06:00:12 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.03.25 04:53:28 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.18 09:21:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.17 18:50:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.06 18:45:22 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.03.06 18:45:20 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.03.06 18:42:39 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012.03.06 18:42:39 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.29 05:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.29 05:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.04.08 03:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.26 00:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.25 07:34:40 | 008,284,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.25 04:17:36 | 000,296,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.02.14 06:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.01.29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.24 13:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.21 08:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.30 10:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.03.15 11:41:14 | 001,800,576 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.03.06 02:10:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKCU\..\SearchScopes\{CCB0577D-57B9-4029-B04D-276402EFB52B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=eb225a76-09eb-45a1-be64-658118ce256e&apn_sauid=7E9C68CE-3790-494C-95F9-D7CFE2A4E5A2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 11:54:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 11:54:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.23 20:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Extensions
[2012.07.24 15:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\y7rof3u4.default\extensions
[2012.06.24 01:57:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\y7rof3u4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.29 16:53:50 | 000,002,344 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\y7rof3u4.default\searchplugins\askcom.xml
[2012.07.04 08:40:43 | 000,002,101 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\y7rof3u4.default\searchplugins\googlede.xml
[2012.06.23 21:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.19 11:52:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.18 09:21:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Avira Toolbar = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\
CHR - Extension: Skype Click to Call = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Anja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F088891-61C1-4C1F-B317-41CDB74C211A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.24 15:27:00 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.07.24 15:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.07.24 02:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.24 02:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.24 02:01:12 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\Anja\Desktop\ccsetup320.exe
[2012.07.22 19:12:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
[2012.07.22 18:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 18:09:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.07.22 18:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.19 02:49:23 | 000,000,000 | R--D | C] -- C:\Users\Anja\Dropbox
[2012.07.19 02:48:18 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.07.19 02:47:55 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Dropbox
[2012.07.19 02:27:40 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Malwarebytes
[2012.07.19 02:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.19 01:16:49 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Simply Super Software
[2012.07.19 01:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.07.19 01:16:45 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Simply Super Software
[2012.07.19 01:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.07.18 15:37:12 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Downloaded Installations
[2012.07.18 15:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.07.18 15:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.18 15:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.07.18 14:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.07.11 23:44:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.07.11 23:44:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.07.11 23:44:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.07.11 23:44:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.07.11 23:44:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.07.11 23:44:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.07.11 23:44:55 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.07.11 23:44:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.07.11 23:44:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.07.11 23:44:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.07.11 23:44:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.07.11 23:44:54 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.07.11 23:44:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.07.11 23:25:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012.07.11 23:25:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012.07.11 23:25:00 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012.07.11 23:24:59 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012.07.11 23:24:59 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012.07.07 19:42:26 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe
[2012.07.06 16:13:51 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Russisch B1.1
[2012.06.30 05:37:40 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Soundlabs
[2012.06.30 02:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.06.30 02:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.06.29 16:59:16 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Avira
[2012.06.29 16:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.29 16:53:39 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\APN
[2012.06.29 16:53:31 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012.06.29 16:53:31 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012.06.29 16:53:31 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012.06.29 16:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.29 16:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.27 19:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.06.27 19:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.06.27 19:21:48 | 000,000,000 | ---D | C] -- C:\Users\Anja\Desktop\OpenOffice.org 3.4 (de) Installation Files
[2012.06.27 14:01:42 | 000,000,000 | ---D | C] -- C:\windows\de
[2012.06.27 13:14:38 | 000,000,000 | ---D | C] -- C:\Users\Anja\.thumbnails
[2012.06.27 13:05:26 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{26575724-16A5-4626-9279-AC10E5FF262B}
[2012.06.27 13:05:15 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{EA2BE906-17A7-469E-99AF-7680166AED53}
[2012.06.27 13:05:04 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{85198240-934E-4BBA-A8BF-9AF18A8ED60F}
[2012.06.27 13:04:54 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{CAA22CD0-7A39-4609-A050-71B0F7EFC904}
[2012.06.27 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{172D028B-6BE3-4E94-BAC2-7BAE5F0FDF41}
[2012.06.27 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{8E2921EE-B937-43CE-89AB-1083AF78A305}
[2012.06.27 13:04:02 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{9070F943-6114-4E2C-8A3D-BF91EB0208F5}
[2012.06.27 13:03:51 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{07999DE0-6363-4F57-869B-EA023287FE1E}
[2012.06.27 12:11:00 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{3374EBD5-CA0A-4418-BB67-096747F9AF69}
[2012.06.27 09:06:06 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Unikram
[2012.06.27 09:04:55 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\*** und Mittelstand
[2012.06.27 08:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.06.26 16:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2012.06.26 16:06:12 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Conexant
[2012.06.26 14:55:36 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Anja2
[2012.06.26 14:42:07 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\download
[2012.06.26 14:34:06 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\eicfg_removal_utility
[2012.06.26 14:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.06.25 08:32:21 | 000,000,000 | ---D | C] -- C:\windows\Samsung
[2012.06.25 08:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung ML-1630 Series
[2012.06.25 08:22:22 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml2.dll
[2012.06.25 08:22:22 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml4r.dll
