Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: starterfenster.com nach vlc player download von vlc.de

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.10.2012, 13:37   #1
EmHe
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



Hallo zusammen!
Blöderweise habe ich, wie viele andere hier, den vlc player von vlc.de runtergeladen und jetzt öffnet sich immer www.startfenster.com, wenn ich Mozilla oder GoogleChrome öffne. Ich habe den Player bis jetzt noch nicht deinstaliert. Sollte ich das machen?
Weder mein Avira Free Antivirus noch mein Malwarebytes Anti-Malware hat ein infiziertes Objekt gefunden.

Hier den Malwarebytes Anti-Malware -Log dazu:


Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.03.02

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Leila :: LEILA-PC [Administrator]

03.10.2012 10:20:27
mbam-log-2012-10-03 (10-20-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351428
Laufzeit: 2 Stunde(n), 3 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Ich bin dann erstmal den Schritten gefolgt, die ihr empfehlt, bevor man ein Thema erstellt (defogger, Otl.txt, Extra.txt, Gmer.txt).
Hier der Otl.txt-Log (die Extra.txt und Gmer.txt im Anhang):


Code:
ATTFilter
OTL logfile created on: 02.10.2012 17:48:45 - Run 1
OTL by OldTimer - Version 3.2.70.1     Folder = C:\Users\Leila\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,51% Memory free
3,98 Gb Paging File | 2,40 Gb Available in Paging File | 60,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 111,92 Gb Free Space | 39,49% Space Free | Partition Type: NTFS
 
Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.02 17:46:39 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Downloads\OTL.exe
PRC - [2012.08.08 22:39:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 08:54:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 08:54:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.09 08:54:01 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.09 08:53:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe
PRC - [2011.10.18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\mcafee\systemcore\mfefire.exe
PRC - [2011.10.18 15:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\mcafee\systemcore\mcshield.exe
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.16 19:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Programme\mcafee.com\agent\mcagent.exe
PRC - [2011.07.27 23:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\mcafee\mcsvchost\McSvHost.exe
PRC - [2011.01.06 11:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
PRC - [2010.11.04 00:37:10 | 000,111,216 | ---- | M] (STMicroelectronics) -- C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
PRC - [2010.10.20 20:06:44 | 001,381,728 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
PRC - [2010.10.18 22:52:50 | 001,021,504 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Dell\duo Stage\duoStage.exe
PRC - [2010.09.23 21:33:16 | 000,190,592 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\CxAudMsg32.exe
PRC - [2010.09.21 22:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 22:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe
PRC - [2010.08.12 02:19:16 | 000,781,536 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010.07.30 21:56:32 | 000,289,952 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\AthBtTray.exe
PRC - [2010.07.30 21:56:18 | 000,470,176 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\BtvStack.exe
PRC - [2010.07.30 21:56:12 | 000,038,560 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe
PRC - [2010.07.27 22:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010.06.08 18:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.06.08 18:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.05.25 00:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe
PRC - [2010.05.13 01:38:16 | 002,928,800 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2010.01.20 16:45:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Programme\syncables\syncables desktop\syncables.exe
PRC - [2010.01.20 16:45:00 | 000,220,976 | ---- | M] (syncables, LLC) -- C:\Programme\syncables\syncables desktop\OTiSyncApp.exe
PRC - [2010.01.20 16:45:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 10:40:17 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012.06.14 10:38:01 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.14 10:37:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.05.10 11:37:08 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll
MOD - [2012.05.10 11:32:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 11:30:10 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
MOD - [2012.05.10 11:29:25 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012.05.10 11:29:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.10 11:28:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.10 11:28:51 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.10 11:28:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.04 00:37:10 | 000,146,032 | ---- | M] () -- C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll
MOD - [2010.09.29 17:46:26 | 000,103,488 | ---- | M] () -- C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll
MOD - [2010.08.12 02:19:34 | 000,077,024 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010.08.12 02:19:32 | 000,109,792 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STPE.dll
MOD - [2010.08.12 02:19:32 | 000,072,928 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010.08.12 02:19:30 | 000,232,672 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010.08.12 02:19:30 | 000,126,176 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STLog.dll
MOD - [2010.08.12 02:19:30 | 000,119,008 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010.08.12 02:19:26 | 001,121,504 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010.08.12 02:19:16 | 000,781,536 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010.01.20 16:45:00 | 000,090,112 | ---- | M] () -- C:\Programme\syncables\syncables desktop\2208TR.dll
MOD - [2009.12.23 18:45:04 | 007,505,920 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtGui4.dll
MOD - [2009.09.09 03:51:08 | 000,347,648 | ---- | M] () -- C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll
MOD - [2009.09.09 03:50:52 | 000,177,664 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtSql4.dll
MOD - [2009.09.08 22:01:32 | 002,070,528 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtCore4.dll
MOD - [2009.07.18 01:08:36 | 000,850,944 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtNetwork4.dll
MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.06.25 18:05:10 | 000,311,296 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtXml4.dll
MOD - [2007.04.13 17:39:14 | 000,252,672 | ---- | M] () -- C:\Programme\Dell\duo Stage\kgl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.21 12:01:32 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.11 21:47:28 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.09 08:54:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 08:54:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.09 08:53:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2011.10.18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011.10.18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.23 16:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\virusscan\mcods.exe -- (McODS)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.06.05 20:05:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011.01.06 11:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe -- (EMP_UDSA)
SRV - [2010.09.23 21:33:16 | 000,190,592 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\System32\CxAudMsg32.exe -- (CxAudMsg)
SRV - [2010.09.23 21:24:36 | 000,123,008 | ---- | M] (Conexant Systems Inc.) [On_Demand | Stopped] -- C:\Windows\System32\CxUSBDock32.exe -- (CxUSBDock)
SRV - [2010.09.23 00:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 22:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Programme\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010.07.30 21:56:12 | 000,038,560 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.07.27 22:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010.06.08 18:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.05.25 00:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (mfeavfk01)
DRV - [2012.05.09 08:54:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 08:54:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.15 14:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.10.15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011.10.15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011.10.15 14:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011.10.15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.10.15 14:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.10.15 14:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011.10.15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011.10.15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.01.06 11:37:26 | 000,017,664 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMP_UDAU.sys -- (eppvad_simple)
DRV - [2011.01.05 11:45:57 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.09.21 19:54:54 | 000,028,272 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LSM303DLH.sys -- (LSM303DLH)
DRV - [2010.08.12 18:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010.07.31 05:43:22 | 000,230,760 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010.07.30 23:35:30 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010.07.30 19:12:32 | 000,256,360 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010.07.30 19:12:32 | 000,177,704 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2010.07.30 19:12:32 | 000,143,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2010.07.30 19:12:32 | 000,046,952 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2010.07.30 19:12:32 | 000,037,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2010.07.30 19:12:32 | 000,028,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010.07.22 19:24:42 | 001,802,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.06.22 21:27:46 | 000,521,344 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010.06.22 12:30:14 | 000,116,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BRCMHD32.sys -- (BRCMDECO)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.25 01:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.02.23 04:48:32 | 000,010,624 | ---- | M] (ConnectSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QWARQNet.sys -- (QWARQNet)
DRV - [2009.07.14 01:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009.05.28 18:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2007.06.04 11:53:20 | 000,040,960 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2006.11.02 02:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {31B85772-CDD9-4389-A02A-2388C71753F1}
IE - HKLM\..\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKCU\..\SearchScopes,DefaultScope = {31B85772-CDD9-4389-A02A-2388C71753F1}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
FF - prefs.js..extensions.enabledAddons: {D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011.01.05 10:19:19 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.05 11:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.05 11:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.05 11:04:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.10.02 17:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 21:47:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.29 14:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 21:47:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions
[2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.26 11:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions
[2012.07.26 11:20:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.26 00:35:37 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\toolbar@ask.com
[2011.05.29 14:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.02 17:01:10 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.09.11 21:47:29 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012.05.21 21:43:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 21:47:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.21 21:43:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.21 21:43:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.21 21:43:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.21 21:43:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.startfenster.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.startfenster.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120227163358.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics)
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A2246E-FD4D-4D21-9BF3-C606FFDA07FB}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F81F09-06FE-41E7-8882-00D4E3834BC9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell - "" = AutoRun
O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell\AutoRun\command - "" = D:\EMP_UDSe.exe /autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.02 17:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.10.02 16:58:38 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2012.10.02 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Media Player Classic
[2012.10.02 14:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012.10.02 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2012.10.02 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\vlc
[2012.10.02 14:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.02 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Dad&Sandy's visit
[2012.10.01 17:13:10 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Überraschungswochenende September
[2012.09.25 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\Microsoft Help
[2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.09.24 21:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.09.24 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\{2F6FC335-F107-463F-8D3C-2D6D2EA725D4}
[2012.09.19 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.19 22:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.04.24 12:15:15 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Leila\AppData\Roaming\SetupGFD.exe
[2012.04.24 12:14:50 | 004,284,535 | ---- | C] (ffdshow                                                     ) -- C:\Users\Leila\AppData\Roaming\ffdshow.exe
[2012.04.24 12:14:47 | 000,642,685 | ---- | C] (Xvid team                                                   ) -- C:\Users\Leila\AppData\Roaming\xvid.exe
[2012.04.24 12:14:32 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Leila\AppData\Roaming\Imgburn.exe
[2012.04.24 12:14:13 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Leila\AppData\Roaming\Avisynth.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.02 18:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.02 17:43:45 | 000,000,000 | ---- | M] () -- C:\Users\Leila\defogger_reenable
[2012.10.02 17:17:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.02 17:04:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.02 17:04:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.02 17:01:54 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.02 17:01:54 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.02 17:01:54 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.02 17:01:54 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.02 16:58:30 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.10.02 16:56:58 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.02 16:56:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.02 16:55:55 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.02 16:54:59 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 14:49:54 | 000,001,833 | ---- | M] () -- C:\Users\Leila\Desktop\MPC-HC.lnk
[2012.10.02 14:43:28 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.10.02 14:28:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.02 08:53:40 | 000,268,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.28 11:22:33 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.25 21:19:33 | 316,711,050 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.02 17:43:45 | 000,000,000 | ---- | C] () -- C:\Users\Leila\defogger_reenable
[2012.10.02 14:49:54 | 000,001,833 | ---- | C] () -- C:\Users\Leila\Desktop\MPC-HC.lnk
[2012.10.02 14:28:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.10 11:29:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012.04.24 12:18:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.04.24 12:18:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.04.24 12:18:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.04.24 12:14:59 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Leila\AppData\Roaming\AvsP.exe
[2012.03.12 17:26:14 | 000,060,304 | ---- | C] () -- C:\Users\Leila\g2mdlhlpx.exe
[2011.05.30 17:38:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.30 13:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.05 10:32:21 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.26 11:21:07 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoft
[2012.07.26 11:20:40 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.01 17:44:57 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ImgBurn
[2012.07.26 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\OpenCandy
[2012.03.03 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ProtectDisc
[2012.10.02 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\SoftGrid Client
[2011.05.29 14:40:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\Thunderbird
[2011.06.13 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TP
[2012.07.26 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TuneUpMedia
 
========== Purity Check ==========
 
 

< End of report >
         

Als ich mit dem GMER gescannt habe gabs ein paar Probleme. Er hat mir gemeldet, dass deeqmOze.exe nicht mehr funktioniert und der ganze Rechner hat nichts mehr gemacht. Ich hab ihn dann neu gestartet und das ganze nochmal gemacht. Dann hat sich zwischendrin folgendes Fenster geöffnet:

Advice: Diese Anwendung erfordert, dass STMicroelectronics 3-Achsen-Beschleunigungssensor/ Magnetometer- Sensor aktiviert werden. Der Sensor ist derzeit deaktiviert. Bitte aktivieren sie den Sensor über das Control Panel (Hardware und Sound- Location und andere Sensoren).

Ich hab dann einfach auf OK gedrückt und nichts gemacht. Der GMER hat weitergescannt und mir am Ende auch ein Gmer.txt erstellt. Bedeutet das irgendwas?

Ganz unten unter der Anleitung von euch stand dann noch, man solle Extra.txt und Gmer.txt in einen Zip-Ordner packen. Da gabs dann auch einen Link, wo man sich einen 7-Zip (Freeware) herunterladen kann. Das hab ich dann auch gemacht, aber dann hat mein Avira Free Antivirus Alarm geschlagen und mir gesagt, dass da ein Virus drin ist.

Hier die Meldung:

Code:
ATTFilter
Die Datei 'C:\Users\Leila\Downloads\jZipV1.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56d55091.qua' verschoben!
         
Ich wäre euch wirklich sehr dankbar, wenn ihr mir weiterhelfen könntet, weil ich den Computer eigentlich brauche, um eine Arbeit für die Uni fertig zu machen...
Danke schonmal!

Gruß,
Gesa

Alt 03.10.2012, 21:00   #2
kira
/// Helfer-Team
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Hast Du nicht gewusst, dass Du dein System auf aktuellem Stand halten musst?:
für Win7 das Service Pack 1 (SP1) fehlt:
das SP1 umfasst die neuesten Aktualisierungen, wie z.B wichtige Sicherheits-, Stabilitäts- und Leistungsverbesserungen.
Allerdings in diesem Zustand (der Rechner aktuell durch Malware befallen ist), der alten Version eine Aufrüstung auf die nächste NICHT erfolgen darf, sonst schadet es mehr als es nutzt! Soll nun die Festplatte erst bereinigt werden, also absolut malwarefrei sein!
Nur am Ende der Reinigung der aktuelle Version installieren! - ich werde Dir Bescheid sagen wann!