[2012.06.25 08:22:22 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\windows\SysWow64\ssdevm.dll
[2012.06.25 08:22:22 | 000,074,240 | ---- | C] (Samsung Electronics) -- C:\windows\SysNative\ssdevm64.dll
[2012.06.25 08:22:22 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\windows\SysWow64\ssusbpn.dll
[2012.06.25 08:22:22 | 000,047,104 | ---- | C] (Samsung Electronics) -- C:\windows\SysNative\ssusbp64.dll
[2012.06.25 08:22:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml4a.dll
[2012.06.25 08:22:22 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml2r.dll
[2012.06.25 08:22:22 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml2a.dll
[2012.06.25 08:21:48 | 000,011,576 | ---- | C] (Samsung Electronics) -- C:\windows\SysNative\drivers\SSPORT.SYS
[2012.06.25 08:21:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012.06.25 08:21:40 | 000,000,000 | ---D | C] -- C:\Temp
[2012.06.25 08:21:11 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012.06.25 08:21:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012.06.25 08:21:11 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 15:48:36 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 15:48:36 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 15:47:39 | 001,500,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.07.24 15:47:39 | 000,654,610 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.07.24 15:47:39 | 000,616,452 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.07.24 15:47:39 | 000,130,192 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.07.24 15:47:39 | 000,106,574 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.07.24 15:43:01 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.24 15:41:51 | 000,255,605 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.07.24 15:41:19 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.24 15:41:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.24 15:40:58 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.24 15:40:04 | 000,057,360 | ---- | M] () -- C:\Users\Anja\Documents\cc_20120724_153954.reg
[2012.07.24 15:27:00 | 000,002,971 | ---- | M] () -- C:\Users\Anja\Desktop\HiJackThis.lnk
[2012.07.24 15:26:24 | 001,402,880 | ---- | M] () -- C:\Users\Anja\Desktop\HiJackThis.msi
[2012.07.24 02:50:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.07.24 02:03:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.24 02:01:16 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\Anja\Desktop\ccsetup320.exe
[2012.07.22 19:12:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
[2012.07.22 18:09:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 19:41:24 | 000,000,000 | ---- | M] () -- C:\Users\Anja\defogger_reenable
[2012.07.20 19:21:42 | 000,093,685 | ---- | M] () -- C:\Users\Anja\Desktop\***15.png
[2012.07.20 19:20:56 | 000,104,006 | ---- | M] () -- C:\Users\Anja\Desktop\***14.png
[2012.07.20 19:20:19 | 000,097,503 | ---- | M] () -- C:\Users\Anja\Desktop\***13.png
[2012.07.20 19:19:20 | 000,087,054 | ---- | M] () -- C:\Users\Anja\Desktop\***11.png
[2012.07.20 19:17:49 | 000,098,752 | ---- | M] () -- C:\Users\Anja\Desktop\***12.png
[2012.07.20 18:40:30 | 000,329,520 | ---- | M] () -- C:\Users\Anja\Documents\v7464_pdf.pdf
[2012.07.19 18:50:13 | 000,001,118 | ---- | M] () -- C:\Users\Anja\Desktop\Cyberlink Power2Go.lnk
[2012.07.19 17:52:02 | 3192,264,704 | ---- | M] () -- C:\Users\Anja\Documents\X15-65741.iso
[2012.07.19 02:49:23 | 000,001,037 | ---- | M] () -- C:\Users\Anja\Desktop\Dropbox.lnk
[2012.07.19 02:48:26 | 000,001,047 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.18 15:13:11 | 000,001,258 | ---- | M] () -- C:\Users\Anja\Desktop\Spybot - Search & Destroy.lnk
[2012.07.18 12:05:56 | 000,032,335 | ---- | M] () -- C:\Users\Anja\AppData\Local\recently-used.xbel
[2012.07.17 18:50:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.07.17 18:50:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.17 18:39:04 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.17 18:25:15 | 000,283,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.06.30 18:08:59 | 000,029,429 | ---- | M] () -- C:\Users\Anja\Desktop\Anja ***.odt
[2012.06.30 18:08:25 | 000,105,383 | ---- | M] () -- C:\Users\Anja\Desktop\aufhebung.pdf
[2012.06.30 05:40:02 | 1972,494,926 | ---- | M] () -- C:\Users\Anja\Documents\Anja.zip
[2012.06.30 05:39:09 | 052,465,817 | ---- | M] () -- C:\Users\Anja\Documents\download.zip
[2012.06.29 20:07:18 | 000,005,213 | ---- | M] () -- C:\Users\Anja\Documents\utze.odt
[2012.06.29 20:07:18 | 000,000,162 | -H-- | M] () -- C:\Users\Anja\Documents\~$utze.odt
[2012.06.29 16:54:00 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.27 19:23:18 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.06.27 19:23:18 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.06.27 09:06:33 | 000,001,759 | ---- | M] () -- C:\Users\Anja\Desktop\Unikram - Verknüpfung.lnk
[2012.06.27 09:05:39 | 000,001,973 | ---- | M] () -- C:\Users\Anja\Desktop\*** und Mittelstand - Verknüpfung.lnk
[2012.06.25 08:32:24 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2012.06.25 08:24:00 | 001,500,444 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2012.07.24 15:39:57 | 000,057,360 | ---- | C] () -- C:\Users\Anja\Documents\cc_20120724_153954.reg
[2012.07.24 15:27:00 | 000,002,971 | ---- | C] () -- C:\Users\Anja\Desktop\HiJackThis.lnk
[2012.07.24 15:26:23 | 001,402,880 | ---- | C] () -- C:\Users\Anja\Desktop\HiJackThis.msi
[2012.07.24 02:03:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.22 18:09:42 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 19:41:24 | 000,000,000 | ---- | C] () -- C:\Users\Anja\defogger_reenable
[2012.07.20 19:21:41 | 000,093,685 | ---- | C] () -- C:\Users\Anja\Desktop\***15.png
[2012.07.20 19:20:55 | 000,104,006 | ---- | C] () -- C:\Users\Anja\Desktop\***14.png
[2012.07.20 19:20:18 | 000,097,503 | ---- | C] () -- C:\Users\Anja\Desktop\***13.png
[2012.07.20 19:19:19 | 000,087,054 | ---- | C] () -- C:\Users\Anja\Desktop\***11.png
[2012.07.20 19:17:48 | 000,098,752 | ---- | C] () -- C:\Users\Anja\Desktop\***12.png
[2012.07.20 18:56:07 | 000,329,520 | ---- | C] () -- C:\Users\Anja\Documents\v7464_pdf.pdf
[2012.07.19 02:49:23 | 000,001,037 | ---- | C] () -- C:\Users\Anja\Desktop\Dropbox.lnk
[2012.07.19 02:48:26 | 000,001,047 | ---- | C] () -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.19 02:16:12 | 3192,264,704 | ---- | C] () -- C:\Users\Anja\Documents\X15-65741.iso
[2012.07.18 15:13:11 | 000,001,258 | ---- | C] () -- C:\Users\Anja\Desktop\Spybot - Search & Destroy.lnk
[2012.07.18 12:05:56 | 000,032,335 | ---- | C] () -- C:\Users\Anja\AppData\Local\recently-used.xbel
[2012.06.30 18:08:57 | 000,029,429 | ---- | C] () -- C:\Users\Anja\Desktop\Anja ***.odt
[2012.06.30 18:08:24 | 000,105,383 | ---- | C] () -- C:\Users\Anja\Desktop\aufhebung.pdf
[2012.06.30 05:39:01 | 052,465,817 | ---- | C] () -- C:\Users\Anja\Documents\download.zip
[2012.06.30 05:38:37 | 1972,494,926 | ---- | C] () -- C:\Users\Anja\Documents\Anja.zip
[2012.06.29 20:07:18 | 000,000,162 | -H-- | C] () -- C:\Users\Anja\Documents\~$utze.odt
[2012.06.29 20:07:16 | 000,005,213 | ---- | C] () -- C:\Users\Anja\Documents\utze.odt
[2012.06.29 16:54:00 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.27 19:23:18 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.06.27 19:23:18 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.06.27 09:06:33 | 000,001,759 | ---- | C] () -- C:\Users\Anja\Desktop\Unikram - Verknüpfung.lnk
[2012.06.27 09:05:39 | 000,001,973 | ---- | C] () -- C:\Users\Anja\Desktop\*** und Mittelstand - Verknüpfung.lnk
[2012.06.25 08:22:29 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2012.06.25 08:22:27 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2012.06.23 20:26:01 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.03.06 18:51:22 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012.03.06 18:51:22 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012.03.06 18:33:31 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012.03.06 18:33:31 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012.03.06 18:33:31 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012.03.06 18:33:31 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.03.06 18:33:25 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012.03.06 18:23:47 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2012.03.06 18:20:42 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2012.03.06 18:11:25 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.03.06 18:08:49 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2012.03.06 18:06:01 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.03.06 18:02:38 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.03.06 18:02:37 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.03.06 18:02:35 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
========== LOP Check ==========
 
[2012.07.24 15:42:00 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Dropbox
[2012.06.23 21:12:19 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Scribus
[2012.07.19 01:16:45 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Simply Super Software
[2012.07.22 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\SoftGrid Client
[2012.06.23 20:27:11 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\TP
[2009.07.14 07:08:49 | 000,013,982 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

und

:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.07.2012 15:43:55 - Run 8
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Anja\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 74,35% Memory free
15,89 Gb Paging File | 13,65 Gb Available in Paging File | 85,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 559,95 Gb Free Space | 85,53% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,54 Gb Free Space | 91,54% Space Free | Partition Type: NTFS
Drive G: | 3,91 Gb Total Space | 0,00 Gb Free Space | 0,05% Space Free | Partition Type: FAT32
 
Computer Name: ANJA-PC | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0591C32F-FE4D-4D52-928B-5D33AEF548D6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0BFA45AC-D94F-4723-BCAB-80C1DE3DCF75}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0ED2AB4F-9A07-4016-9442-C0EEF5F58B4A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{19F1BC3B-B897-4A8F-B8D3-64B78AD0DD3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E041922-EDEC-4D25-96FB-798768C78794}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31154085-BD77-4E0F-B806-695284914F20}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3B5F0A71-63B4-4E6D-8644-66AAA1C398FB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3CC2D1C1-7F3F-4EB3-B5C0-9E8552E6C077}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40396513-91F7-491D-9211-EC868D7470F3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D5B4452-B42B-4F64-A828-816E2B342C2E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5A8689AF-490A-4A87-98E9-36968E074363}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{60EF460D-4A05-4EC6-962A-C2814ED7EBD4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6A09EB51-3FB8-4F77-9FBC-532CCE802990}" = rport=445 | protocol=6 | dir=out | app=system | 
"{82C9F906-1B9A-41CE-81C1-F4AFAEB7AFEE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{962D02C4-F2A5-47DE-8A2C-B9AEB04B6038}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9D9D57AD-6ED2-4AE5-B6AE-3C4996FD395F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C293A6B0-CF86-42C5-8046-3B67A311ACD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEA99A2E-BA52-4D71-A4D3-F843C0C8996D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DD6E474F-7C87-4B21-A814-E61606CF8333}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DE73A56E-E61B-4D39-BE11-6D8B7480B9D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E669AD83-6529-4BEF-BBF6-3BDF4AC6F875}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC156D75-3C76-4213-9E90-7E9BE0C81590}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F8746051-76CB-4B6B-B4BB-DACAF33F0A73}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1520DE6B-360A-460B-8094-F4C4B0594153}" = protocol=6 | dir=out | app=system | 
"{1FAC6FD4-CDBB-4AE9-BE3D-4D38906773AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20E2304A-B4FC-49DE-ACD1-C8C75EB9BC2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{27157EF5-6E94-438F-9390-983AE6B561AE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{369F476A-1A9E-4EA4-8D1E-0BC303CA5D68}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4729FDE5-F5F5-401C-882E-41DEFFC7FAB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C03D387-820D-4963-B219-8D7154080C3B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5FF2A4C3-4283-4D42-8B0B-CD2DC4754422}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7349A4EF-ED83-4E3C-8801-375CDE0F45BC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{7C16BB99-41F7-441B-B0C2-F1CD3A0917CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E81CB71-CBE5-4975-BF46-48469FDE2CE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8428EA95-6112-4685-8027-8C4512CB042D}" = protocol=17 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8ADA4724-1AD9-4294-B078-F9B671FCC6B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8BED7999-BA9F-4654-923E-3989EB4ADAF6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{93C84A97-E333-4342-A8F1-3F9E946186C0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9A500F27-BC27-48D3-911C-8E74B01447C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B0669848-42E3-4131-9327-0A1309997CF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2338C2A-11FC-4F52-ADB2-C783F8C5BD2A}" = protocol=6 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BB8F94A9-2D5F-40FF-90F9-20D209B119A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD9FA313-7033-47CA-A2E4-5F732D2D48EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1F10E06-E40A-4760-91B2-EE3C51A877FF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D4727B8A-8B14-4F1B-BB29-BB7C92E8A863}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E229D70A-3A43-4A5E-A5D4-7AF9D56743AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F518E643-F4A5-4BB9-986D-A9DB4EC15FF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F807BEFA-DC43-43EA-B9FC-A2DF536B67E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{B6E9B485-B6A0-4360-A4D6-D5377BF3DBC2}C:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3FD2A96C-5407-4CC2-AF13-68EE4BDDC456}C:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2A21DA0C-F50D-DF54-70AD-C0826158FBF2}" = ccc-utility64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6502B973-9DB9-683F-2BE3-4B83F54F78FF}" = WMV9/VC-1 Video Playback
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C3E6E2B5-DEB5-235A-4999-4D424C11788B}" = ATI Catalyst Install Manager
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"GIMP-2_is1" = GIMP 2.8.0
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0389A677-241F-6EEC-54B0-2D07F620776E}" = Catalyst Control Center Localization All
"{03D98FB6-0E27-5614-864A-961248BD89E8}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19555808-AF6B-9E99-366C-A2D8C6FB3D07}" = CCC Help English
"{19643FA2-3DDD-1C05-A474-E4FB28638F65}" = Catalyst Control Center InstallProxy
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{271B24E3-1505-B13A-BF3E-282CF0C54B68}" = PX Profile Update
"{29172463-C766-9812-F399-82380F03761A}" = CCC Help Korean
"{2E6D4F14-C94C-758B-46E4-9AD21852108F}" = CCC Help Portuguese
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DBFE2A1-945C-9F14-17F6-1F74CB4F82A5}" = CCC Help Japanese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4504861F-2770-D8F2-F0B1-B723FADF315F}" = CCC Help Polish
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{50210E48-FB67-0045-3853-C3FBEB470127}" = CCC Help French
"{5035C1F3-6147-3C83-3C39-37B6DBDAC163}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F1DD61A-0C22-E924-3A81-DFFCC14A5A97}" = CCC Help Russian
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A2BF2A-E7E5-BA48-7525-02BD5B7425C7}" = CCC Help Chinese Standard
"{744C5097-94C7-DE34-5B1F-43EDFDBD5E35}" = CCC Help Dutch
"{795062B9-1B7A-7ACA-1C7D-7B3D61F4116A}" = ccc-core-static
"{7D5B0DA2-9AAE-3ADF-B692-685EA3DC64C6}" = CCC Help Italian
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC173F3-DBEC-ED42-68EF-49BCB95FC49F}" = CCC Help Swedish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96A84750-A54D-C7C3-44AA-5C28C36C5640}" = CCC Help German
"{96B17AEC-9C54-0969-5613-4C9B33BFEAFF}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1751DF-188D-591B-3887-1825F597007A}" = CCC Help Spanish
"{A44B2324-CB46-A9F9-7FDC-7FD087AEC7FC}" = Catalyst Control Center Profiles Mobile
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD40A06A-77AB-4E2E-B2AA-FDE106A9977A}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B34E1065-711C-7B9E-C77D-9E071DAAFC31}" = CCC Help Finnish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA0F92C2-2012-0AF0-A2CE-62E220A0AF06}" = CCC Help Hungarian
"{BCFC4789-7C5E-B050-CBB1-8C6CA46990A8}" = CCC Help Greek
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCB6DF61-A144-02B4-EDC7-D7478AF7B27D}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7FC3EAE-C6D8-92D1-B065-29DECFD5A8E7}" = Catalyst Control Center Graphics Previews Common
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8B2AA7F-956F-D943-F1C0-42843041B108}" = CCC Help Czech
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC2C6FBD-01DC-36D8-5F4B-7033B00C9963}" = CCC Help Turkish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Samsung ML-1630 Series" = Samsung ML-1630 Series
"Scribus 1.4.1" = Scribus 1.4.1
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.07.2012 12:19:48 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2012 12:22:06 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 01.07.2012 17:32:16 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2012 18:46:22 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 02.07.2012 06:29:00 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2012 11:09:07 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 02.07.2012 16:38:04 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2012 16:46:37 | Computer Name = Anja-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
 werden.  
 
Error - 02.07.2012 20:36:22 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 04.07.2012 02:14:29 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 18.07.2012 09:41:48 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.07.2012 18:41:21 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.07.2012 18:51:04 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.07.2012 18:54:20 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%109
 
Error - 18.07.2012 18:56:52 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.07.2012 18:57:25 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 SBSD Security Center Service erreicht.
 
Error - 18.07.2012 18:57:25 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 18.07.2012 19:10:06 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.07.2012 19:56:20 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 19.07.2012 12:30:20 | Computer Name = Anja-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "E:" können nicht gelesen werden.
 
 
< End of report >

--- --- ---

kira · 25.07.2012, 07:07

Systemreinigung und Prüfung:

1.

Zitat:

Spybot

- würde ich nicht mehr empfehlen, er bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"...
► Falls Du doch es behalten möchtest:
Stelle bitte den TeaTimer ab:
Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident.
Deaktiviere hier den "Resident TeaTimer aktiv".
(Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben!

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKCU\..\SearchScopes\{CCB0577D-57B9-4029-B04D-276402EFB52B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=eb225a76-09eb-45a1-be64-658118ce256e&apn_sauid=7E9C68CE-3790-494C-95F9-D7CFE2A4E5A2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
[2012.06.29 16:53:50 | 000,002,344 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\y7rof3u4.default\searchplugins\askcom.xml
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2012.07.24 15:43:01 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.24 15:41:19 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

4.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

5.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

beastmaster · 25.07.2012, 17:39

Hallo Kira,

okay, alles ausgeführt. Ich hoffe, ich hab das alles richtig gemacht.

Anbei die Logfiles:

:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCB0577D-57B9-4029-B04D-276402EFB52B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCB0577D-57B9-4029-B04D-276402EFB52B}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\y7rof3u4.default\searchplugins\askcom.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
C:\ProgramData\Partner\Partner64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Anja\Desktop\cmd.bat deleted successfully.
C:\Users\Anja\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Anja
->Temp folder emptied: 1872400 bytes
->Temporary Internet Files folder emptied: 3896669 bytes
->FireFox cache emptied: 486527797 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3901 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25671172 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 49013 bytes
 
Total Files Cleaned = 494,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07252012_092537

Files\Folders moved on Reboot...
C:\Users\Anja\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Anja\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.07.2012 18:28:09 - Run 9
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Anja\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,34% Memory free
15,89 Gb Paging File | 13,38 Gb Available in Paging File | 84,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 558,18 Gb Free Space | 85,26% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,54 Gb Free Space | 91,54% Space Free | Partition Type: NTFS
Drive E: | 63,67 Gb Total Space | 32,41 Gb Free Space | 50,91% Space Free | Partition Type: NTFS
Drive G: | 3,91 Gb Total Space | 0,00 Gb Free Space | 0,05% Space Free | Partition Type: FAT32
 