Hilfeleistung - geplante Vorgehensweise:
  • Problemsuche
  • Problembeseitigung/Systembereinigung
  • Verwendete Programme deinstallieren/entfernen
  • Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware von hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Hast Du OTL falsch gespeichert:
es muss auf dem Desktop abgelegt werden!
Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
also entfernen und erneut herunterladen:
-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Nach installation in der Log-Datei soll etwa so aussehen:
Zitat:
Folder = C:\Users\***\Desktop
3.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Mache Häckchen bei LOP- und Purity-Prüfung
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira
__________________

__________________

Alt 04.10.2012, 12:14   #3
EmHe
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



Hallo Kira!
Vielen Dank, dass Du dich meinem Problem annimmst! Was Computer angeht bin ich leider nicht sonderlich versiert... Solange er irgendwie funktioniert beschäftige ich mich nicht weiter damit... Aber ich bin dir für jede Anregung zur Verbesserung dankbar!

Also, jetzt versuch ich erstmal, dir Schritt für Schritt zu folgen.
Hier die Logs, die ich erstellt hab:

Erst der Malwarebytes Anti- Malware- Log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.04.03

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Leila :: LEILA-PC [Administrator]

04.10.2012 09:22:14
mbam-log-2012-10-04 (09-22-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351980
Laufzeit: 2 Stunde(n), 16 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Hier die Otl.txt:

Code:
ATTFilter
OTL logfile created on: 04.10.2012 11:55:34 - Run 2
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Leila\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,44% Memory free
3,98 Gb Paging File | 2,27 Gb Available in Paging File | 57,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 113,03 Gb Free Space | 39,88% Space Free | Partition Type: NTFS
 
Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Leila\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics)
PRC - C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (SRS Labs, Inc.)
PRC - C:\Programme\Dell\duo Stage\duoStage.exe (ArcSoft, Inc.)
PRC - C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Programme\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
PRC - C:\Programme\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
PRC - C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Dell Wireless\Ath_CoexAgent.exe (Atheros)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC)
PRC - C:\Programme\syncables\syncables desktop\OTiSyncApp.exe (syncables, LLC)
PRC - C:\Programme\syncables\syncables desktop\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll ()
MOD - C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Programme\syncables\syncables desktop\2208TR.dll ()
MOD - C:\Programme\Dell\duo Stage\QtGui4.dll ()
MOD - C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtSql4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtCore4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtNetwork4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Programme\Dell\duo Stage\QtXml4.dll ()
MOD - C:\Programme\Dell\duo Stage\kgl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (EMP_UDSA) -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION)
SRV - (CxAudMsg) -- C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.)
SRV - (CxUSBDock) -- C:\Windows\System32\CxUSBDock32.exe (Conexant Systems Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SftService) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (AtherosSvc) -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe (Atheros)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (eppvad_simple) -- C:\Windows\System32\drivers\EMP_UDAU.sys (SEIKO EPSON CORPORATION)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (LSM303DLH) -- C:\Windows\System32\drivers\LSM303DLH.sys (STMicroelectronics)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (BRCMDECO) -- C:\Windows\System32\drivers\BRCMHD32.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (QWARQNet) -- C:\Windows\System32\drivers\QWARQNet.sys (ConnectSoft, Inc.)
DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (MOSUMAC) -- C:\Windows\System32\drivers\MOSUMAC.SYS (--)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {31B85772-CDD9-4389-A02A-2388C71753F1}
IE - HKLM\..\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKCU\..\SearchScopes,DefaultScope = {31B85772-CDD9-4389-A02A-2388C71753F1}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011.01.05 10:19:19 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.05 11:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.05 11:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.05 11:04:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 21:47:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.29 14:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 21:47:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions
[2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.26 11:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions
[2012.07.26 11:20:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.26 00:35:37 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\toolbar@ask.com
[2011.05.29 14:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.11 21:47:29 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012.05.21 21:43:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 21:47:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.21 21:43:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.21 21:43:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.21 21:43:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.21 21:43:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.startfenster.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.startfenster.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics)
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A2246E-FD4D-4D21-9BF3-C606FFDA07FB}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F81F09-06FE-41E7-8882-00D4E3834BC9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell - "" = AutoRun
O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell\AutoRun\command - "" = D:\EMP_UDSe.exe /autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.04 11:49:18 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe
[2012.10.04 09:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.04 09:16:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.04 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.03 09:35:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.10.02 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Media Player Classic
[2012.10.02 14:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012.10.02 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2012.10.02 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\vlc
[2012.10.02 14:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.02 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Dad&Sandy's visit
[2012.10.01 17:13:10 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Überraschungswochenende September
[2012.09.25 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\Microsoft Help
[2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.09.24 21:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.09.24 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\{2F6FC335-F107-463F-8D3C-2D6D2EA725D4}
[2012.09.22 16:56:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 16:56:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 16:56:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 16:56:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 16:56:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.22 16:56:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.22 16:56:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 16:55:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.19 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.19 22:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.12 08:41:32 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.04.24 12:15:15 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Leila\AppData\Roaming\SetupGFD.exe
[2012.04.24 12:14:50 | 004,284,535 | ---- | C] (ffdshow                                                     ) -- C:\Users\Leila\AppData\Roaming\ffdshow.exe
[2012.04.24 12:14:47 | 000,642,685 | ---- | C] (Xvid team                                                   ) -- C:\Users\Leila\AppData\Roaming\xvid.exe
[2012.04.24 12:14:32 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Leila\AppData\Roaming\Imgburn.exe
[2012.04.24 12:14:13 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Leila\AppData\Roaming\Avisynth.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 12:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.04 11:49:32 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe
[2012.10.04 11:17:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.04 09:20:40 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 09:20:40 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 09:16:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.04 09:14:10 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.10.04 09:13:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.04 09:13:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 09:12:52 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 09:02:16 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.04 09:02:16 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.04 09:02:16 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.04 09:02:16 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.03 13:01:37 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.10.02 19:19:49 | 310,804,714 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.02 18:58:59 | 000,302,592 | ---- | M] () -- C:\Users\Leila\Desktop\deeqm0ze.exe
[2012.10.02 17:43:45 | 000,000,000 | ---- | M] () -- C:\Users\Leila\defogger_reenable
[2012.10.02 14:49:54 | 000,001,833 | ---- | M] () -- C:\Users\Leila\Desktop\MPC-HC.lnk
[2012.10.02 14:28:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.02 08:53:40 | 000,268,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.28 11:22:33 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.21 12:01:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.21 12:01:27 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.04 09:16:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 18:58:59 | 000,302,592 | ---- | C] () -- C:\Users\Leila\Desktop\deeqm0ze.exe
[2012.10.02 17:43:45 | 000,000,000 | ---- | C] () -- C:\Users\Leila\defogger_reenable
[2012.10.02 14:49:54 | 000,001,833 | ---- | C] () -- C:\Users\Leila\Desktop\MPC-HC.lnk
[2012.10.02 14:28:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.10 11:29:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012.04.24 12:18:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.04.24 12:18:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.04.24 12:18:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.04.24 12:14:59 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Leila\AppData\Roaming\AvsP.exe
[2012.03.12 17:26:14 | 000,060,304 | ---- | C] () -- C:\Users\Leila\g2mdlhlpx.exe
[2011.05.30 17:38:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.30 13:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.05 10:32:21 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.26 11:21:07 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoft
[2012.07.26 11:20:40 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.01 17:44:57 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ImgBurn
[2012.07.26 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\OpenCandy
[2012.03.03 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ProtectDisc
[2012.10.02 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\SoftGrid Client
[2011.05.29 14:40:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\Thunderbird
[2011.06.13 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TP
[2012.07.26 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TuneUpMedia
 
========== Purity Check ==========
 
 

< End of report >
         
Die Extra.txt:

Code:
ATTFilter
OTL Extras logfile created on: 04.10.2012 11:55:34 - Run 2
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Leila\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,44% Memory free
3,98 Gb Paging File | 2,27 Gb Available in Paging File | 57,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 113,03 Gb Free Space | 39,88% Space Free | Partition Type: NTFS
 
Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13BD02B6-CEC7-4A20-9A59-F5F8747324FD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{16995652-6CE8-40AE-BD3A-54714A7E2CFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{184A3598-A9CE-474F-AE80-7B42530D2E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{18A43722-045D-41E7-B868-A283EFC34CD9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1A83F28E-B675-48EE-B3BF-EF175953E6A5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1F1B9261-1DFA-4BB0-B0CF-1DEA7A65DAC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2163AC05-B352-4F9E-8C00-3C126BBB0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{255A242A-1255-413B-9A1A-82D77BC4846F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25F3875D-380C-4A49-A34D-178776C02C6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{33FFB51B-4E91-4030-BF6B-2AD10AE210A7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{38FF7A8F-5171-47C1-9345-3D96148C0C00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B6FDFA6-79FA-43AE-9629-D8FFBE2E9936}" = rport=445 | protocol=6 | dir=out | app=system | 
"{51309E94-2AD6-4434-8796-ABE0FBB0E738}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5A9799E2-6BB1-4218-B7D1-13A94768ED88}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7D0891B7-7DF5-4605-8778-D476CA7A4625}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7FBB580A-26E0-480B-A909-0F5AC4147B54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7FD770F2-D6BE-41BB-912C-92D2AC9F8F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8510E887-D88B-4DF6-9BD0-366638B432E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{89DDC746-9FCC-438C-8D7D-AB5E2B51F612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A404EDD4-6D12-44F1-9468-63D54C30DFEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0FAA845-0359-4E15-860F-7504F22E1019}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C2D69B7B-5E07-4A9C-B704-27DD3AE6275A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D34AD8B6-52C2-4EF6-9A3B-8C1D410AF7E5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{D6540783-DAA1-438C-8BFC-687C179D609C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D69DEE43-D94F-4B6C-8DB9-6D98F819B224}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DD0D5325-7299-4638-B4AD-C2B1E863123E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2A33CDD-9D50-45F2-BA1F-79089A177C4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000EBD73-AE94-4DCC-9A1B-592FDA3C987C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A1335CF-B558-4F65-8F7E-382B5F39EBF7}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"{344A6C91-94AB-46BE-9015-E5F3FDDEB490}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3FA0F4CE-7803-4A14-B772-B9F16B222DEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{424CAA5C-F2C3-4499-B015-C89B24E658B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{453E2838-329C-41E0-BCD2-E6D2A05A6137}" = protocol=6 | dir=out | app=system | 
"{51F12C8F-B739-45AA-86F5-31AE1AB1E0D8}" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"{5FB23434-966A-422A-99EF-A7EDCD759476}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65DB1064-D03F-4215-B263-4D4AF6389BC5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{67ED1740-3759-4682-9019-1A205AA7C7B3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{684119CD-CC5E-42AF-8E95-A9CF679A6EFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{693DAA65-0EAF-4F93-9E89-46D207F0B429}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{7AC2F34A-8D9C-4742-937D-4CFD2B1EEE44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BEF1326-633B-4059-94F6-BC4E9D992B0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{80672E0F-4323-439C-A0E9-ACE11A81A153}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{862AE295-24A0-436F-BA74-290DD0326CDC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{8A0F3812-8B58-4D7B-BC7B-2A67078C2175}" = dir=in | app=c:\program files\dell\videostage\videostage.exe | 
"{8E313E11-B64E-442B-B338-B1F7823C7AAE}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"{926F6C87-454D-407E-AE4E-B359171CC8D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{949B39EA-23BD-479A-83C0-96EA13A7DF6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{94DC0CBE-ADC5-438A-BC35-50E9BFBBE58E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C331A74-FC79-4FDF-B5FF-AB88E40C1C34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F4A2012-5786-4421-8443-6380382B97DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A9C72912-E1AE-4E83-AD2E-BEA46CDA3DB6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{BAA32216-6986-451D-8461-2F64496FB565}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EA38FDED-79EF-45D6-93BF-BD62296D3227}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB1E2219-C305-4BAB-B880-7045585715B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EE136E33-DD36-48B8-A17A-B3F08048B8C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4923AD2-523A-4A8E-86E0-7DEBA8E7299B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{FC664F61-C5F0-4F68-83FC-CD0F77AEE7C6}" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"{FF7B50C7-7E5B-4CD3-B152-5F4BDB0C200F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{4F233CBB-2507-4A26-81EE-6022D2FE9F5D}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{06DFCF56-C680-428C-819D-5A367DECD5B6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{616AF091-D73C-481B-9113-FD758EB2F50A}" = MusicStage
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{7650F538-6274-44EA-8F50-843479073333}" = Epson USB Display
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A855F2D-24D4-4B93-BFA9-824289902063}" = Dell duo Stage
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{862892F1-2158-451D-82EC-4112E5DD8A93}" = Accelerometer-Magnetometer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CA856-294B-484A-BCFB-A8AA542D297F}" = syncables desktop
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2312A99-3F31-4ED0-854D-61424B78B0F7}" = Broadcom CrystalHD Decoder
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBA77958-961F-4161-A094-2E7CD5CD974F}" = Dell duo Station
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"0BAED083C44E7385DDEF7055043302B191E27BA9" = Windows-Treiberpaket - Sitecom Europe BV (MOSUMAC) Net  (06/04/2007 1.0.0.3)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AvsP_is1" = AvsP
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.4.1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dell Support Center" = Dell Support Center
"Dell Webcam Central" = Dell Webcam Central
"FastStone Image Viewer" = FastStone Image Viewer 4.4
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Google Chrome" = Google Chrome
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.6.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ShapeCollage" = Shape Collage
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUpMedia" = TuneUp 2.4.6.4
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.09.2012 15:29:58 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7176
 
Error - 30.09.2012 15:29:58 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7176
 
Error - 30.09.2012 15:32:06 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.09.2012 15:32:06 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 134832
 
Error - 30.09.2012 15:32:06 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 134832
 
Error - 30.09.2012 15:32:07 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.09.2012 15:32:07 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 135861
 
Error - 30.09.2012 15:32:07 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 135861
 
Error - 30.09.2012 16:00:07 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (6768) Asapi: (22:00:07:0880)(6768) libAsapi.DynamicLoadedPlugin -
 Error -- 64 Unable to load library 'S3LogPusher.dll' 
 
Error - 30.09.2012 16:00:07 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (6768) Asapi: (22:00:07:0960)(6768) Asapi.State - Error -- 123 Plugin
 S3LogPusher.dll failed to load. 
 