Computer Name: ANJA-PC | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0591C32F-FE4D-4D52-928B-5D33AEF548D6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0BFA45AC-D94F-4723-BCAB-80C1DE3DCF75}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0ED2AB4F-9A07-4016-9442-C0EEF5F58B4A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{19F1BC3B-B897-4A8F-B8D3-64B78AD0DD3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E041922-EDEC-4D25-96FB-798768C78794}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31154085-BD77-4E0F-B806-695284914F20}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3B5F0A71-63B4-4E6D-8644-66AAA1C398FB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3CC2D1C1-7F3F-4EB3-B5C0-9E8552E6C077}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40396513-91F7-491D-9211-EC868D7470F3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D5B4452-B42B-4F64-A828-816E2B342C2E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5A8689AF-490A-4A87-98E9-36968E074363}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{60EF460D-4A05-4EC6-962A-C2814ED7EBD4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6A09EB51-3FB8-4F77-9FBC-532CCE802990}" = rport=445 | protocol=6 | dir=out | app=system | 
"{82C9F906-1B9A-41CE-81C1-F4AFAEB7AFEE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{962D02C4-F2A5-47DE-8A2C-B9AEB04B6038}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9D9D57AD-6ED2-4AE5-B6AE-3C4996FD395F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C293A6B0-CF86-42C5-8046-3B67A311ACD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEA99A2E-BA52-4D71-A4D3-F843C0C8996D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DD6E474F-7C87-4B21-A814-E61606CF8333}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DE73A56E-E61B-4D39-BE11-6D8B7480B9D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E669AD83-6529-4BEF-BBF6-3BDF4AC6F875}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC156D75-3C76-4213-9E90-7E9BE0C81590}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F8746051-76CB-4B6B-B4BB-DACAF33F0A73}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1520DE6B-360A-460B-8094-F4C4B0594153}" = protocol=6 | dir=out | app=system | 
"{1FAC6FD4-CDBB-4AE9-BE3D-4D38906773AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20E2304A-B4FC-49DE-ACD1-C8C75EB9BC2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{27157EF5-6E94-438F-9390-983AE6B561AE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{369F476A-1A9E-4EA4-8D1E-0BC303CA5D68}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4729FDE5-F5F5-401C-882E-41DEFFC7FAB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C03D387-820D-4963-B219-8D7154080C3B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5FF2A4C3-4283-4D42-8B0B-CD2DC4754422}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7349A4EF-ED83-4E3C-8801-375CDE0F45BC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{7C16BB99-41F7-441B-B0C2-F1CD3A0917CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E81CB71-CBE5-4975-BF46-48469FDE2CE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8428EA95-6112-4685-8027-8C4512CB042D}" = protocol=17 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8ADA4724-1AD9-4294-B078-F9B671FCC6B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8BED7999-BA9F-4654-923E-3989EB4ADAF6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{93C84A97-E333-4342-A8F1-3F9E946186C0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9A500F27-BC27-48D3-911C-8E74B01447C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B0669848-42E3-4131-9327-0A1309997CF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2338C2A-11FC-4F52-ADB2-C783F8C5BD2A}" = protocol=6 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BB8F94A9-2D5F-40FF-90F9-20D209B119A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD9FA313-7033-47CA-A2E4-5F732D2D48EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1F10E06-E40A-4760-91B2-EE3C51A877FF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D4727B8A-8B14-4F1B-BB29-BB7C92E8A863}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E229D70A-3A43-4A5E-A5D4-7AF9D56743AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F518E643-F4A5-4BB9-986D-A9DB4EC15FF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F807BEFA-DC43-43EA-B9FC-A2DF536B67E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{B6E9B485-B6A0-4360-A4D6-D5377BF3DBC2}C:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3FD2A96C-5407-4CC2-AF13-68EE4BDDC456}C:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2A21DA0C-F50D-DF54-70AD-C0826158FBF2}" = ccc-utility64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6502B973-9DB9-683F-2BE3-4B83F54F78FF}" = WMV9/VC-1 Video Playback
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C3E6E2B5-DEB5-235A-4999-4D424C11788B}" = ATI Catalyst Install Manager
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"GIMP-2_is1" = GIMP 2.8.0
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0389A677-241F-6EEC-54B0-2D07F620776E}" = Catalyst Control Center Localization All
"{03D98FB6-0E27-5614-864A-961248BD89E8}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19555808-AF6B-9E99-366C-A2D8C6FB3D07}" = CCC Help English
"{19643FA2-3DDD-1C05-A474-E4FB28638F65}" = Catalyst Control Center InstallProxy
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{271B24E3-1505-B13A-BF3E-282CF0C54B68}" = PX Profile Update
"{29172463-C766-9812-F399-82380F03761A}" = CCC Help Korean
"{2E6D4F14-C94C-758B-46E4-9AD21852108F}" = CCC Help Portuguese
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DBFE2A1-945C-9F14-17F6-1F74CB4F82A5}" = CCC Help Japanese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4504861F-2770-D8F2-F0B1-B723FADF315F}" = CCC Help Polish
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{50210E48-FB67-0045-3853-C3FBEB470127}" = CCC Help French
"{5035C1F3-6147-3C83-3C39-37B6DBDAC163}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F1DD61A-0C22-E924-3A81-DFFCC14A5A97}" = CCC Help Russian
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A2BF2A-E7E5-BA48-7525-02BD5B7425C7}" = CCC Help Chinese Standard
"{744C5097-94C7-DE34-5B1F-43EDFDBD5E35}" = CCC Help Dutch
"{795062B9-1B7A-7ACA-1C7D-7B3D61F4116A}" = ccc-core-static
"{7D5B0DA2-9AAE-3ADF-B692-685EA3DC64C6}" = CCC Help Italian
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC173F3-DBEC-ED42-68EF-49BCB95FC49F}" = CCC Help Swedish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96A84750-A54D-C7C3-44AA-5C28C36C5640}" = CCC Help German
"{96B17AEC-9C54-0969-5613-4C9B33BFEAFF}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1751DF-188D-591B-3887-1825F597007A}" = CCC Help Spanish
"{A44B2324-CB46-A9F9-7FDC-7FD087AEC7FC}" = Catalyst Control Center Profiles Mobile
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD40A06A-77AB-4E2E-B2AA-FDE106A9977A}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B34E1065-711C-7B9E-C77D-9E071DAAFC31}" = CCC Help Finnish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA0F92C2-2012-0AF0-A2CE-62E220A0AF06}" = CCC Help Hungarian
"{BCFC4789-7C5E-B050-CBB1-8C6CA46990A8}" = CCC Help Greek
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCB6DF61-A144-02B4-EDC7-D7478AF7B27D}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7FC3EAE-C6D8-92D1-B065-29DECFD5A8E7}" = Catalyst Control Center Graphics Previews Common
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8B2AA7F-956F-D943-F1C0-42843041B108}" = CCC Help Czech
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC2C6FBD-01DC-36D8-5F4B-7033B00C9963}" = CCC Help Turkish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Samsung ML-1630 Series" = Samsung ML-1630 Series
"Scribus 1.4.1" = Scribus 1.4.1
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.07.2012 16:46:37 | Computer Name = Anja-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
 werden.  
 
Error - 02.07.2012 20:36:22 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 04.07.2012 02:14:29 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.07.2012 21:50:23 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 09.07.2012 16:16:11 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.07.2012 12:59:10 | Computer Name = Anja-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 11.07.2012 17:43:55 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 11.07.2012 17:43:55 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 11.07.2012 17:43:55 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 11.07.2012 17:43:55 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
[ System Events ]
Error - 20.07.2012 12:44:38 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 20.07.2012 12:44:39 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 22.07.2012 11:42:40 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 22.07.2012 11:42:40 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 22.07.2012 11:42:41 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 22.07.2012 11:42:42 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 22.07.2012 11:55:07 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 22.07.2012 12:54:15 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 22.07.2012 15:35:22 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.07.2012 09:10:44 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >

--- --- ---

:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.07.2012 18:28:09 - Run 9
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Anja\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,34% Memory free
15,89 Gb Paging File | 13,38 Gb Available in Paging File | 84,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 558,18 Gb Free Space | 85,26% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,54 Gb Free Space | 91,54% Space Free | Partition Type: NTFS
Drive E: | 63,67 Gb Total Space | 32,41 Gb Free Space | 50,91% Space Free | Partition Type: NTFS
Drive G: | 3,91 Gb Total Space | 0,00 Gb Free Space | 0,05% Space Free | Partition Type: FAT32
 
Computer Name: ANJA-PC | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.22 19:12:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
PRC - [2012.07.18 09:21:01 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.17 18:50:23 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Anja\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.06 18:33:27 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.02.18 10:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.01.29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2009.09.25 06:00:12 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 09:21:01 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.07.17 18:50:23 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.06.29 15:06:52 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.06.29 15:06:52 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9c5c9e0b5972a39696939f7009df4a08\IAStorCommon.ni.dll
MOD - [2012.06.29 15:06:51 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.06.29 15:06:50 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4621632eccd0b813535a27e737a8a03\IAStorUtil.ni.dll
MOD - [2012.06.29 15:06:48 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.29 15:06:43 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.29 15:06:33 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.06.29 15:06:30 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.06.29 15:06:29 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.06.29 15:06:23 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.03.06 18:33:27 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012.03.06 09:38:31 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
MOD - [2009.09.25 06:00:12 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.03.25 04:53:28 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.18 09:21:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.17 18:50:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.06 18:45:22 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.03.06 18:45:20 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.03.06 18:42:39 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012.03.06 18:42:39 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.29 05:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.29 05:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.04.08 03:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.26 00:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.25 07:34:40 | 008,284,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.25 04:17:36 | 000,296,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.02.14 06:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.01.29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.24 13:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.21 08:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.30 10:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.03.15 11:41:14 | 001,800,576 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.03.06 02:10:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 11:54:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 11:54:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.23 20:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Extensions
[2012.07.24 15:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\y7rof3u4.default\extensions
[2012.06.24 01:57:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\y7rof3u4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.04 08:40:43 | 000,002,101 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\y7rof3u4.default\searchplugins\googlede.xml
[2012.06.23 21:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.19 11:52:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.18 09:21:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Avira Toolbar = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\
CHR - Extension: Skype Click to Call = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Anja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F088891-61C1-4C1F-B317-41CDB74C211A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.25 09:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.25 09:25:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.24 15:27:00 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.07.24 15:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.07.24 02:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.24 02:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.24 02:01:12 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\Anja\Documents\ccsetup320.exe
[2012.07.22 19:12:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
[2012.07.22 18:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 18:09:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.07.22 18:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.19 02:49:23 | 000,000,000 | R--D | C] -- C:\Users\Anja\Dropbox
[2012.07.19 02:48:18 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.07.19 02:47:55 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Dropbox
[2012.07.19 02:27:40 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Malwarebytes
[2012.07.19 02:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.19 01:16:49 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Simply Super Software
[2012.07.19 01:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.07.19 01:16:45 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Simply Super Software
[2012.07.19 01:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.07.18 15:37:12 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Downloaded Installations
[2012.07.18 15:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.07.18 15:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.18 15:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.07.18 14:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.07.11 23:44:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.07.11 23:44:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.07.11 23:44:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.07.11 23:44:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.07.11 23:44:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.07.11 23:44:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.07.11 23:44:55 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.07.11 23:44:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.07.11 23:44:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.07.11 23:44:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.07.11 23:44:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.07.11 23:44:54 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.07.11 23:44:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.07.11 23:25:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012.07.11 23:25:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012.07.11 23:25:00 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012.07.11 23:24:59 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012.07.11 23:24:59 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012.07.07 19:42:26 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe
[2012.07.06 16:13:51 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Russisch B1.1
[2012.06.30 05:37:40 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Soundlabs
[2012.06.30 02:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.06.30 02:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.06.29 16:59:16 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Avira
[2012.06.29 16:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.29 16:53:39 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\APN
[2012.06.29 16:53:31 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012.06.29 16:53:31 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012.06.29 16:53:31 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012.06.29 16:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.29 16:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.27 19:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.06.27 19:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.06.27 19:21:48 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\OpenOffice.org 3.4 (de) Installation Files
[2012.06.27 14:01:42 | 000,000,000 | ---D | C] -- C:\windows\de
[2012.06.27 13:14:38 | 000,000,000 | ---D | C] -- C:\Users\Anja\.thumbnails
[2012.06.27 13:05:26 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{26575724-16A5-4626-9279-AC10E5FF262B}
[2012.06.27 13:05:15 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{EA2BE906-17A7-469E-99AF-7680166AED53}
[2012.06.27 13:05:04 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{85198240-934E-4BBA-A8BF-9AF18A8ED60F}
[2012.06.27 13:04:54 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{CAA22CD0-7A39-4609-A050-71B0F7EFC904}
[2012.06.27 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{172D028B-6BE3-4E94-BAC2-7BAE5F0FDF41}
[2012.06.27 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{8E2921EE-B937-43CE-89AB-1083AF78A305}
[2012.06.27 13:04:02 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{9070F943-6114-4E2C-8A3D-BF91EB0208F5}
[2012.06.27 13:03:51 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{07999DE0-6363-4F57-869B-EA023287FE1E}
[2012.06.27 12:11:00 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{3374EBD5-CA0A-4418-BB67-096747F9AF69}
[2012.06.27 09:06:06 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Unikram
[2012.06.27 09:04:55 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\*** und Mittelstand
[2012.06.27 08:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.06.26 16:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2012.06.26 16:06:12 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Conexant
[2012.06.26 14:55:36 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Anja2
[2012.06.26 14:42:07 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\download
[2012.06.26 14:34:06 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\eicfg_removal_utility
[2012.06.26 14:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.25 18:27:13 | 000,002,239 | ---- | M] () -- C:\Users\Anja\Desktop\OneKey Recovery.lnk
[2012.07.25 17:54:25 | 001,500,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.07.25 17:54:25 | 000,654,610 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.07.25 17:54:25 | 000,616,452 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.07.25 17:54:25 | 000,130,192 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.07.25 17:54:25 | 000,106,574 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.07.25 17:51:32 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.07.25 17:51:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.25 15:01:59 | 000,040,689 | ---- | M] () -- C:\Users\Anja\AppData\Local\recently-used.xbel
[2012.07.25 09:35:24 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 09:35:24 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 09:29:12 | 000,415,851 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.07.25 09:27:48 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.24 17:50:07 | 000,001,138 | ---- | M] () -- C:\Users\Anja\Desktop\Dokumente - Verknüpfung.lnk
[2012.07.24 17:47:57 | 000,002,985 | ---- | M] () -- C:\Users\Anja\Desktop\HA Kartozia - Verknüpfung.lnk
[2012.07.24 17:47:39 | 000,003,012 | ---- | M] () -- C:\Users\Anja\Desktop\Masterarbeit - Verknüpfung.lnk
[2012.07.24 15:40:04 | 000,057,360 | ---- | M] () -- C:\Users\Anja\Documents\cc_20120724_153954.reg
[2012.07.24 15:27:00 | 000,002,971 | ---- | M] () -- C:\Users\Anja\Desktop\HiJackThis.lnk
[2012.07.24 15:26:24 | 001,402,880 | ---- | M] () -- C:\Users\Anja\Documents\HiJackThis.msi
[2012.07.24 02:03:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.24 02:01:16 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\Anja\Documents\ccsetup320.exe
[2012.07.22 19:12:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
[2012.07.22 18:09:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 19:41:24 | 000,000,000 | ---- | M] () -- C:\Users\Anja\defogger_reenable
[2012.07.20 18:40:30 | 000,329,520 | ---- | M] () -- C:\Users\Anja\Documents\v7464_pdf.pdf
[2012.07.19 18:50:13 | 000,001,118 | ---- | M] () -- C:\Users\Anja\Desktop\Cyberlink Power2Go.lnk
[2012.07.19 17:52:02 | 3192,264,704 | ---- | M] () -- C:\Users\Anja\Documents\X15-65741.iso
[2012.07.19 02:49:23 | 000,001,037 | ---- | M] () -- C:\Users\Anja\Desktop\Dropbox.lnk
[2012.07.19 02:48:26 | 000,001,047 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.18 15:13:11 | 000,001,258 | ---- | M] () -- C:\Users\Anja\Desktop\Spybot - Search & Destroy.lnk
[2012.07.17 18:50:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.07.17 18:50:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.17 18:39:04 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.17 18:25:15 | 000,283,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.06.30 18:08:25 | 000,105,383 | ---- | M] () -- C:\Users\Anja\Documents\aufhebung.pdf
[2012.06.30 05:40:02 | 1972,494,926 | ---- | M] () -- C:\Users\Anja\Documents\Anja.zip
[2012.06.30 05:39:09 | 052,465,817 | ---- | M] () -- C:\Users\Anja\Documents\download.zip
[2012.06.29 20:07:18 | 000,005,213 | ---- | M] () -- C:\Users\Anja\Documents\utze.odt
[2012.06.29 20:07:18 | 000,000,162 | -H-- | M] () -- C:\Users\Anja\Documents\~$utze.odt
[2012.06.29 16:54:00 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.27 19:23:18 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.06.27 09:06:33 | 000,001,759 | ---- | M] () -- C:\Users\Anja\Desktop\Unikram - Verknüpfung.lnk
[2012.06.27 09:05:39 | 000,001,973 | ---- | M] () -- C:\Users\Anja\Desktop\*** und Mittelstand - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.25 15:01:59 | 000,040,689 | ---- | C] () -- C:\Users\Anja\AppData\Local\recently-used.xbel
[2012.07.24 17:50:07 | 000,001,138 | ---- | C] () -- C:\Users\Anja\Desktop\Dokumente - Verknüpfung.lnk
[2012.07.24 17:47:57 | 000,002,985 | ---- | C] () -- C:\Users\Anja\Desktop\HA Kartozia - Verknüpfung.lnk
[2012.07.24 17:47:39 | 000,003,012 | ---- | C] () -- C:\Users\Anja\Desktop\Masterarbeit - Verknüpfung.lnk
[2012.07.24 15:39:57 | 000,057,360 | ---- | C] () -- C:\Users\Anja\Documents\cc_20120724_153954.reg
[2012.07.24 15:27:00 | 000,002,971 | ---- | C] () -- C:\Users\Anja\Desktop\HiJackThis.lnk
[2012.07.24 15:26:23 | 001,402,880 | ---- | C] () -- C:\Users\Anja\Documents\HiJackThis.msi
[2012.07.24 02:03:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.22 18:09:42 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 19:41:24 | 000,000,000 | ---- | C] () -- C:\Users\Anja\defogger_reenable
[2012.07.20 18:56:07 | 000,329,520 | ---- | C] () -- C:\Users\Anja\Documents\v7464_pdf.pdf
[2012.07.19 02:49:23 | 000,001,037 | ---- | C] () -- C:\Users\Anja\Desktop\Dropbox.lnk
[2012.07.19 02:48:26 | 000,001,047 | ---- | C] () -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.19 02:16:12 | 3192,264,704 | ---- | C] () -- C:\Users\Anja\Documents\X15-65741.iso
[2012.07.18 15:13:11 | 000,001,258 | ---- | C] () -- C:\Users\Anja\Desktop\Spybot - Search & Destroy.lnk
[2012.06.30 18:08:24 | 000,105,383 | ---- | C] () -- C:\Users\Anja\Documents\aufhebung.pdf
[2012.06.30 05:39:01 | 052,465,817 | ---- | C] () -- C:\Users\Anja\Documents\download.zip
[2012.06.30 05:38:37 | 1972,494,926 | ---- | C] () -- C:\Users\Anja\Documents\Anja.zip
[2012.06.29 20:07:18 | 000,000,162 | -H-- | C] () -- C:\Users\Anja\Documents\~$utze.odt
[2012.06.29 20:07:16 | 000,005,213 | ---- | C] () -- C:\Users\Anja\Documents\utze.odt
[2012.06.29 16:54:00 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.27 19:23:18 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.06.27 09:06:33 | 000,001,759 | ---- | C] () -- C:\Users\Anja\Desktop\Unikram - Verknüpfung.lnk
[2012.06.27 09:05:39 | 000,001,973 | ---- | C] () -- C:\Users\Anja\Desktop\*** und Mittelstand - Verknüpfung.lnk
[2012.06.25 08:22:27 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2012.06.23 20:26:01 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.03.06 18:51:22 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012.03.06 18:51:22 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012.03.06 18:33:31 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012.03.06 18:33:31 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012.03.06 18:33:31 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012.03.06 18:33:31 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.03.06 18:33:25 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012.03.06 18:23:47 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2012.03.06 18:20:42 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2012.03.06 18:11:25 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.03.06 18:08:49 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2012.03.06 18:06:01 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.03.06 18:02:38 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.03.06 18:02:37 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.03.06 18:02:35 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
========== LOP Check ==========
 
[2012.07.25 18:21:43 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Dropbox
[2012.06.23 21:12:19 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Scribus
[2012.07.19 01:16:45 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Simply Super Software
[2012.07.25 02:54:49 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\SoftGrid Client
[2012.06.23 20:27:11 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\TP
[2009.07.14 07:08:49 | 000,014,486 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Zu meinem Laptop: Der funzt eigentlich einwandfrei, aber eben nur, soweit ich das beurteilen kann. Aber ich denke, dank Deiner Hilfe, ist nun auch wieder alles gut (hoffe ich jedenfalls).