[ Dell Events ]
Error - 25.09.2012 10:23:29 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 25.09.2012 14:11:18 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 25.09.2012 14:11:18 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 12:46:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 12:46:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ System Events ]
Error - 03.10.2012 08:11:17 | Computer Name = Leila-PC | Source = volsnap | ID = 393222
Description = Die Schattenkopie von Volume "C:" konnte kein neues Pageheap erstellen.
 Dem System steht nicht ausreichend virtueller Speicher zur Verfügung.
 
Error - 03.10.2012 10:00:21 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 03.10.2012 10:00:47 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 03.10.2012 11:40:42 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 03.10.2012 11:41:08 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 04.10.2012 02:55:56 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 04.10.2012 02:56:23 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 04.10.2012 03:13:07 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 04.10.2012 03:13:30 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 04.10.2012 03:16:47 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
 
< End of report >
         

Und zum Schluss die Programme:

Code:
ATTFilter
Accelerometer-Magnetometer	STMicroelectronics	05.01.2011		1.00.0028
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	21.09.2012	6,00MB	11.4.402.278
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	21.09.2012	6,00MB	11.4.402.278
Adobe Reader 9.1.2 - Deutsch	Adobe Systems Incorporated	05.01.2011	240MB	9.1.2
Advanced Audio FX Engine	Creative Technology Ltd	05.01.2011		1.12.05
Apple Application Support	Apple Inc.	14.03.2012	61,0MB	2.1.7
Apple Mobile Device Support	Apple Inc.	14.03.2012	24,3MB	5.1.1.4
Apple Software Update	Apple Inc.	14.03.2012	2,38MB	2.1.3.127
Ask Toolbar	Ask.com	25.11.2011	3,19MB	1.12.5.0
Avira Free Antivirus	Avira	12.09.2012	105MB	12.0.0.1199
AviSynth 2.5		24.04.2012		
AvsP		24.04.2012		
Bing Bar	Microsoft Corporation	05.01.2011		6.0.2282.0
Bing Maps 3D	Microsoft Corporation	05.01.2011	15,0MB	4.0.903.16005
Bonjour	Apple Inc.	14.03.2012	1,02MB	3.0.0.10
Broadcom CrystalHD Decoder	Broadcom Corporation	05.01.2011	7,99MB	3.5.0.32
CCleaner	Piriform	24.09.2012		3.23
Conexant HD Audio	Conexant	05.01.2011		4.126.0.62
CyberLink YouPaint	CyberLink Corp.	05.01.2011	72,1MB	1.2.2124
Dell DataSafe Local Backup	Dell	05.01.2011		9.4.47
Dell DataSafe Local Backup - Support Software	Dell	05.01.2011		
Dell duo Stage	ArcSoft	05.01.2011	20,8MB	1.0.0.11
Dell duo Station	ArcSoft	05.01.2011		1.0.7.34
Dell Getting Started Guide	Dell Inc.	05.01.2011		1.00.0000
Dell PhotoStage	ArcSoft	05.01.2011	101MB	1.5.0.19
Dell Support Center	Dell Inc.	05.01.2011		3.0.5621.01
Dell VideoStage	CyberLink Corp.	05.01.2011		1.1.0.1011
Dell Webcam Central	Creative Technology Ltd	05.01.2011		2.00.35
Dell WLAN and Bluetooth Client Installation	Dell Inc.	05.01.2011		9.0
DVD slideshow GUI 0.9.4.1	Tin2tin	24.04.2012	106MB	DVD slideshow GUI 0.9.4.1
Epson USB Display	SEIKO EPSON CORPORATION	26.04.2012		1.51.000
FastStone Image Viewer 4.4	FastStone Soft	24.04.2012		4.4
ffdshow [rev 3029] [2009-07-10]		24.04.2012		1.0
Free YouTube to MP3 Converter version 3.11.26.706	DVDVideoSoft Ltd.	26.07.2012	92,0MB	3.11.26.706
Google Chrome	Google Inc.	24.05.2012		22.0.1229.79
Google Earth	Google	24.05.2012	107MB	6.2.2.6613
GoToMeeting 5.1.0.880	CitrixOnline	12.03.2012		5.1.0.880
GUI for dvdauthor 1.07	Boraxsoft	24.04.2012		1.07
ImgBurn	LIGHTNING UK!	24.04.2012		2.5.5.0
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	05.01.2011	54,2MB	8.14.10.2117
Intel(R) Rapid Storage Technology	Intel Corporation	05.01.2011		9.6.4.1002
iTunes	Apple Inc.	14.03.2012	156MB	10.6.0.40
Janitos Offline-Tarifrechner 3.2.6.2	Fairware24	13.08.2012		
Java(TM) 6 Update 22	Oracle	05.01.2011	97,0MB	6.0.220
Malwarebytes Anti-Malware Version 1.65.0.1400	Malwarebytes Corporation	04.10.2012	19,2MB	1.65.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	31.05.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	31.05.2011	2,93MB	4.0.30319
Microsoft Office 2010	Microsoft Corporation	05.01.2011	6,31MB	14.0.4763.1000
Microsoft Office Access 2003 Runtime	Microsoft Corporation	16.08.2012	279MB	11.0.8173.0
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	13.06.2011		14.0.4763.1000
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	13.06.2011		14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	10.05.2012	100MB	4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	05.01.2011	1,69MB	3.1.0000
Microsoft Touch Pack for Windows 7	Microsoft Corporation	05.01.2011	325MB	1.0.40517.00
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	18.06.2011	300KB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	05.01.2011	595KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	18.06.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	27.11.2011	12,2MB	10.0.40219
Microsoft XNA Framework Redistributable 3.0	Microsoft Corporation	05.01.2011	7,61MB	3.0.11010.0
Mozilla Firefox 15.0.1 (x86 de)	Mozilla	11.09.2012	38,5MB	15.0.1
Mozilla Maintenance Service	Mozilla	11.09.2012	327KB	15.0.1
Mozilla Thunderbird (3.1.10)	Mozilla	29.05.2011		3.1.10 (de)
MPC-HC 1.6.4.6052	MPC-HC Team	02.10.2012	21,3MB	1.6.4.6052
MusicStage	Fingertapps	05.01.2011		1.3.31.0
QuickSet32	Dell Inc.	05.01.2011		10.5.030
Qwarq	ConnectSoft, Inc.	05.01.2011		1.0.66.29331
Shape Collage	Shape Collage Inc.	24.04.2012		
Skype Toolbars	Skype Technologies S.A.	30.05.2011	5,84MB	5.3.7280
Skype™ 5.10	Skype Technologies S.A.	19.09.2012	19,4MB	5.10.116
SRS Premium Sound Control Panel	SRS Labs, Inc.	05.01.2011	1,39MB	1.09.0800
Synaptics Pointing Device Driver	Synaptics Incorporated	05.01.2011	46,4MB	15.1.8.0
syncables desktop	syncables	05.01.2011		5.5.525.8403
TuneUp 2.4.6.4	TuneUp Media, Inc.	26.07.2012	61,1MB	2.4.6.4
VLC media player 2.0.3	VideoLAN	02.10.2012		2.0.3
Windows Live Essentials	Microsoft Corporation	05.01.2011		15.4.3502.0922
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	05.01.2011	5,57MB	15.4.5722.2
Windows-Treiberpaket - Sitecom Europe BV (MOSUMAC) Net  (06/04/2007 1.0.0.3)	Sitecom Europe BV	24.02.2012		06/04/2007 1.0.0.3
Xvid 1.1.3 final uninstall	Xvid team (Koepi)	24.04.2012		1.1
         
Jetzt noch eine Frage zum ins Internet gehen. Zwischen den Aktionen geh ich ausm Internet raus, aber um hier zu posten etc. muss ich ja drin sein. Ist das ok?

lg,
gesa
__________________

Alt 04.10.2012, 13:33   #4
kira
/// Helfer-Team
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



Zitat:
Zitat von EmHe Beitrag anzeigen
Jetzt noch eine Frage zum ins Internet gehen. Zwischen den Aktionen geh ich ausm Internet raus, aber um hier zu posten etc. muss ich ja drin sein. Ist das ok?
Ja, natürlich

Systemreinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert:
Code:
ATTFilter
Ask Toolbar <- Adware !!
Bing Bar <- unnötig
         
Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars
Zitat:
Was zu tun nach/während jedem Download aus dem Internet?:
  • In der Systemsteuerung unter Software/Programme kontrollieren - ob sich "Unerwünschtes" (Programm, Toolbar etc) eingeschlichen hat?
  • Im Browser - unter Browser Toolbars und sonstige Erweiterungen (Extras -> Erweiterungen) - Alle Erweiterungen sind bewusst und gewollt installiert?
  • Browser-Start/Suchseite - die aktuelle Webseite als Startseite, Suchanbieter von dir festgelegt wurden?
2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {31B85772-CDD9-4389-A02A-2388C71753F1}
IE - HKLM\..\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startfenster.com
IE - HKCU\..\SearchScopes,DefaultScope = {31B85772-CDD9-4389-A02A-2388C71753F1}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
[2011.11.26 00:35:37 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\toolbar@ask.com
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
CHR - homepage: http://www.startfenster.com
CHR - homepage: http://www.startfenster.com
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
[2012.10.04 11:17:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.04 09:13:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

3.
Adobe Reader aktualisieren :
- Während der Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

4.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 7 - von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!
Tipp: -> Java-Updates konfigurieren

5.
Aktualisieren: Alte Version deinstallieren und neue herunterladen:-> -> Firefox Kostenloser Download
Code:
ATTFilter
Mozilla Thunderbird
         
aber Achtung!:
bei Bedarf, vorher für dich wichtige (Benutzerdefinierte) Einstellungen zu speichern:-> Mozilla Firefox Backup erstellen
Info:-> Firefox auf die letzte Version aktualisieren

6.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

7.
Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während der Online-Scans deaktivieren:
    Anti-Virus-Programm und Firewall.
  • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
  • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
    Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
  • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
  • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.


  • .

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
  • Eset Online Scanner (NOD32)
    • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
    • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.
    • Button "ESET Online Scanner" drücken.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
    • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
    • Einen Haken bei "Remove found threads" und "Scan archives" machen.
    • Start drücken.
    • Signaturen werden heruntergeladen.
    • Der Scan beginnt automatisch.
    • Wenn fertig, das Protokoll speichern und mir posten.
      -> List of found threats
      -> Export to text file
      -> Back
      -> Delete quarantäne files
    • Finish drücken.
    • Browser schließen.
    • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
    • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

9.
Datei-Überprüfung
Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen.
Prüfende Datei/en:
Code:
ATTFilter
C:\Users\Leila\Desktop\deeqm0ze.exe
C:\Users\Leila\g2mdlhlpx.exe
         
  • klick auf "Choose File"
  • Lass Deinen Computer in "" suchen.
  • Wenn Du die Datei gefunden hast, klickst du sie an und auf "Scan it"
  • Sollte VirusTotal melden, dass die Datei bereits überpüft wurde ("File already analysed"), lasse sie trotzdem über den Button Reanalyse erneut prüfen.
  • Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen.
  • Wenn das Ergebnis vorliegt - markieren-> kopieren -> hier einfügen - (egal wie es aussieht - nicht auslassen, das komplette Resultat wie angezeigt da reinkopieren! - und dabei auch die Zeilen mit Namen und Größe der Datei, MD5 und SHA1 kopieren) hier posten. Solltest Du die Datei/en nicht finden oder hochladen können, dann teile uns das ebenfalls mit. Solltest Du die Datei/en nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind.
    ► Oder die Ergebnisse markieren mit <Strg><A>-> kopieren mit <Strg><C>-> mit <Strg><V> hier einfügen

Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:
Scanergebnisse mitsamt Dateiname!
Code:
ATTFilter
Datei  File name:
<hier kommt die Dateiname>
Submission date:
2010-10-22 03:34:01 (UTC)
Current status:
queued queued analysing finished
Result:
.....%
    
VT Community

goodware/badware
 Safety score: 100.0% 
Compact
Print results
Antivirus     Version     Last Update     Result
AhnLab-V3    2010.10.22.00    2010.10.21    -
AntiVir    7.10.13.15    2010.10.21    -
Antiy-AVL    2.0.3.7    2010.10.22    -
Authentium    5.2.0.5    2010.10.22    -
Avast    4.8.1351.0    2010.10.21    -
Avast5    5.0.594.0    2010.10.21    -
usw........

...werden geprüft v. mehr wie 40 Online Virus Scanner...also Geduld!!
         