Dir sei auf jeden Fall jetzt nochmal und ganz herzlich für Deine Hilfe gedankt! Ohne Deinen Support wäre das jetzt ganz schön mies geworden.

Also Danke

beastmaster · 25.07.2012, 17:42

Hallo Kira,

okay, alles ausgeführt. Ich hoffe, ich hab das alles richtig gemacht.

Anbei die Logfiles:

:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCB0577D-57B9-4029-B04D-276402EFB52B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCB0577D-57B9-4029-B04D-276402EFB52B}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\y7rof3u4.default\searchplugins\askcom.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
C:\ProgramData\Partner\Partner64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Anja\Desktop\cmd.bat deleted successfully.
C:\Users\Anja\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Anja
->Temp folder emptied: 1872400 bytes
->Temporary Internet Files folder emptied: 3896669 bytes
->FireFox cache emptied: 486527797 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3901 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25671172 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 49013 bytes
 
Total Files Cleaned = 494,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07252012_092537

Files\Folders moved on Reboot...
C:\Users\Anja\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Anja\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.07.2012 18:28:09 - Run 9
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Anja\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,34% Memory free
15,89 Gb Paging File | 13,38 Gb Available in Paging File | 84,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 558,18 Gb Free Space | 85,26% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,54 Gb Free Space | 91,54% Space Free | Partition Type: NTFS
Drive E: | 63,67 Gb Total Space | 32,41 Gb Free Space | 50,91% Space Free | Partition Type: NTFS
Drive G: | 3,91 Gb Total Space | 0,00 Gb Free Space | 0,05% Space Free | Partition Type: FAT32
 
Computer Name: ANJA-PC | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0591C32F-FE4D-4D52-928B-5D33AEF548D6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0BFA45AC-D94F-4723-BCAB-80C1DE3DCF75}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0ED2AB4F-9A07-4016-9442-C0EEF5F58B4A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{19F1BC3B-B897-4A8F-B8D3-64B78AD0DD3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E041922-EDEC-4D25-96FB-798768C78794}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31154085-BD77-4E0F-B806-695284914F20}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3B5F0A71-63B4-4E6D-8644-66AAA1C398FB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3CC2D1C1-7F3F-4EB3-B5C0-9E8552E6C077}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40396513-91F7-491D-9211-EC868D7470F3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D5B4452-B42B-4F64-A828-816E2B342C2E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5A8689AF-490A-4A87-98E9-36968E074363}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{60EF460D-4A05-4EC6-962A-C2814ED7EBD4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6A09EB51-3FB8-4F77-9FBC-532CCE802990}" = rport=445 | protocol=6 | dir=out | app=system | 
"{82C9F906-1B9A-41CE-81C1-F4AFAEB7AFEE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{962D02C4-F2A5-47DE-8A2C-B9AEB04B6038}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9D9D57AD-6ED2-4AE5-B6AE-3C4996FD395F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C293A6B0-CF86-42C5-8046-3B67A311ACD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEA99A2E-BA52-4D71-A4D3-F843C0C8996D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DD6E474F-7C87-4B21-A814-E61606CF8333}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DE73A56E-E61B-4D39-BE11-6D8B7480B9D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E669AD83-6529-4BEF-BBF6-3BDF4AC6F875}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC156D75-3C76-4213-9E90-7E9BE0C81590}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F8746051-76CB-4B6B-B4BB-DACAF33F0A73}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1520DE6B-360A-460B-8094-F4C4B0594153}" = protocol=6 | dir=out | app=system | 
"{1FAC6FD4-CDBB-4AE9-BE3D-4D38906773AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20E2304A-B4FC-49DE-ACD1-C8C75EB9BC2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{27157EF5-6E94-438F-9390-983AE6B561AE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{369F476A-1A9E-4EA4-8D1E-0BC303CA5D68}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4729FDE5-F5F5-401C-882E-41DEFFC7FAB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C03D387-820D-4963-B219-8D7154080C3B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5FF2A4C3-4283-4D42-8B0B-CD2DC4754422}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7349A4EF-ED83-4E3C-8801-375CDE0F45BC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{7C16BB99-41F7-441B-B0C2-F1CD3A0917CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E81CB71-CBE5-4975-BF46-48469FDE2CE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8428EA95-6112-4685-8027-8C4512CB042D}" = protocol=17 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8ADA4724-1AD9-4294-B078-F9B671FCC6B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8BED7999-BA9F-4654-923E-3989EB4ADAF6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{93C84A97-E333-4342-A8F1-3F9E946186C0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9A500F27-BC27-48D3-911C-8E74B01447C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B0669848-42E3-4131-9327-0A1309997CF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2338C2A-11FC-4F52-ADB2-C783F8C5BD2A}" = protocol=6 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BB8F94A9-2D5F-40FF-90F9-20D209B119A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD9FA313-7033-47CA-A2E4-5F732D2D48EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1F10E06-E40A-4760-91B2-EE3C51A877FF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D4727B8A-8B14-4F1B-BB29-BB7C92E8A863}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E229D70A-3A43-4A5E-A5D4-7AF9D56743AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F518E643-F4A5-4BB9-986D-A9DB4EC15FF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F807BEFA-DC43-43EA-B9FC-A2DF536B67E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{B6E9B485-B6A0-4360-A4D6-D5377BF3DBC2}C:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3FD2A96C-5407-4CC2-AF13-68EE4BDDC456}C:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\anja\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2A21DA0C-F50D-DF54-70AD-C0826158FBF2}" = ccc-utility64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6502B973-9DB9-683F-2BE3-4B83F54F78FF}" = WMV9/VC-1 Video Playback
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C3E6E2B5-DEB5-235A-4999-4D424C11788B}" = ATI Catalyst Install Manager
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"GIMP-2_is1" = GIMP 2.8.0
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0389A677-241F-6EEC-54B0-2D07F620776E}" = Catalyst Control Center Localization All
"{03D98FB6-0E27-5614-864A-961248BD89E8}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19555808-AF6B-9E99-366C-A2D8C6FB3D07}" = CCC Help English
"{19643FA2-3DDD-1C05-A474-E4FB28638F65}" = Catalyst Control Center InstallProxy
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{271B24E3-1505-B13A-BF3E-282CF0C54B68}" = PX Profile Update
"{29172463-C766-9812-F399-82380F03761A}" = CCC Help Korean
"{2E6D4F14-C94C-758B-46E4-9AD21852108F}" = CCC Help Portuguese
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DBFE2A1-945C-9F14-17F6-1F74CB4F82A5}" = CCC Help Japanese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4504861F-2770-D8F2-F0B1-B723FADF315F}" = CCC Help Polish
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{50210E48-FB67-0045-3853-C3FBEB470127}" = CCC Help French
"{5035C1F3-6147-3C83-3C39-37B6DBDAC163}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F1DD61A-0C22-E924-3A81-DFFCC14A5A97}" = CCC Help Russian
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A2BF2A-E7E5-BA48-7525-02BD5B7425C7}" = CCC Help Chinese Standard
"{744C5097-94C7-DE34-5B1F-43EDFDBD5E35}" = CCC Help Dutch
"{795062B9-1B7A-7ACA-1C7D-7B3D61F4116A}" = ccc-core-static
"{7D5B0DA2-9AAE-3ADF-B692-685EA3DC64C6}" = CCC Help Italian
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC173F3-DBEC-ED42-68EF-49BCB95FC49F}" = CCC Help Swedish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96A84750-A54D-C7C3-44AA-5C28C36C5640}" = CCC Help German
"{96B17AEC-9C54-0969-5613-4C9B33BFEAFF}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1751DF-188D-591B-3887-1825F597007A}" = CCC Help Spanish
"{A44B2324-CB46-A9F9-7FDC-7FD087AEC7FC}" = Catalyst Control Center Profiles Mobile
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD40A06A-77AB-4E2E-B2AA-FDE106A9977A}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B34E1065-711C-7B9E-C77D-9E071DAAFC31}" = CCC Help Finnish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA0F92C2-2012-0AF0-A2CE-62E220A0AF06}" = CCC Help Hungarian
"{BCFC4789-7C5E-B050-CBB1-8C6CA46990A8}" = CCC Help Greek
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCB6DF61-A144-02B4-EDC7-D7478AF7B27D}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7FC3EAE-C6D8-92D1-B065-29DECFD5A8E7}" = Catalyst Control Center Graphics Previews Common
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8B2AA7F-956F-D943-F1C0-42843041B108}" = CCC Help Czech
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC2C6FBD-01DC-36D8-5F4B-7033B00C9963}" = CCC Help Turkish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Samsung ML-1630 Series" = Samsung ML-1630 Series
"Scribus 1.4.1" = Scribus 1.4.1
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.07.2012 16:46:37 | Computer Name = Anja-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
 werden.  
 
Error - 02.07.2012 20:36:22 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 04.07.2012 02:14:29 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.07.2012 21:50:23 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 09.07.2012 16:16:11 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.07.2012 12:59:10 | Computer Name = Anja-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 11.07.2012 17:43:55 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 11.07.2012 17:43:55 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 11.07.2012 17:43:55 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 11.07.2012 17:43:55 | Computer Name = Anja-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
[ System Events ]
Error - 20.07.2012 12:44:38 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 20.07.2012 12:44:39 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 22.07.2012 11:42:40 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 22.07.2012 11:42:40 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 22.07.2012 11:42:41 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 22.07.2012 11:42:42 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 22.07.2012 11:55:07 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 22.07.2012 12:54:15 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 22.07.2012 15:35:22 | Computer Name = Anja-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.07.2012 09:10:44 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >

--- --- ---

:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.07.2012 18:28:09 - Run 9
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Anja\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,34% Memory free
15,89 Gb Paging File | 13,38 Gb Available in Paging File | 84,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 558,18 Gb Free Space | 85,26% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,54 Gb Free Space | 91,54% Space Free | Partition Type: NTFS
Drive E: | 63,67 Gb Total Space | 32,41 Gb Free Space | 50,91% Space Free | Partition Type: NTFS
Drive G: | 3,91 Gb Total Space | 0,00 Gb Free Space | 0,05% Space Free | Partition Type: FAT32
 
Computer Name: ANJA-PC | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.22 19:12:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
PRC - [2012.07.18 09:21:01 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.17 18:50:23 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Anja\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.06 18:33:27 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.02.18 10:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.01.29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2009.09.25 06:00:12 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 09:21:01 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.07.17 18:50:23 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.06.29 15:06:52 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.06.29 15:06:52 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9c5c9e0b5972a39696939f7009df4a08\IAStorCommon.ni.dll
MOD - [2012.06.29 15:06:51 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.06.29 15:06:50 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4621632eccd0b813535a27e737a8a03\IAStorUtil.ni.dll
MOD - [2012.06.29 15:06:48 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.29 15:06:43 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.29 15:06:33 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.06.29 15:06:30 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.06.29 15:06:29 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.06.29 15:06:23 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.03.06 18:33:27 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012.03.06 09:38:31 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
MOD - [2009.09.25 06:00:12 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.03.25 04:53:28 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.18 09:21:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.17 18:50:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.06 18:45:22 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.03.06 18:45:20 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.03.06 18:42:39 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012.03.06 18:42:39 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.29 05:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.29 05:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.04.08 03:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.26 00:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.25 07:34:40 | 008,284,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.25 04:17:36 | 000,296,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.02.14 06:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.01.29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.24 13:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.21 08:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.30 10:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.03.15 11:41:14 | 001,800,576 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.03.06 02:10:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 11:54:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 11:54:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.23 20:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Extensions
[2012.07.24 15:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\y7rof3u4.default\extensions
[2012.06.24 01:57:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\y7rof3u4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.04 08:40:43 | 000,002,101 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\y7rof3u4.default\searchplugins\googlede.xml
[2012.06.23 21:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.19 11:52:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.18 09:21:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Avira Toolbar = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\
CHR - Extension: Skype Click to Call = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Anja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F088891-61C1-4C1F-B317-41CDB74C211A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.25 09:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.25 09:25:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.24 15:27:00 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.07.24 15:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.07.24 02:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.24 02:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.24 02:01:12 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\Anja\Documents\ccsetup320.exe
[2012.07.22 19:12:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
[2012.07.22 18:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 18:09:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.07.22 18:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.19 02:49:23 | 000,000,000 | R--D | C] -- C:\Users\Anja\Dropbox
[2012.07.19 02:48:18 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.07.19 02:47:55 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Dropbox
[2012.07.19 02:27:40 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Malwarebytes
[2012.07.19 02:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.19 01:16:49 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Simply Super Software
[2012.07.19 01:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.07.19 01:16:45 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Simply Super Software
[2012.07.19 01:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.07.18 15:37:12 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Downloaded Installations
[2012.07.18 15:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.07.18 15:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.18 15:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.07.18 14:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.07.11 23:44:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.07.11 23:44:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.07.11 23:44:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.07.11 23:44:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.07.11 23:44:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.07.11 23:44:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.07.11 23:44:55 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.07.11 23:44:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.07.11 23:44:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.07.11 23:44:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.07.11 23:44:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.07.11 23:44:54 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.07.11 23:44:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.07.11 23:25:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012.07.11 23:25:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012.07.11 23:25:00 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012.07.11 23:24:59 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012.07.11 23:24:59 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012.07.07 19:42:26 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe
[2012.07.06 16:13:51 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Russisch B1.1
[2012.06.30 05:37:40 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Soundlabs
[2012.06.30 02:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.06.30 02:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.06.29 16:59:16 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Avira
[2012.06.29 16:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.29 16:53:39 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\APN
[2012.06.29 16:53:31 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012.06.29 16:53:31 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012.06.29 16:53:31 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012.06.29 16:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.29 16:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.27 19:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.06.27 19:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.06.27 19:21:48 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\OpenOffice.org 3.4 (de) Installation Files
[2012.06.27 14:01:42 | 000,000,000 | ---D | C] -- C:\windows\de
[2012.06.27 13:14:38 | 000,000,000 | ---D | C] -- C:\Users\Anja\.thumbnails
[2012.06.27 13:05:26 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{26575724-16A5-4626-9279-AC10E5FF262B}
[2012.06.27 13:05:15 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{EA2BE906-17A7-469E-99AF-7680166AED53}
[2012.06.27 13:05:04 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{85198240-934E-4BBA-A8BF-9AF18A8ED60F}
[2012.06.27 13:04:54 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{CAA22CD0-7A39-4609-A050-71B0F7EFC904}
[2012.06.27 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{172D028B-6BE3-4E94-BAC2-7BAE5F0FDF41}
[2012.06.27 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{8E2921EE-B937-43CE-89AB-1083AF78A305}
[2012.06.27 13:04:02 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{9070F943-6114-4E2C-8A3D-BF91EB0208F5}
[2012.06.27 13:03:51 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{07999DE0-6363-4F57-869B-EA023287FE1E}
[2012.06.27 12:11:00 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{3374EBD5-CA0A-4418-BB67-096747F9AF69}
[2012.06.27 09:06:06 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Unikram
[2012.06.27 09:04:55 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\*** und Mittelstand
[2012.06.27 08:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.06.26 16:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2012.06.26 16:06:12 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Conexant
[2012.06.26 14:55:36 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Anja2
[2012.06.26 14:42:07 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\download
[2012.06.26 14:34:06 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\eicfg_removal_utility
[2012.06.26 14:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.25 18:27:13 | 000,002,239 | ---- | M] () -- C:\Users\Anja\Desktop\OneKey Recovery.lnk
[2012.07.25 17:54:25 | 001,500,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.07.25 17:54:25 | 000,654,610 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.07.25 17:54:25 | 000,616,452 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.07.25 17:54:25 | 000,130,192 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.07.25 17:54:25 | 000,106,574 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.07.25 17:51:32 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.07.25 17:51:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.25 15:01:59 | 000,040,689 | ---- | M] () -- C:\Users\Anja\AppData\Local\recently-used.xbel
[2012.07.25 09:35:24 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 09:35:24 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 09:29:12 | 000,415,851 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.07.25 09:27:48 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.24 17:50:07 | 000,001,138 | ---- | M] () -- C:\Users\Anja\Desktop\Dokumente - Verknüpfung.lnk
[2012.07.24 17:47:57 | 000,002,985 | ---- | M] () -- C:\Users\Anja\Desktop\HA Kartozia - Verknüpfung.lnk
[2012.07.24 17:47:39 | 000,003,012 | ---- | M] () -- C:\Users\Anja\Desktop\Masterarbeit - Verknüpfung.lnk
[2012.07.24 15:40:04 | 000,057,360 | ---- | M] () -- C:\Users\Anja\Documents\cc_20120724_153954.reg
[2012.07.24 15:27:00 | 000,002,971 | ---- | M] () -- C:\Users\Anja\Desktop\HiJackThis.lnk
[2012.07.24 15:26:24 | 001,402,880 | ---- | M] () -- C:\Users\Anja\Documents\HiJackThis.msi
[2012.07.24 02:03:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.24 02:01:16 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\Anja\Documents\ccsetup320.exe
[2012.07.22 19:12:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
[2012.07.22 18:09:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 19:41:24 | 000,000,000 | ---- | M] () -- C:\Users\Anja\defogger_reenable
[2012.07.20 18:40:30 | 000,329,520 | ---- | M] () -- C:\Users\Anja\Documents\v7464_pdf.pdf
[2012.07.19 18:50:13 | 000,001,118 | ---- | M] () -- C:\Users\Anja\Desktop\Cyberlink Power2Go.lnk
[2012.07.19 17:52:02 | 3192,264,704 | ---- | M] () -- C:\Users\Anja\Documents\X15-65741.iso
[2012.07.19 02:49:23 | 000,001,037 | ---- | M] () -- C:\Users\Anja\Desktop\Dropbox.lnk
[2012.07.19 02:48:26 | 000,001,047 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.18 15:13:11 | 000,001,258 | ---- | M] () -- C:\Users\Anja\Desktop\Spybot - Search & Destroy.lnk
[2012.07.17 18:50:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.07.17 18:50:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.17 18:39:04 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.17 18:25:15 | 000,283,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.06.30 18:08:25 | 000,105,383 | ---- | M] () -- C:\Users\Anja\Documents\aufhebung.pdf
[2012.06.30 05:40:02 | 1972,494,926 | ---- | M] () -- C:\Users\Anja\Documents\Anja.zip
[2012.06.30 05:39:09 | 052,465,817 | ---- | M] () -- C:\Users\Anja\Documents\download.zip
[2012.06.29 20:07:18 | 000,005,213 | ---- | M] () -- C:\Users\Anja\Documents\utze.odt
[2012.06.29 20:07:18 | 000,000,162 | -H-- | M] () -- C:\Users\Anja\Documents\~$utze.odt
[2012.06.29 16:54:00 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.27 19:23:18 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.06.27 09:06:33 | 000,001,759 | ---- | M] () -- C:\Users\Anja\Desktop\Unikram - Verknüpfung.lnk
[2012.06.27 09:05:39 | 000,001,973 | ---- | M] () -- C:\Users\Anja\Desktop\*** und Mittelstand - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.25 15:01:59 | 000,040,689 | ---- | C] () -- C:\Users\Anja\AppData\Local\recently-used.xbel
[2012.07.24 17:50:07 | 000,001,138 | ---- | C] () -- C:\Users\Anja\Desktop\Dokumente - Verknüpfung.lnk
[2012.07.24 17:47:57 | 000,002,985 | ---- | C] () -- C:\Users\Anja\Desktop\HA Kartozia - Verknüpfung.lnk
[2012.07.24 17:47:39 | 000,003,012 | ---- | C] () -- C:\Users\Anja\Desktop\Masterarbeit - Verknüpfung.lnk
[2012.07.24 15:39:57 | 000,057,360 | ---- | C] () -- C:\Users\Anja\Documents\cc_20120724_153954.reg
[2012.07.24 15:27:00 | 000,002,971 | ---- | C] () -- C:\Users\Anja\Desktop\HiJackThis.lnk
[2012.07.24 15:26:23 | 001,402,880 | ---- | C] () -- C:\Users\Anja\Documents\HiJackThis.msi
[2012.07.24 02:03:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.22 18:09:42 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 19:41:24 | 000,000,000 | ---- | C] () -- C:\Users\Anja\defogger_reenable
[2012.07.20 18:56:07 | 000,329,520 | ---- | C] () -- C:\Users\Anja\Documents\v7464_pdf.pdf
[2012.07.19 02:49:23 | 000,001,037 | ---- | C] () -- C:\Users\Anja\Desktop\Dropbox.lnk
[2012.07.19 02:48:26 | 000,001,047 | ---- | C] () -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.19 02:16:12 | 3192,264,704 | ---- | C] () -- C:\Users\Anja\Documents\X15-65741.iso
[2012.07.18 15:13:11 | 000,001,258 | ---- | C] () -- C:\Users\Anja\Desktop\Spybot - Search & Destroy.lnk
[2012.06.30 18:08:24 | 000,105,383 | ---- | C] () -- C:\Users\Anja\Documents\aufhebung.pdf
[2012.06.30 05:39:01 | 052,465,817 | ---- | C] () -- C:\Users\Anja\Documents\download.zip
[2012.06.30 05:38:37 | 1972,494,926 | ---- | C] () -- C:\Users\Anja\Documents\Anja.zip
[2012.06.29 20:07:18 | 000,000,162 | -H-- | C] () -- C:\Users\Anja\Documents\~$utze.odt
[2012.06.29 20:07:16 | 000,005,213 | ---- | C] () -- C:\Users\Anja\Documents\utze.odt
[2012.06.29 16:54:00 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.27 19:23:18 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.06.27 09:06:33 | 000,001,759 | ---- | C] () -- C:\Users\Anja\Desktop\Unikram - Verknüpfung.lnk
[2012.06.27 09:05:39 | 000,001,973 | ---- | C] () -- C:\Users\Anja\Desktop\*** und Mittelstand - Verknüpfung.lnk
[2012.06.25 08:22:27 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2012.06.23 20:26:01 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.03.06 18:51:22 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012.03.06 18:51:22 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012.03.06 18:33:31 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012.03.06 18:33:31 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012.03.06 18:33:31 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012.03.06 18:33:31 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.03.06 18:33:25 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012.03.06 18:23:47 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2012.03.06 18:20:42 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2012.03.06 18:11:25 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.03.06 18:08:49 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2012.03.06 18:06:01 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.03.06 18:02:38 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.03.06 18:02:37 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.03.06 18:02:35 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
========== LOP Check ==========
 