Falls bei der Analyse sich herausstellt,dass die Dateien schädlich sind,lösche noch nicht,weil können unter Umständen dazu führen, dass das System nicht mehr sauber läuft[/quote]




► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 04.10.2012, 22:10   #5
EmHe
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



So, ich hab mich jetzt mal von Schritt 1 zu Schritt 9 durchgearbeitet...

Hier meine Resultate:

zu 2.

Das Ergebnis nach dem Fixen mit Otl:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31B85772-CDD9-4389-A02A-2388C71753F1}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry delete failed. HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ scheduled to be deleted on reboot.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
Folder C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\toolbar@ask.com\ not found.
C:\Programme\Mozilla Firefox\components\Scriptff.dll moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
File c:\progra~1\mcafee\msc\npmcsn~1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Leila\Desktop\cmd.bat deleted successfully.
C:\Users\Leila\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Leila
->Temp folder emptied: 426814678 bytes
->Temporary Internet Files folder emptied: 26247160 bytes
->Java cache emptied: 110427 bytes
->FireFox cache emptied: 95882283 bytes
->Google Chrome cache emptied: 335204230 bytes
->Flash cache emptied: 76151 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 543569456 bytes
RecycleBin emptied: 2164 bytes
 
Total Files Cleaned = 1.362,00 mb
 
 
OTL by OldTimer - Version 3.2.70.2 log created on 10042012_155618

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31B85772-CDD9-4389-A02A-2388C71753F1}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ scheduled to be deleted on reboot.
         

zu 7.

Das Eset-Protokoll:

Code:
ATTFilter
F:\$RECYCLE.BIN\S-1-5-21-1053554210-2968338467-1938491687-1000\$RWDKD1F.inf	Win32/Bflient.K worm	cleaned by deleting - quarantined
F:\NAPULJ\sicilija.exe	a variant of Win32/Bflient.M worm	cleaned by deleting - quarantined
F:\OLJA\karlewsa.exe	a variant of Win32/Bflient.P worm	cleaned by deleting - quarantined
G:\OLJA\karlewsa.exe	a variant of Win32/Bflient.P worm	cleaned by deleting - quarantined
         

zu 8.

Die Otl.txt:

Code:
ATTFilter
OTL logfile created on: 04.10.2012 21:35:24 - Run 3
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Leila\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,28% Memory free
3,98 Gb Paging File | 2,57 Gb Available in Paging File | 64,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 113,23 Gb Free Space | 39,95% Space Free | Partition Type: NTFS
Drive Y: | 14,65 Gb Total Space | 8,06 Gb Free Space | 55,06% Space Free | Partition Type: NTFS
 
Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.04 11:49:32 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe
PRC - [2012.08.08 22:39:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 08:54:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 08:54:01 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.09 08:53:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.06 11:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
PRC - [2010.11.04 00:37:10 | 000,111,216 | ---- | M] (STMicroelectronics) -- C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe
PRC - [2010.10.20 20:06:44 | 001,381,728 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
PRC - [2010.10.18 22:52:50 | 001,021,504 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Dell\duo Stage\duoStage.exe
PRC - [2010.09.23 21:33:16 | 000,190,592 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\CxAudMsg32.exe
PRC - [2010.09.21 22:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 22:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe
PRC - [2010.08.12 02:19:16 | 000,781,536 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010.07.30 21:56:32 | 000,289,952 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\AthBtTray.exe
PRC - [2010.07.30 21:56:18 | 000,470,176 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\BtvStack.exe
PRC - [2010.07.30 21:56:12 | 000,038,560 | ---- | M] (Atheros Commnucations) -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe
PRC - [2010.07.27 22:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010.06.08 18:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.06.08 18:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.05.25 00:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe
PRC - [2010.05.13 01:38:16 | 002,928,800 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2010.01.20 16:45:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Programme\syncables\syncables desktop\syncables.exe
PRC - [2010.01.20 16:45:00 | 000,220,976 | ---- | M] (syncables, LLC) -- C:\Programme\syncables\syncables desktop\OTiSyncApp.exe
PRC - [2010.01.20 16:45:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 10:38:01 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.14 10:37:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.05.10 11:37:08 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll
MOD - [2012.05.10 11:32:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 11:30:10 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
MOD - [2012.05.10 11:29:25 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012.05.10 11:29:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.10 11:28:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.10 11:28:51 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.10 11:28:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.04 00:37:10 | 000,146,032 | ---- | M] () -- C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll
MOD - [2010.09.29 17:46:26 | 000,103,488 | ---- | M] () -- C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll
MOD - [2010.08.12 02:19:34 | 000,077,024 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010.08.12 02:19:32 | 000,109,792 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STPE.dll
MOD - [2010.08.12 02:19:32 | 000,072,928 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010.08.12 02:19:30 | 000,232,672 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010.08.12 02:19:30 | 000,126,176 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STLog.dll
MOD - [2010.08.12 02:19:30 | 000,119,008 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010.08.12 02:19:26 | 001,121,504 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010.08.12 02:19:16 | 000,781,536 | ---- | M] () -- C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010.01.20 16:45:00 | 000,090,112 | ---- | M] () -- C:\Programme\syncables\syncables desktop\2208TR.dll
MOD - [2009.12.23 18:45:04 | 007,505,920 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtGui4.dll
MOD - [2009.09.09 03:51:08 | 000,347,648 | ---- | M] () -- C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll
MOD - [2009.09.09 03:50:52 | 000,177,664 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtSql4.dll
MOD - [2009.09.08 22:01:32 | 002,070,528 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtCore4.dll
MOD - [2009.07.18 01:08:36 | 000,850,944 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtNetwork4.dll
MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.06.25 18:05:10 | 000,311,296 | ---- | M] () -- C:\Programme\Dell\duo Stage\QtXml4.dll
MOD - [2007.04.13 17:39:14 | 000,252,672 | ---- | M] () -- C:\Programme\Dell\duo Stage\kgl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.21 12:01:32 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.09 08:54:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 08:53:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.05 20:05:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.01.06 11:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe -- (EMP_UDSA)
SRV - [2010.09.23 21:33:16 | 000,190,592 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\System32\CxAudMsg32.exe -- (CxAudMsg)
SRV - [2010.09.23 21:24:36 | 000,123,008 | ---- | M] (Conexant Systems Inc.) [On_Demand | Stopped] -- C:\Windows\System32\CxUSBDock32.exe -- (CxUSBDock)
SRV - [2010.09.23 00:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 22:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Programme\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010.07.30 21:56:12 | 000,038,560 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.07.27 22:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010.06.08 18:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.05.25 00:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.05.09 08:54:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 08:54:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.01.06 11:37:26 | 000,017,664 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMP_UDAU.sys -- (eppvad_simple)
DRV - [2011.01.05 11:45:57 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.09.21 19:54:54 | 000,028,272 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LSM303DLH.sys -- (LSM303DLH)
DRV - [2010.08.12 18:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010.07.31 05:43:22 | 000,230,760 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010.07.30 23:35:30 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010.07.30 19:12:32 | 000,256,360 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010.07.30 19:12:32 | 000,177,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2010.07.30 19:12:32 | 000,143,080 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2010.07.30 19:12:32 | 000,046,952 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2010.07.30 19:12:32 | 000,037,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2010.07.30 19:12:32 | 000,028,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010.07.22 19:24:42 | 001,802,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.06.22 21:27:46 | 000,521,344 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010.06.22 12:30:14 | 000,116,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BRCMHD32.sys -- (BRCMDECO)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.25 01:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.02.23 04:48:32 | 000,010,624 | ---- | M] (ConnectSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QWARQNet.sys -- (QWARQNet)
DRV - [2009.07.14 01:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009.05.28 18:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2007.06.04 11:53:20 | 000,040,960 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2006.11.02 02:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC E0 F0 D0 45 A2 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = ???????????????`?????´
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.05 11:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.05 11:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.05 11:04:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.04 17:13:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions
[2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.04 15:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions
[2012.07.26 11:20:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.04 17:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.startfenster.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.startfenster.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics)
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A2246E-FD4D-4D21-9BF3-C606FFDA07FB}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F81F09-06FE-41E7-8882-00D4E3834BC9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk Y:\
O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell - "" = AutoRun
O33 - MountPoints2\{03fb95ba-8fa6-11e1-be74-0a0016967754}\Shell\AutoRun\command - "" = D:\EMP_UDSe.exe /autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.04 17:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.04 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.04 16:34:23 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.04 16:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.04 15:56:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.04 12:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.04 12:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.04 12:46:19 | 003,941,312 | ---- | C] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe
[2012.10.04 11:49:18 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe
[2012.10.04 09:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.04 09:16:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.04 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.03 09:35:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.10.02 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Media Player Classic
[2012.10.02 14:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012.10.02 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2012.10.02 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\vlc
[2012.10.02 14:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.02 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Dad&Sandy's visit
[2012.10.01 17:13:10 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Überraschungswochenende September
[2012.09.25 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\Microsoft Help
[2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.09.24 21:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.09.24 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\{2F6FC335-F107-463F-8D3C-2D6D2EA725D4}
[2012.09.22 16:56:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 16:56:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 16:56:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 16:56:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 16:56:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.22 16:56:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.22 16:56:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 16:55:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.19 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.19 22:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.12 08:41:32 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.04.24 12:15:15 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Leila\AppData\Roaming\SetupGFD.exe
[2012.04.24 12:14:50 | 004,284,535 | ---- | C] (ffdshow                                                     ) -- C:\Users\Leila\AppData\Roaming\ffdshow.exe
[2012.04.24 12:14:47 | 000,642,685 | ---- | C] (Xvid team                                                   ) -- C:\Users\Leila\AppData\Roaming\xvid.exe
[2012.04.24 12:14:32 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Leila\AppData\Roaming\Imgburn.exe
[2012.04.24 12:14:13 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Leila\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 21:01:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.04 17:27:09 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 17:27:09 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 17:26:11 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.04 17:26:11 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.04 17:26:11 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.04 17:26:11 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.04 17:20:40 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.10.04 17:19:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 17:19:20 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 17:18:18 | 000,104,324 | ---- | M] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg
[2012.10.04 17:13:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.04 17:04:54 | 007,317,935 | ---- | M] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv
[2012.10.04 16:34:01 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.04 16:13:35 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.04 13:02:04 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.10.04 12:49:00 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.04 12:46:42 | 003,941,312 | ---- | M] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe
[2012.10.04 11:49:32 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe
[2012.10.04 09:16:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 18:58:59 | 000,302,592 | ---- | M] () -- C:\Users\Leila\Desktop\deeqm0ze.exe
[2012.10.02 17:43:45 | 000,000,000 | ---- | M] () -- C:\Users\Leila\defogger_reenable
[2012.10.02 14:49:54 | 000,001,833 | ---- | M] () -- C:\Users\Leila\Desktop\MPC-HC.lnk
[2012.10.02 14:28:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.02 08:53:40 | 000,268,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.28 11:22:33 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.21 12:01:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.21 12:01:27 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.04 17:18:08 | 000,104,324 | ---- | C] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg
[2012.10.04 17:13:10 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.04 17:13:10 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.04 17:04:32 | 007,317,935 | ---- | C] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv
[2012.10.04 16:13:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.10.04 16:13:35 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.04 12:49:00 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.04 09:16:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 18:58:59 | 000,302,592 | ---- | C] () -- C:\Users\Leila\Desktop\deeqm0ze.exe
[2012.10.02 17:43:45 | 000,000,000 | ---- | C] () -- C:\Users\Leila\defogger_reenable
[2012.10.02 14:49:54 | 000,001,833 | ---- | C] () -- C:\Users\Leila\Desktop\MPC-HC.lnk
[2012.10.02 14:28:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.10 11:29:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012.04.24 12:18:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.04.24 12:18:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.04.24 12:18:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.04.24 12:14:59 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Leila\AppData\Roaming\AvsP.exe
[2012.03.12 17:26:14 | 000,060,304 | ---- | C] () -- C:\Users\Leila\g2mdlhlpx.exe
[2011.05.30 17:38:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.30 13:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.05 10:32:21 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.26 11:21:07 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoft
[2012.07.26 11:20:40 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.01 17:44:57 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ImgBurn
[2012.07.26 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\OpenCandy
[2012.03.03 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ProtectDisc
[2012.10.02 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\SoftGrid Client
[2011.05.29 14:40:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\Thunderbird
[2011.06.13 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TP
[2012.07.26 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TuneUpMedia
 
========== Purity Check ==========
 
 

< End of report >
         

und die Extra.txt:

Code:
ATTFilter
OTL Extras logfile created on: 04.10.2012 21:35:24 - Run 3
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Leila\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,28% Memory free
3,98 Gb Paging File | 2,57 Gb Available in Paging File | 64,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 113,23 Gb Free Space | 39,95% Space Free | Partition Type: NTFS
Drive Y: | 14,65 Gb Total Space | 8,06 Gb Free Space | 55,06% Space Free | Partition Type: NTFS
 
Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13BD02B6-CEC7-4A20-9A59-F5F8747324FD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{16995652-6CE8-40AE-BD3A-54714A7E2CFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{184A3598-A9CE-474F-AE80-7B42530D2E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{18A43722-045D-41E7-B868-A283EFC34CD9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1A83F28E-B675-48EE-B3BF-EF175953E6A5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1F1B9261-1DFA-4BB0-B0CF-1DEA7A65DAC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2163AC05-B352-4F9E-8C00-3C126BBB0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{255A242A-1255-413B-9A1A-82D77BC4846F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25F3875D-380C-4A49-A34D-178776C02C6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{33FFB51B-4E91-4030-BF6B-2AD10AE210A7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{38FF7A8F-5171-47C1-9345-3D96148C0C00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B6FDFA6-79FA-43AE-9629-D8FFBE2E9936}" = rport=445 | protocol=6 | dir=out | app=system | 
"{51309E94-2AD6-4434-8796-ABE0FBB0E738}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5A9799E2-6BB1-4218-B7D1-13A94768ED88}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7D0891B7-7DF5-4605-8778-D476CA7A4625}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7FBB580A-26E0-480B-A909-0F5AC4147B54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7FD770F2-D6BE-41BB-912C-92D2AC9F8F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8510E887-D88B-4DF6-9BD0-366638B432E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{89DDC746-9FCC-438C-8D7D-AB5E2B51F612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A404EDD4-6D12-44F1-9468-63D54C30DFEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0FAA845-0359-4E15-860F-7504F22E1019}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C2D69B7B-5E07-4A9C-B704-27DD3AE6275A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D34AD8B6-52C2-4EF6-9A3B-8C1D410AF7E5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{D6540783-DAA1-438C-8BFC-687C179D609C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D69DEE43-D94F-4B6C-8DB9-6D98F819B224}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DD0D5325-7299-4638-B4AD-C2B1E863123E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2A33CDD-9D50-45F2-BA1F-79089A177C4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000EBD73-AE94-4DCC-9A1B-592FDA3C987C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A1335CF-B558-4F65-8F7E-382B5F39EBF7}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"{344A6C91-94AB-46BE-9015-E5F3FDDEB490}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3FA0F4CE-7803-4A14-B772-B9F16B222DEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{424CAA5C-F2C3-4499-B015-C89B24E658B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{453E2838-329C-41E0-BCD2-E6D2A05A6137}" = protocol=6 | dir=out | app=system | 
"{51F12C8F-B739-45AA-86F5-31AE1AB1E0D8}" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"{5FB23434-966A-422A-99EF-A7EDCD759476}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65DB1064-D03F-4215-B263-4D4AF6389BC5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{67ED1740-3759-4682-9019-1A205AA7C7B3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{684119CD-CC5E-42AF-8E95-A9CF679A6EFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7AC2F34A-8D9C-4742-937D-4CFD2B1EEE44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BEF1326-633B-4059-94F6-BC4E9D992B0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{80672E0F-4323-439C-A0E9-ACE11A81A153}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8A0F3812-8B58-4D7B-BC7B-2A67078C2175}" = dir=in | app=c:\program files\dell\videostage\videostage.exe | 
"{8E313E11-B64E-442B-B338-B1F7823C7AAE}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"{926F6C87-454D-407E-AE4E-B359171CC8D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{949B39EA-23BD-479A-83C0-96EA13A7DF6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{94DC0CBE-ADC5-438A-BC35-50E9BFBBE58E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C331A74-FC79-4FDF-B5FF-AB88E40C1C34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F4A2012-5786-4421-8443-6380382B97DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A9C72912-E1AE-4E83-AD2E-BEA46CDA3DB6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{BAA32216-6986-451D-8461-2F64496FB565}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EA38FDED-79EF-45D6-93BF-BD62296D3227}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB1E2219-C305-4BAB-B880-7045585715B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EE136E33-DD36-48B8-A17A-B3F08048B8C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4923AD2-523A-4A8E-86E0-7DEBA8E7299B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{FC664F61-C5F0-4F68-83FC-CD0F77AEE7C6}" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"{FF7B50C7-7E5B-4CD3-B152-5F4BDB0C200F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{4F233CBB-2507-4A26-81EE-6022D2FE9F5D}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{06DFCF56-C680-428C-819D-5A367DECD5B6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{616AF091-D73C-481B-9113-FD758EB2F50A}" = MusicStage
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{7650F538-6274-44EA-8F50-843479073333}" = Epson USB Display
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A855F2D-24D4-4B93-BFA9-824289902063}" = Dell duo Stage
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{862892F1-2158-451D-82EC-4112E5DD8A93}" = Accelerometer-Magnetometer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CA856-294B-484A-BCFB-A8AA542D297F}" = syncables desktop
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2312A99-3F31-4ED0-854D-61424B78B0F7}" = Broadcom CrystalHD Decoder
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBA77958-961F-4161-A094-2E7CD5CD974F}" = Dell duo Station
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"0BAED083C44E7385DDEF7055043302B191E27BA9" = Windows-Treiberpaket - Sitecom Europe BV (MOSUMAC) Net  (06/04/2007 1.0.0.3)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AvsP_is1" = AvsP
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.4.1
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dell Support Center" = Dell Support Center
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Image Viewer" = FastStone Image Viewer 4.4
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Google Chrome" = Google Chrome
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.6.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ShapeCollage" = Shape Collage
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUpMedia" = TuneUp 2.4.6.4
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.10.2012 08:22:47 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.10.2012 08:22:47 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1101382
 
Error - 02.10.2012 08:22:47 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1101382
 
Error - 02.10.2012 08:22:48 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.10.2012 08:22:48 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1102474
 
Error - 02.10.2012 08:22:48 | Computer Name = Leila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1102474
 
Error - 02.10.2012 08:40:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (13340) Asapi: (14:40:34:1120)(13340) libAsapi.DynamicLoadedPlugin
 - Error -- 64 Unable to load library 'S3LogPusher.dll' 
 
Error - 02.10.2012 08:40:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (13340) Asapi: (14:40:34:4130)(13340) Asapi.State - Error -- 123 Plugin
 S3LogPusher.dll failed to load. 
 
Error - 02.10.2012 13:25:12 | Computer Name = Leila-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: deeqm0ze.exe, Version: 1.0.15.15641,
 Zeitstempel: 0x4e21f2b1  Name des fehlerhaften Moduls: deeqm0ze.exe, Version: 1.0.15.15641,
 Zeitstempel: 0x4e21f2b1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c676  ID des fehlerhaften
 Prozesses: 0x1774  Startzeit der fehlerhaften Anwendung: 0x01cda0c274b8b42c  Pfad der
 fehlerhaften Anwendung: C:\Users\Leila\Downloads\deeqm0ze.exe  Pfad des fehlerhaften
 Moduls: C:\Users\Leila\Downloads\deeqm0ze.exe  Berichtskennung: 1e9679ee-0cb6-11e2-a9f0-0a004ef6fa3d
 
Error - 02.10.2012 13:30:21 | Computer Name = Leila-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
[ Dell Events ]
Error - 25.09.2012 14:11:18 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 12:46:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 12:46:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 04.10.2012 11:25:27 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ System Events ]
Error - 04.10.2012 10:44:04 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 04.10.2012 11:20:01 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 04.10.2012 11:20:52 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 04.10.2012 11:20:52 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 04.10.2012 11:21:22 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 04.10.2012 11:21:22 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 04.10.2012 11:21:23 | Computer Name = Leila-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 04.10.2012 11:21:23 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 04.10.2012 11:21:23 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 04.10.2012 11:31:47 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
 
< End of report >
         


zu 9.
Hier die Ergebnisse von der Datei-Überprüfung mit VirusTotal:

1. C:\Users\Leila\Desktop\deeqm0ze.exe

Code:
ATTFilter
SHA256: 	ce723717c56b2231ea7843f5408225b07a997b466584d38d278db5e7cf2c2eb0
SHA1: 	bca23ce5d074b45038076bcd19e5beea2d55fbef
MD5: 	ff72056739c31e4cc920fbdff4f9a8e5
File size: 	295.5 KB ( 302592 bytes )
File name: 	deeqm0ze.exe
File type: 	Win32 EXE
Detection ratio: 	1 / 41
Analysis date: 	2012-10-04 20:35:40 UTC ( 1 Minute ago ) 
Antivirus 	Result 	Update
Agnitum 	- 	20121004
AntiVir 	- 	20121004
Antiy-AVL 	- 	20121003
Avast 	- 	20121004
AVG 	- 	20121004
BitDefender 	- 	20121004
CAT-QuickHeal 	- 	20121004
ClamAV 	- 	20121004
Commtouch 	- 	20121004
Comodo 	- 	20121004
DrWeb 	- 	20121004
Emsisoft 	- 	20120919
eSafe 	- 	20121002
ESET-NOD32 	- 	20121004
F-Prot 	- 	20121004
F-Secure 	- 	20121003
Fortinet 	- 	20121004
GData 	- 	20121004
Ikarus 	- 	20121004
Jiangmin 	Trojan/JmGenGeneric.aic 	20121003
K7AntiVirus 	- 	20121004
Kaspersky 	- 	20121004
Kingsoft 	- 	20120925
McAfee 	- 	20121004
McAfee-GW-Edition 	- 	20121004
Microsoft 	- 	20121004
Norman 	- 	20121003
nProtect 	- 	20121004
Panda 	- 	20121004
PCTools 	- 	20121004
Rising 	- 	20120928
Sophos 	- 	20121004
SUPERAntiSpyware 	- 	20120911
Symantec 	- 	20121003
TheHacker 	- 	20121004
TotalDefense 	- 	20121004
TrendMicro 	- 	20121004
TrendMicro-HouseCall 	- 	20121004
VBA32 	- 	20121004
VIPRE 	- 	20121004
ViRobot 	- 	20121004
         

2. C:\Users\Leila\g2mdlhlpx.exe

Code:
ATTFilter
SHA256: 	407168a8d891526b37bc66c2f7fa97df91fa11dd0810bb274c89ff9d66105423
File name: 	g2mdlhlpx.exe
Detection ratio: 	1 / 42
Analysis date: 	2012-10-04 20:43:13 UTC ( 1 Minute ago )
Antivirus 	Result 	Update
AhnLab-V3 	- 	20121003
AntiVir 	- 	20121003
Antiy-AVL 	- 	20121002
Avast 	- 	20121003
AVG 	- 	20121003
BitDefender 	- 	20121003
ByteHero 	- 	20121004
CAT-QuickHeal 	- 	20121002
ClamAV 	- 	20121003
Commtouch 	- 	20121003
Comodo 	- 	20121003
DrWeb 	- 	20121003
Emsisoft 	- 	20120919
eSafe 	- 	20121002
ESET-NOD32 	- 	20121003
F-Prot 	- 	20120926
F-Secure 	- 	20121003
Fortinet 	- 	20121003
GData 	- 	20121003
Ikarus 	- 	20121003
Jiangmin 	- 	20121002
K7AntiVirus 	- 	20121002
Kaspersky 	- 	20121003
McAfee 	- 	20121003
McAfee-GW-Edition 	- 	20121003
Microsoft 	- 	20121003
MicroWorld-eScan 	- 	20121003
Norman 	- 	20121003
nProtect 	- 	20121003
Panda 	- 	20121002
PCTools 	- 	20121003
Rising 	- 	20120928
Sophos 	- 	20121003
SUPERAntiSpyware 	- 	20120911
Symantec 	- 	20121003
TheHacker 	Posible_Worm32 	20121001
TotalDefense 	- 	20121003
TrendMicro 	- 	20121003
TrendMicro-HouseCall 	- 	20121003
VBA32 	- 	20121003
VIPRE 	- 	20121003
ViRobot 	- 	20121003
         

Ok, ich hoffe, dass ich das alles richtig gemacht habe und es das ist, was du brauchst.

Das Startfenster kommt immernoch, wenn ich Mozilla oder Googlechrome aufmache... vielleicht soll das an diesem Punkt ja noch so sein...?

lg,
gesa


Alt 05.10.2012, 08:18   #6
kira
/// Helfer-Team
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



1.
Vor dem nächsten Schritt, also bevor wir weitermachen:
Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw)
Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks
Mache das jetzt bitte!