[2012.07.25 18:21:43 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Dropbox
[2012.06.23 21:12:19 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Scribus
[2012.07.19 01:16:45 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Simply Super Software
[2012.07.25 02:54:49 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\SoftGrid Client
[2012.06.23 20:27:11 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\TP
[2009.07.14 07:08:49 | 000,014,486 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Zu meinem Laptop: Der funzt eigentlich einwandfrei, aber eben nur, soweit ich das beurteilen kann. Aber ich denke, dank Deiner Hilfe, ist nun auch wieder alles gut (hoffe ich jedenfalls).

Dir sei auf jeden Fall jetzt nochmal und ganz herzlich für Deine Hilfe gedankt! Ohne Deinen Support wäre das jetzt ganz schön mies geworden.

Also Danke

kira · 26.07.2012, 11:01

Punkte 3. und 4.?:-> http://www.trojaner-board.de/119979-...tml#post873113

beastmaster · 26.07.2012, 16:18

Hallo Kira,

was genau meinst Du? Ich hatte meine beiden USB-Sticks angeschlossen, autorun blockiert (denke ich zumindest) und danach den Online-Scan (eset) ausgeführt (also programmdateien kurzzeitig installiert und direkt nach dem scan sofort deinstalliert und gelöscht.) Der Scan hat "0 Threats" angezeigt...

kira · 27.07.2012, 08:37

** Lass dein System in der nächste Zeit noch unter Beobachtung!
wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes:
1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

*Systemwiederherstellung deaktivieren: Windows 7 und Vista*
PC runterfahren
wieder einschalten
Systemwiederherstellung aktivieren

also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!

Zitat:

Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
- Unbekannten E-Mail-Anhang NICHT öffnen!
- Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
so wird oft Art von Adware/Spyware mitinstalliert!

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Programme und Treiber:
Nur vom Hersteller!

Onlinebanking:
Gib deine Passwörter niemals preis!
Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.

Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab

Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
- Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
hier nachlesen und hier microsoft.com
Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
-> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira

beastmaster · 13.08.2012, 17:22

hallo kira,

wollte mich nochmal bedanken, war relativ lange nicht im land.

jetzt klappt wieder alles gut und die bank gibt auch ruhe

spende ist unterwegs!!

alles gute!

Hermes_V01

Log-Analyse und Auswertung: Hermes_V01

Hermes_V01

Hermes_V01

Hermes_V01

Hermes_V01

Hermes_V01

Hermes_V01

Hermes_V01

Hermes_V01

Hermes_V01

Hermes_V01

Hermes_V01

Hermes_V01

Hermes_V01

Hermes_V01

Ähnliche Themen: Hermes_V01

26.07.2012, 16:18	#12
beastmaster	Hermes_V01 Hallo Kira, was genau meinst Du? Ich hatte meine beiden USB-Sticks angeschlossen, autorun blockiert (denke ich zumindest) und danach den Online-Scan (eset) ausgeführt (also programmdateien kurzzeitig installiert und direkt nach dem scan sofort deinstalliert und gelöscht.) Der Scan hat "0 Threats" angezeigt...

13.08.2012, 17:22	#14
beastmaster	Hermes_V01 hallo kira, wollte mich nochmal bedanken, war relativ lange nicht im land. jetzt klappt wieder alles gut und die bank gibt auch ruhe spende ist unterwegs!! alles gute!