2.
Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows 2000 (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise
  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte vorher fragen.
  • Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
    Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
--> starterfenster.com nach vlc player download von vlc.de

Alt 05.10.2012, 12:21   #7
EmHe
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



hallo kira,

das hat soweit geklappt, glaube ich...

hier der log:

Code:
ATTFilter
ComboFix 12-10-04.02 - Leila 05.10.2012  12:50:51.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.2036.818 [GMT 2:00]
ausgeführt von:: c:\users\Leila\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Leila\AppData\Roaming\ImgBurn.exe
c:\users\Leila\g2mdlhlpx.exe
c:\windows\system32\pt
c:\windows\system32\pt\Lagoon.resources.dll
Y:\AUTORUN.INF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-05 bis 2012-10-05  ))))))))))))))))))))))))))))))
.
.
2012-10-05 11:06 . 2012-10-05 11:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-04 15:32 . 2012-10-04 15:32	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{93D018FE-B70D-459E-9D1B-8DD0EC9ECB8E}\offreg.dll
2012-10-04 14:34 . 2012-10-04 14:34	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-10-04 13:56 . 2012-10-04 13:56	--------	d-----w-	C:\_OTL
2012-10-04 10:48 . 2012-10-04 10:49	--------	d-----w-	c:\program files\CCleaner
2012-10-04 07:16 . 2012-10-04 07:16	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-10-04 07:16 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-03 07:35 . 2012-09-18 22:59	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{93D018FE-B70D-459E-9D1B-8DD0EC9ECB8E}\mpengine.dll
2012-10-03 07:35 . 2012-05-31 10:25	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-10-02 12:51 . 2012-10-04 15:16	--------	d-----w-	c:\users\Leila\AppData\Roaming\Media Player Classic
2012-10-02 12:49 . 2012-10-02 12:49	--------	d-----w-	c:\program files\MPC-HC
2012-10-02 12:35 . 2012-10-02 12:41	--------	d-----w-	c:\users\Leila\AppData\Roaming\vlc
2012-09-25 09:27 . 2012-09-25 09:27	--------	d-----w-	c:\program files\MSECache
2012-09-25 08:53 . 2012-09-25 08:53	--------	d-----w-	c:\programdata\Microsoft Help
2012-09-25 08:53 . 2012-09-25 08:53	--------	d-----w-	c:\users\Leila\AppData\Local\Microsoft Help
2012-09-24 19:25 . 2012-10-02 12:26	--------	d-----w-	c:\program files\VideoLAN
2012-09-22 14:55 . 2012-08-24 06:53	678912	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-09-22 14:55 . 2012-08-24 06:51	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-09-19 20:39 . 2012-09-19 20:39	--------	d-----w-	c:\program files\Common Files\Skype
2012-09-12 06:41 . 2012-08-02 17:05	490496	----a-w-	c:\windows\system32\d3d10level9.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 10:01 . 2012-06-29 07:39	696240	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-21 10:01 . 2011-05-30 18:02	73136	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-18 17:10 . 2012-08-15 15:39	2344448	----a-w-	c:\windows\system32\win32k.sys
2012-09-06 01:26 . 2012-10-04 15:13	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-08-13 1873192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"AtherosBtStack"="c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-07-30 470176]
"AthBtTray"="c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-07-30 289952]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Magneto Popup"="c:\program files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe" [2010-11-03 111216]
"Syncables"="c:\program files\syncables\syncables desktop\syncables.exe" [2010-01-20 370480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"EPSON_UD_START"="c:\program files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe" [2011-01-06 341416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell duo Stage.lnk - c:\program files\Dell\duo Stage\duoStage.exe [2010-10-18 1021504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [x]
S2 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [x]
S3 LSM303DLH;STMicroelectronics™ 3-Achs Beschleunigungssensor/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\DRIVERS\QWARQNet.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14	141824	----a-w-	c:\windows\System32\wscript.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 10:01]
.
2011-05-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 21:47]
.
2012-10-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 21:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Free YouTube to MP3 Converter - c:\users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startfenster.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\SearchScopes\{31B85772-CDD9-4389-A02A-2388C71753F1}]
@DACL=(02 0000)
"DisplayName"="Bing"
"URL"="hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox"
"ShowSearchSuggestions"=dword:00000001
"FaviconURL"="hxxp://www.bing.com/favicon.ico"
"SuggestionsURL"="hxxp://api.bing.com/qsml.aspx?query={searchTerms}&src={referrer:source?}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}"
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@Apple.com/iTunes,version=]
@DACL=(02 0000)
"Description"="iTunes Detektor-Plug-In"
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@Apple.com/iTunes,version=1.0]
@DACL=(02 0000)
"Path"="c:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll"
"XPTPath"="c:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.xpt"
"ProductName"="iTunes Programmdetektor"
"Version"="10.6.0.40"
"Vendor"="Apple Inc."
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@Google.com/GoogleEarthPlugin]
@DACL=(02 0000)
"Vendor"="Google Inc."
"Description"="Google Earth in your browser"
"ProductName"="Google Earth Plug-in"
"Version"="1.0.0.0"
"EarthVersion"="6.2.2.6613"
"Path"="c:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll"
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@java.com/JavaPlugin]
@DACL=(02 0000)
"Description"="Oracle® Next Generation Java™ Plug-In"
"GeckoVersion"="1.9"
"Path"="c:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll"
"ProductName"="Oracle® Java™ Plug-In"
"Vendor"="Oracle Corp."
"Version"="160_22"
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@microsoft.com/GENUINE]
@DACL=(02 0000)
"Path"="disabled"
"GeckoVersion"="1.7.5"
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
@DACL=(02 0000)
"Description"="Ag Player Plugin"
"GeckoVersion"="1.7.5"
"Path"="c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll"
"ProductName"="Ag Player"
"Vendor"="Microsoft"
"Version"="4.1"
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0]
@DACL=(02 0000)
"Description"="Bing Bar"
"Path"="c:\\Program Files\\MSN Toolbar\\Platform\\6.0.2282.0\\npwinext.dll"
"Version"="5.0"
"GeckoVersion"="1.0"
"ProductName"="Bing Bar"
"Vendor"="Microsoft Corporation"
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
@DACL=(02 0000)
@=""
"Description"="Microsoft SharePoint Plug-in for Firefox"
"Path"="c:\\PROGRA~1\\MICROS~4\\Office14\\NPSPWRAP.DLL"
"ProductName"="Microsoft SharePoint Plug-in for Firefox"
"Vendor"="Microsoft"
"Version"="14.0"
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]
@DACL=(02 0000)
"ProductName"="Virtual Earth 3D 4.0"
"Version"="4.0"
"Description"="Virtual Earth 3D"
"Vendor"="Microsoft"
"Path"="c:\\Program Files\\Virtual Earth 3D\\"
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
@DACL=(02 0000)
"Path"="c:\\Program Files\\Windows Live\\Photo Gallery\\NPWLPG.dll"
"Description"="WLPG Install MIME type"
"GeckoVersion"="1.0"
"ProductName"="Windows Live Photo Gallery"
"Version"="15.4.3502.0922"
"Vendor"="Microsoft"
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
@DACL=(02 0000)
"Vendor"="Microsoft"
"Version"="15.4.3508.1109"
"ProductName"="Windows Live Photo Gallery"
"GeckoVersion"="1.0"
"Description"="WLPG Install MIME type"
"Path"="c:\\Program Files\\Windows Live\\Photo Gallery\\NPWLPG.dll"
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@tools.google.com/Google Update;version=3\MimeTypes\application/x-vnd.google.update3webcontrol.3]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@tools.google.com/Google Update;version=9]
@DACL=(02 0000)
"Path"="c:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll"
"Description"="Google Update"
"ProductName"="Google Update"
"Vendor"="Google Inc."
"Version"="9"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
   00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
.
Zeit der Fertigstellung: 2012-10-05  13:12:26
ComboFix-quarantined-files.txt  2012-10-05 11:12
.
Vor Suchlauf: 13 Verzeichnis(se), 123.017.191.424 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 122.907.742.208 Bytes frei
.
- - End Of File - - F95D5FD7EC514EA2B81D5A280736A1D8
         
das starfenster ist noch immer da...

lg,
gesa

Es hat sich nur ein Log geöffnet. Was ist dieser C:\Qoobox\Add-Remove Programs.txt?

Alt 05.10.2012, 15:31   #8
kira
/// Helfer-Team
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



1.
Firefox - Reste von Toolbars über about:config entfernen

Firefox starten
In die Adresszeile eingeben => about:config => Enter drücken
Bestätige, dass Du vorsichtig sein wirst.

Folgende Einstellungen sind nicht korrekt und müssen geändert werden:
Gib startfenster unter Filter ein.
Es erscheinen alle Zeilen, die das Suchwort enthalten.

Um die Einträge zurückzusetzen, einfach rechte Maustaste auf die einzelnen Zeilen und zurücksetzen wählen.
Wenn alle Zeilen zurückgesetzt sind, schließe den Tab von about:config.

Schaue auch unter Extras => Addons => Erweiterungen
Wenn da noch etwas von startfenster zu finden ist, bitte entfernen.

Ebenfalls unter Suchmaschinen verwalten schauen, ob Du da noch etwas von "startfenster" findest, ebenfalls dort entfernen und z. B. Google als Standard-Suchmaschine einstellen.


OTL entfernen und erneut herunterladen:

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Mache Häckchen bei LOP- und Purity-Prüfung
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (05.10.2012 um 15:37 Uhr)

Alt 05.10.2012, 16:36   #9
EmHe
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



Die Otl.txt:

Code:
ATTFilter
OTL logfile created on: 05.10.2012 17:03:01 - Run 4
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Leila\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,50% Memory free
3,98 Gb Paging File | 2,55 Gb Available in Paging File | 64,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 114,36 Gb Free Space | 40,35% Space Free | Partition Type: NTFS
Drive Y: | 14,65 Gb Total Space | 8,06 Gb Free Space | 55,06% Space Free | Partition Type: NTFS
 
Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Leila\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics)
PRC - C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (SRS Labs, Inc.)
PRC - C:\Programme\Dell\duo Stage\duoStage.exe (ArcSoft, Inc.)
PRC - C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Programme\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
PRC - C:\Programme\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
PRC - C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Dell Wireless\Ath_CoexAgent.exe (Atheros)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC)
PRC - C:\Programme\syncables\syncables desktop\OTiSyncApp.exe (syncables, LLC)
PRC - C:\Programme\syncables\syncables desktop\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll ()
MOD - C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
MOD - C:\Programme\syncables\syncables desktop\2208TR.dll ()
MOD - C:\Programme\Dell\duo Stage\QtGui4.dll ()
MOD - C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtSql4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtCore4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtNetwork4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Programme\Dell\duo Stage\QtXml4.dll ()
MOD - C:\Programme\Dell\duo Stage\kgl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (EMP_UDSA) -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION)
SRV - (CxAudMsg) -- C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.)
SRV - (CxUSBDock) -- C:\Windows\System32\CxUSBDock32.exe (Conexant Systems Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SftService) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (AtherosSvc) -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe (Atheros)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (catchme) -- C:\Users\Leila\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (eppvad_simple) -- C:\Windows\System32\drivers\EMP_UDAU.sys (SEIKO EPSON CORPORATION)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (LSM303DLH) -- C:\Windows\System32\drivers\LSM303DLH.sys (STMicroelectronics)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (BRCMDECO) -- C:\Windows\System32\drivers\BRCMHD32.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (QWARQNet) -- C:\Windows\System32\drivers\QWARQNet.sys (ConnectSoft, Inc.)
DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (MOSUMAC) -- C:\Windows\System32\drivers\MOSUMAC.SYS (--)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC E0 F0 D0 45 A2 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = ???????????????`?????´
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.05 11:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.05 11:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.05 11:04:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.04 17:13:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions
[2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.04 15:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions
[2012.07.26 11:20:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.04 17:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.startfenster.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.startfenster.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.10.05 13:06:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics)
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A2246E-FD4D-4D21-9BF3-C606FFDA07FB}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F81F09-06FE-41E7-8882-00D4E3834BC9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.05 17:00:51 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe
[2012.10.05 16:42:42 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2012.10.05 13:12:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.05 12:48:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.05 12:48:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.05 12:48:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.05 12:47:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.05 12:47:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.05 12:14:33 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Leila\Desktop\ComboFix.exe
[2012.10.04 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.04 16:34:23 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.04 16:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.04 15:56:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.04 12:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.04 12:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.04 12:46:19 | 003,941,312 | ---- | C] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe
[2012.10.04 09:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.04 09:16:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.04 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.03 09:35:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.10.02 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Media Player Classic
[2012.10.02 14:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012.10.02 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2012.10.02 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\vlc
[2012.10.02 14:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.02 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Dad&Sandy's visit
[2012.10.01 17:13:10 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Überraschungswochenende September
[2012.09.25 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\Microsoft Help
[2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.09.24 21:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.09.24 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\{2F6FC335-F107-463F-8D3C-2D6D2EA725D4}
[2012.09.22 16:56:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 16:56:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 16:56:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 16:56:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 16:56:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.22 16:56:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.22 16:56:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 16:55:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.19 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.19 22:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.12 08:41:32 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.04.24 12:15:15 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Leila\AppData\Roaming\SetupGFD.exe
[2012.04.24 12:14:50 | 004,284,535 | ---- | C] (ffdshow                                                     ) -- C:\Users\Leila\AppData\Roaming\ffdshow.exe
[2012.04.24 12:14:47 | 000,642,685 | ---- | C] (Xvid team                                                   ) -- C:\Users\Leila\AppData\Roaming\xvid.exe
[2012.04.24 12:14:13 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Leila\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.05 17:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.05 17:00:57 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe
[2012.10.05 16:52:15 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.10.05 16:40:35 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.10.05 16:40:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.05 13:06:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.05 12:15:12 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Leila\Desktop\ComboFix.exe
[2012.10.05 11:39:03 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.05 11:39:03 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.05 11:38:40 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.05 11:38:40 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.05 11:38:40 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.05 11:38:40 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.05 11:31:13 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 17:18:18 | 000,104,324 | ---- | M] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg
[2012.10.04 17:13:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.04 17:04:54 | 007,317,935 | ---- | M] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv
[2012.10.04 16:34:01 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.04 16:13:35 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.04 12:49:00 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.04 12:46:42 | 003,941,312 | ---- | M] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe
[2012.10.04 09:16:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 18:58:59 | 000,302,592 | ---- | M] () -- C:\Users\Leila\Desktop\deeqm0ze.exe
[2012.10.02 17:43:45 | 000,000,000 | ---- | M] () -- C:\Users\Leila\defogger_reenable
[2012.10.02 14:49:54 | 000,001,833 | ---- | M] () -- C:\Users\Leila\Desktop\MPC-HC.lnk
[2012.10.02 14:28:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.02 08:53:40 | 000,268,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.28 11:22:33 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.21 12:01:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.21 12:01:27 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.05 12:48:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.05 12:48:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.05 12:48:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.05 12:48:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.05 12:48:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.04 17:18:08 | 000,104,324 | ---- | C] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg
[2012.10.04 17:13:10 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.04 17:13:10 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.04 17:04:32 | 007,317,935 | ---- | C] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv
[2012.10.04 16:13:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.10.04 16:13:35 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.04 12:49:00 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.04 09:16:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 18:58:59 | 000,302,592 | ---- | C] () -- C:\Users\Leila\Desktop\deeqm0ze.exe
[2012.10.02 17:43:45 | 000,000,000 | ---- | C] () -- C:\Users\Leila\defogger_reenable
[2012.10.02 14:49:54 | 000,001,833 | ---- | C] () -- C:\Users\Leila\Desktop\MPC-HC.lnk
[2012.10.02 14:28:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.10 11:29:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012.04.24 12:18:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.04.24 12:18:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.04.24 12:18:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.04.24 12:14:59 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Leila\AppData\Roaming\AvsP.exe
[2011.05.30 17:38:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.30 13:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.05 10:32:21 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.26 11:21:07 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoft
[2012.07.26 11:20:40 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.01 17:44:57 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ImgBurn
[2012.07.26 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\OpenCandy
[2012.03.03 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ProtectDisc
[2012.10.05 11:46:09 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\SoftGrid Client
[2011.05.29 14:40:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\Thunderbird
[2011.06.13 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TP
[2012.07.26 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TuneUpMedia
 
========== Purity Check ==========
 
 

< End of report >
         
und die Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 05.10.2012 17:03:02 - Run 4
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Leila\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,50% Memory free
3,98 Gb Paging File | 2,55 Gb Available in Paging File | 64,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 114,36 Gb Free Space | 40,35% Space Free | Partition Type: NTFS
Drive Y: | 14,65 Gb Total Space | 8,06 Gb Free Space | 55,06% Space Free | Partition Type: NTFS
 
Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13BD02B6-CEC7-4A20-9A59-F5F8747324FD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{16995652-6CE8-40AE-BD3A-54714A7E2CFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{184A3598-A9CE-474F-AE80-7B42530D2E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{18A43722-045D-41E7-B868-A283EFC34CD9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1A83F28E-B675-48EE-B3BF-EF175953E6A5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1F1B9261-1DFA-4BB0-B0CF-1DEA7A65DAC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2163AC05-B352-4F9E-8C00-3C126BBB0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{255A242A-1255-413B-9A1A-82D77BC4846F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25F3875D-380C-4A49-A34D-178776C02C6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{33FFB51B-4E91-4030-BF6B-2AD10AE210A7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{38FF7A8F-5171-47C1-9345-3D96148C0C00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B6FDFA6-79FA-43AE-9629-D8FFBE2E9936}" = rport=445 | protocol=6 | dir=out | app=system | 
"{51309E94-2AD6-4434-8796-ABE0FBB0E738}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5A9799E2-6BB1-4218-B7D1-13A94768ED88}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7D0891B7-7DF5-4605-8778-D476CA7A4625}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7FBB580A-26E0-480B-A909-0F5AC4147B54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7FD770F2-D6BE-41BB-912C-92D2AC9F8F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8510E887-D88B-4DF6-9BD0-366638B432E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{89DDC746-9FCC-438C-8D7D-AB5E2B51F612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A404EDD4-6D12-44F1-9468-63D54C30DFEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0FAA845-0359-4E15-860F-7504F22E1019}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C2D69B7B-5E07-4A9C-B704-27DD3AE6275A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D34AD8B6-52C2-4EF6-9A3B-8C1D410AF7E5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{D6540783-DAA1-438C-8BFC-687C179D609C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D69DEE43-D94F-4B6C-8DB9-6D98F819B224}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DD0D5325-7299-4638-B4AD-C2B1E863123E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2A33CDD-9D50-45F2-BA1F-79089A177C4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000EBD73-AE94-4DCC-9A1B-592FDA3C987C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A1335CF-B558-4F65-8F7E-382B5F39EBF7}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"{344A6C91-94AB-46BE-9015-E5F3FDDEB490}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3FA0F4CE-7803-4A14-B772-B9F16B222DEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{424CAA5C-F2C3-4499-B015-C89B24E658B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{453E2838-329C-41E0-BCD2-E6D2A05A6137}" = protocol=6 | dir=out | app=system | 
"{51F12C8F-B739-45AA-86F5-31AE1AB1E0D8}" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"{5FB23434-966A-422A-99EF-A7EDCD759476}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65DB1064-D03F-4215-B263-4D4AF6389BC5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{67ED1740-3759-4682-9019-1A205AA7C7B3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{684119CD-CC5E-42AF-8E95-A9CF679A6EFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7AC2F34A-8D9C-4742-937D-4CFD2B1EEE44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BEF1326-633B-4059-94F6-BC4E9D992B0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{80672E0F-4323-439C-A0E9-ACE11A81A153}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8A0F3812-8B58-4D7B-BC7B-2A67078C2175}" = dir=in | app=c:\program files\dell\videostage\videostage.exe | 
"{8E313E11-B64E-442B-B338-B1F7823C7AAE}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"{926F6C87-454D-407E-AE4E-B359171CC8D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{949B39EA-23BD-479A-83C0-96EA13A7DF6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{94DC0CBE-ADC5-438A-BC35-50E9BFBBE58E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C331A74-FC79-4FDF-B5FF-AB88E40C1C34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F4A2012-5786-4421-8443-6380382B97DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A9C72912-E1AE-4E83-AD2E-BEA46CDA3DB6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{BAA32216-6986-451D-8461-2F64496FB565}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EA38FDED-79EF-45D6-93BF-BD62296D3227}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB1E2219-C305-4BAB-B880-7045585715B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EE136E33-DD36-48B8-A17A-B3F08048B8C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4923AD2-523A-4A8E-86E0-7DEBA8E7299B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{FC664F61-C5F0-4F68-83FC-CD0F77AEE7C6}" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"{FF7B50C7-7E5B-4CD3-B152-5F4BDB0C200F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{4F233CBB-2507-4A26-81EE-6022D2FE9F5D}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{06DFCF56-C680-428C-819D-5A367DECD5B6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{616AF091-D73C-481B-9113-FD758EB2F50A}" = MusicStage
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{7650F538-6274-44EA-8F50-843479073333}" = Epson USB Display
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A855F2D-24D4-4B93-BFA9-824289902063}" = Dell duo Stage
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{862892F1-2158-451D-82EC-4112E5DD8A93}" = Accelerometer-Magnetometer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CA856-294B-484A-BCFB-A8AA542D297F}" = syncables desktop
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2312A99-3F31-4ED0-854D-61424B78B0F7}" = Broadcom CrystalHD Decoder
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBA77958-961F-4161-A094-2E7CD5CD974F}" = Dell duo Station
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"0BAED083C44E7385DDEF7055043302B191E27BA9" = Windows-Treiberpaket - Sitecom Europe BV (MOSUMAC) Net  (06/04/2007 1.0.0.3)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AvsP_is1" = AvsP
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.4.1
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dell Support Center" = Dell Support Center
"Dell Webcam Central" = Dell Webcam Central
"FastStone Image Viewer" = FastStone Image Viewer 4.4
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Google Chrome" = Google Chrome
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.6.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ShapeCollage" = Shape Collage
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUpMedia" = TuneUp 2.4.6.4
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.10.2012 07:00:17 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (12000) Asapi: (13:00:17:8790)(12000) libAsapi.DynamicLoadedPlugin
 - Error -- 64 Unable to load library 'S3LogPusher.dll' 
 
Error - 03.10.2012 07:00:17 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (12000) Asapi: (13:00:17:9410)(12000) Asapi.State - Error -- 123 Plugin
 S3LogPusher.dll failed to load. 
 
Error - 03.10.2012 07:00:31 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (12000) Asapi: (13:00:31:4200)(12000) libKernelMode.ServiceManager
 - Error -- 543 Error 0x8 starting service 0: (Error#:8) : Für diesen Befehl ist
 nicht genügend Speicher verfügbar. 
 
Error - 03.10.2012 07:00:31 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (12000) Asapi: (13:00:31:5760)(12000) libKernelMode.ServiceManager
 - Error -- 467 Service must be started before accessing driver 
 
Error - 03.10.2012 07:00:31 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (12000) Asapi: (13:00:31:5760)(12000) libKernelMode.MemDriver - Error
 -- 44 Error reading physical memory: 0x0 
 
Error - 03.10.2012 07:00:31 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (12000) Asapi: (13:00:31:6380)(12000) libPreEnumOem.SystemEnumerator
 - Error -- 92 SMBIOS total memory size is wrong - accessible physical memory is
 greater than installed memory. Falling back to Microsoft provided memory metric.
***
 Memory Metric Summary *** Total Physical Memory   (Windows) : 2035.87 MB Total Physical
 Memory   (SMBIOS)  : 0.00 MB  
 
Error - 03.10.2012 07:01:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (12000) Asapi: (13:01:34:0470)(12000) libKernelMode.ServiceManager
 - Error -- 467 Service must be started before accessing driver 
 
Error - 03.10.2012 07:01:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (12000) Asapi: (13:01:34:0470)(12000) libKernelMode.MemDriver - Error
 -- 44 Error reading physical memory: 0x0 
 
Error - 03.10.2012 07:04:30 | Computer Name = Leila-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\dell
 datasafe local backup\SftVss64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.10.2012 07:57:09 | Computer Name = Leila-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ Dell Events ]
Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 04.10.2012 11:25:27 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 04.10.2012 11:25:27 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 05.10.2012 05:34:56 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 05.10.2012 05:34:56 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 05.10.2012 05:51:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ System Events ]
Error - 04.10.2012 11:21:23 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 04.10.2012 11:31:47 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 05.10.2012 05:31:27 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 05.10.2012 05:31:52 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 05.10.2012 06:50:35 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 05.10.2012 06:57:40 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 05.10.2012 07:06:49 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 05.10.2012 09:40:39 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 05.10.2012 09:40:52 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 05.10.2012 10:40:25 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
 
< End of report >
         

Alt 07.10.2012, 06:27   #10
kira
/// Helfer-Team
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



entferne bitte OTL und lade es erneut herunter:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Mache Häckchen bei LOP- und Purity-Prüfung
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► Dein Problem besteht immer noch?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 07.10.2012, 18:15   #11
EmHe
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



Nein, das Startfenster kommt jetzt nicht mehr

Ist mein Computer jetzt geheilt?

Hier die Otl.txt

Code:
ATTFilter
OTL logfile created on: 07.10.2012 18:22:52 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Leila\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,26% Memory free
3,98 Gb Paging File | 2,71 Gb Available in Paging File | 68,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 114,10 Gb Free Space | 40,26% Space Free | Partition Type: NTFS
 
Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Leila\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics)
PRC - C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (SRS Labs, Inc.)
PRC - C:\Programme\Dell\duo Stage\duoStage.exe (ArcSoft, Inc.)
PRC - C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Programme\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
PRC - C:\Programme\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
PRC - C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Dell Wireless\Ath_CoexAgent.exe (Atheros)
PRC - C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC)
PRC - C:\Programme\syncables\syncables desktop\OTiSyncApp.exe (syncables, LLC)
PRC - C:\Programme\syncables\syncables desktop\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll ()
MOD - C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Programme\syncables\syncables desktop\2208TR.dll ()
MOD - C:\Programme\Dell\duo Stage\QtGui4.dll ()
MOD - C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtSql4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtCore4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtNetwork4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Dell\duo Stage\QtXml4.dll ()
MOD - C:\Programme\Dell\duo Stage\kgl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (EMP_UDSA) -- C:\Programme\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION)
SRV - (CxAudMsg) -- C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.)
SRV - (CxUSBDock) -- C:\Windows\System32\CxUSBDock32.exe (Conexant Systems Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SftService) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (AtherosSvc) -- C:\Programme\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Programme\Dell Wireless\Ath_CoexAgent.exe (Atheros)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Leila\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (eppvad_simple) -- C:\Windows\System32\drivers\EMP_UDAU.sys (SEIKO EPSON CORPORATION)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (LSM303DLH) -- C:\Windows\System32\drivers\LSM303DLH.sys (STMicroelectronics)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (BRCMDECO) -- C:\Windows\System32\drivers\BRCMHD32.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (QWARQNet) -- C:\Windows\System32\drivers\QWARQNet.sys (ConnectSoft, Inc.)
DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (MOSUMAC) -- C:\Windows\System32\drivers\MOSUMAC.SYS (--)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC E0 F0 D0 45 A2 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = ???????????????`?????´
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.05 11:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.05 11:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.05 11:04:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.04 17:13:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions
[2011.05.29 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.04 15:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions
[2012.07.26 11:20:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\f8jrqhns.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.04 17:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.startfenster.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.startfenster.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.10.05 13:06:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics)
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A2246E-FD4D-4D21-9BF3-C606FFDA07FB}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F81F09-06FE-41E7-8882-00D4E3834BC9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.07 18:21:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe
[2012.10.07 18:13:17 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2012.10.05 13:12:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.05 12:48:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.05 12:48:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.05 12:48:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.05 12:47:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.05 12:47:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.05 12:14:33 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Leila\Desktop\ComboFix.exe
[2012.10.04 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.04 16:34:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.04 16:34:23 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.04 16:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.04 15:56:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.04 12:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.04 12:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.04 12:46:19 | 003,941,312 | ---- | C] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe
[2012.10.04 09:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.04 09:16:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.04 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.03 09:35:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.10.02 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\Media Player Classic
[2012.10.02 14:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012.10.02 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2012.10.02 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Roaming\vlc
[2012.10.02 14:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.02 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Dad&Sandy's visit
[2012.10.01 17:13:10 | 000,000,000 | ---D | C] -- C:\Users\Leila\Desktop\Überraschungswochenende September
[2012.09.25 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\Microsoft Help
[2012.09.25 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.09.24 21:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.09.24 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Leila\AppData\Local\{2F6FC335-F107-463F-8D3C-2D6D2EA725D4}
[2012.09.22 16:56:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 16:56:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 16:56:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 16:56:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 16:56:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.22 16:56:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.22 16:56:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 16:55:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.19 22:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.19 22:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.12 08:41:32 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.04.24 12:15:15 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Leila\AppData\Roaming\SetupGFD.exe
[2012.04.24 12:14:50 | 004,284,535 | ---- | C] (ffdshow                                                     ) -- C:\Users\Leila\AppData\Roaming\ffdshow.exe
[2012.04.24 12:14:47 | 000,642,685 | ---- | C] (Xvid team                                                   ) -- C:\Users\Leila\AppData\Roaming\xvid.exe
[2012.04.24 12:14:13 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Leila\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 18:30:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.10.07 18:21:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leila\Desktop\OTL.exe
[2012.10.07 18:17:23 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 18:17:23 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 18:15:17 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.07 18:15:17 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.07 18:15:17 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.07 18:15:17 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.07 18:13:12 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.10.07 18:09:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 18:08:49 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.05 19:02:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.05 13:06:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.05 12:15:12 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Leila\Desktop\ComboFix.exe
[2012.10.04 17:18:18 | 000,104,324 | ---- | M] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg
[2012.10.04 17:13:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.04 17:04:54 | 007,317,935 | ---- | M] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv
[2012.10.04 16:34:01 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.04 16:34:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.04 16:13:35 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.04 12:49:00 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.04 12:46:42 | 003,941,312 | ---- | M] (Piriform Ltd) -- C:\Users\Leila\Desktop\ccsetup323.exe
[2012.10.04 09:16:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 18:58:59 | 000,302,592 | ---- | M] () -- C:\Users\Leila\Desktop\deeqm0ze.exe
[2012.10.02 17:43:45 | 000,000,000 | ---- | M] () -- C:\Users\Leila\defogger_reenable
[2012.10.02 14:49:54 | 000,001,833 | ---- | M] () -- C:\Users\Leila\Desktop\MPC-HC.lnk
[2012.10.02 14:28:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.02 08:53:40 | 000,268,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.28 11:22:33 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.21 12:01:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.21 12:01:27 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.10.05 12:48:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.05 12:48:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.05 12:48:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.05 12:48:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.05 12:48:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.04 17:18:08 | 000,104,324 | ---- | C] () -- C:\Users\Leila\Desktop\cc_20121004_171758.reg
[2012.10.04 17:13:10 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.04 17:13:10 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.04 17:04:32 | 007,317,935 | ---- | C] () -- C:\Users\Leila\Documents\Firefox 15.0.1 (de) - 2012-10-04.pcv
[2012.10.04 16:13:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.10.04 16:13:35 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.04 12:49:00 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.04 09:16:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 18:58:59 | 000,302,592 | ---- | C] () -- C:\Users\Leila\Desktop\deeqm0ze.exe
[2012.10.02 17:43:45 | 000,000,000 | ---- | C] () -- C:\Users\Leila\defogger_reenable
[2012.10.02 14:49:54 | 000,001,833 | ---- | C] () -- C:\Users\Leila\Desktop\MPC-HC.lnk
[2012.10.02 14:28:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.10 11:29:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012.04.24 12:18:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.04.24 12:18:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.04.24 12:18:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.04.24 12:14:59 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Leila\AppData\Roaming\AvsP.exe
[2011.05.30 17:38:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.30 13:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.05 10:32:21 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.26 11:21:07 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoft
[2012.07.26 11:20:40 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.01 17:44:57 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ImgBurn
[2012.07.26 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\OpenCandy
[2012.03.03 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\ProtectDisc
[2012.10.05 19:04:48 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\SoftGrid Client
[2011.05.29 14:40:53 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\Thunderbird
[2011.06.13 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TP
[2012.07.26 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Leila\AppData\Roaming\TuneUpMedia
 
========== Purity Check ==========
 
 

< End of report >
         
und die Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 07.10.2012 18:22:52 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Leila\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,26% Memory free
3,98 Gb Paging File | 2,71 Gb Available in Paging File | 68,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 114,10 Gb Free Space | 40,26% Space Free | Partition Type: NTFS
 
Computer Name: LEILA-PC | User Name: Leila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13BD02B6-CEC7-4A20-9A59-F5F8747324FD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{16995652-6CE8-40AE-BD3A-54714A7E2CFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{184A3598-A9CE-474F-AE80-7B42530D2E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{18A43722-045D-41E7-B868-A283EFC34CD9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1A83F28E-B675-48EE-B3BF-EF175953E6A5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1F1B9261-1DFA-4BB0-B0CF-1DEA7A65DAC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2163AC05-B352-4F9E-8C00-3C126BBB0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{255A242A-1255-413B-9A1A-82D77BC4846F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25F3875D-380C-4A49-A34D-178776C02C6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{33FFB51B-4E91-4030-BF6B-2AD10AE210A7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{38FF7A8F-5171-47C1-9345-3D96148C0C00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B6FDFA6-79FA-43AE-9629-D8FFBE2E9936}" = rport=445 | protocol=6 | dir=out | app=system | 
"{51309E94-2AD6-4434-8796-ABE0FBB0E738}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5A9799E2-6BB1-4218-B7D1-13A94768ED88}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7D0891B7-7DF5-4605-8778-D476CA7A4625}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7FBB580A-26E0-480B-A909-0F5AC4147B54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7FD770F2-D6BE-41BB-912C-92D2AC9F8F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8510E887-D88B-4DF6-9BD0-366638B432E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{89DDC746-9FCC-438C-8D7D-AB5E2B51F612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A404EDD4-6D12-44F1-9468-63D54C30DFEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0FAA845-0359-4E15-860F-7504F22E1019}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C2D69B7B-5E07-4A9C-B704-27DD3AE6275A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D34AD8B6-52C2-4EF6-9A3B-8C1D410AF7E5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{D6540783-DAA1-438C-8BFC-687C179D609C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D69DEE43-D94F-4B6C-8DB9-6D98F819B224}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DD0D5325-7299-4638-B4AD-C2B1E863123E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2A33CDD-9D50-45F2-BA1F-79089A177C4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000EBD73-AE94-4DCC-9A1B-592FDA3C987C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A1335CF-B558-4F65-8F7E-382B5F39EBF7}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"{344A6C91-94AB-46BE-9015-E5F3FDDEB490}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3FA0F4CE-7803-4A14-B772-B9F16B222DEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{424CAA5C-F2C3-4499-B015-C89B24E658B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{453E2838-329C-41E0-BCD2-E6D2A05A6137}" = protocol=6 | dir=out | app=system | 
"{51F12C8F-B739-45AA-86F5-31AE1AB1E0D8}" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"{5FB23434-966A-422A-99EF-A7EDCD759476}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65DB1064-D03F-4215-B263-4D4AF6389BC5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{67ED1740-3759-4682-9019-1A205AA7C7B3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{684119CD-CC5E-42AF-8E95-A9CF679A6EFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7AC2F34A-8D9C-4742-937D-4CFD2B1EEE44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BEF1326-633B-4059-94F6-BC4E9D992B0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{80672E0F-4323-439C-A0E9-ACE11A81A153}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8A0F3812-8B58-4D7B-BC7B-2A67078C2175}" = dir=in | app=c:\program files\dell\videostage\videostage.exe | 
"{8E313E11-B64E-442B-B338-B1F7823C7AAE}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"{926F6C87-454D-407E-AE4E-B359171CC8D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{949B39EA-23BD-479A-83C0-96EA13A7DF6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{94DC0CBE-ADC5-438A-BC35-50E9BFBBE58E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C331A74-FC79-4FDF-B5FF-AB88E40C1C34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F4A2012-5786-4421-8443-6380382B97DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A9C72912-E1AE-4E83-AD2E-BEA46CDA3DB6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{BAA32216-6986-451D-8461-2F64496FB565}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EA38FDED-79EF-45D6-93BF-BD62296D3227}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB1E2219-C305-4BAB-B880-7045585715B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EE136E33-DD36-48B8-A17A-B3F08048B8C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4923AD2-523A-4A8E-86E0-7DEBA8E7299B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{FC664F61-C5F0-4F68-83FC-CD0F77AEE7C6}" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"{FF7B50C7-7E5B-4CD3-B152-5F4BDB0C200F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{4F233CBB-2507-4A26-81EE-6022D2FE9F5D}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{06DFCF56-C680-428C-819D-5A367DECD5B6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{616AF091-D73C-481B-9113-FD758EB2F50A}" = MusicStage
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{7650F538-6274-44EA-8F50-843479073333}" = Epson USB Display
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A855F2D-24D4-4B93-BFA9-824289902063}" = Dell duo Stage
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{862892F1-2158-451D-82EC-4112E5DD8A93}" = Accelerometer-Magnetometer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CA856-294B-484A-BCFB-A8AA542D297F}" = syncables desktop
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2312A99-3F31-4ED0-854D-61424B78B0F7}" = Broadcom CrystalHD Decoder
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBA77958-961F-4161-A094-2E7CD5CD974F}" = Dell duo Station
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"0BAED083C44E7385DDEF7055043302B191E27BA9" = Windows-Treiberpaket - Sitecom Europe BV (MOSUMAC) Net  (06/04/2007 1.0.0.3)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AvsP_is1" = AvsP
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.4.1
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dell Support Center" = Dell Support Center
"Dell Webcam Central" = Dell Webcam Central
"FastStone Image Viewer" = FastStone Image Viewer 4.4
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Google Chrome" = Google Chrome
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.6.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ShapeCollage" = Shape Collage
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUpMedia" = TuneUp 2.4.6.4
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.10.2012 07:00:31 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (12000) Asapi: (13:00:31:5760)(12000) libKernelMode.MemDriver - Error
 -- 44 Error reading physical memory: 0x0 
 
Error - 03.10.2012 07:00:31 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (12000) Asapi: (13:00:31:6380)(12000) libPreEnumOem.SystemEnumerator
 - Error -- 92 SMBIOS total memory size is wrong - accessible physical memory is
 greater than installed memory. Falling back to Microsoft provided memory metric.
***
 Memory Metric Summary *** Total Physical Memory   (Windows) : 2035.87 MB Total Physical
 Memory   (SMBIOS)  : 0.00 MB  
 
Error - 03.10.2012 07:01:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (12000) Asapi: (13:01:34:0470)(12000) libKernelMode.ServiceManager
 - Error -- 467 Service must be started before accessing driver 
 
Error - 03.10.2012 07:01:34 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (12000) Asapi: (13:01:34:0470)(12000) libKernelMode.MemDriver - Error
 -- 44 Error reading physical memory: 0x0 
 
Error - 03.10.2012 07:04:30 | Computer Name = Leila-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\dell
 datasafe local backup\SftVss64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.10.2012 07:57:09 | Computer Name = Leila-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 04.10.2012 03:23:21 | Computer Name = Leila-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 04.10.2012 07:00:07 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (16056) Asapi: (13:00:07:2540)(16056) libAsapi.DynamicLoadedPlugin
 - Error -- 64 Unable to load library 'S3LogPusher.dll' 
 
Error - 04.10.2012 07:00:07 | Computer Name = Leila-PC | Source = PC-Doctor | ID = 1
Description = (16056) Asapi: (13:00:07:2690)(16056) Asapi.State - Error -- 123 Plugin
 S3LogPusher.dll failed to load. 
 
Error - 04.10.2012 08:15:22 | Computer Name = Leila-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\dell
 datasafe local backup\SftVss64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Dell Events ]
Error - 28.09.2012 13:57:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 28.09.2012 14:28:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 01.10.2012 14:42:03 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 04.10.2012 11:25:27 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 04.10.2012 11:25:27 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 05.10.2012 05:34:56 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 05.10.2012 05:34:56 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 05.10.2012 05:51:07 | Computer Name = Leila-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ System Events ]
Error - 05.10.2012 09:40:52 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 05.10.2012 10:40:25 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 05.10.2012 15:10:42 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 05.10.2012 15:11:05 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 06.10.2012 05:18:50 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 06.10.2012 05:19:14 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 07.10.2012 07:36:12 | Computer Name = Leila-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 07.10.2012 07:36:35 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 07.10.2012 12:10:10 | Computer Name = Leila-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 07.10.2012 12:10:14 | Computer Name = Leila-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >
         

Alt 07.10.2012, 19:24   #12
kira
/// Helfer-Team
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
CHR - homepage: http://www.startfenster.com
CHR - default_search_provider: Google (Enabled)
CHR - homepage: http://www.startfenster.com
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

ansonsten das Log sieht gut aus. sonst noch Probleme?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 07.10.2012, 21:06   #13
EmHe
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



Ne, sonst hab ich keine Probleme mehr.

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry delete failed. HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Leila\Desktop\cmd.bat deleted successfully.
C:\Users\Leila\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Leila
->Temp folder emptied: 261830 bytes
->Temporary Internet Files folder emptied: 571407 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57697864 bytes
->Google Chrome cache emptied: 6119168 bytes
->Flash cache emptied: 660 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119054329 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 175,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10072012_215721

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ scheduled to be deleted on reboot.
         

Alt 08.10.2012, 13:18   #14
kira
/// Helfer-Team
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



** Lass dein System in der nächste Zeit noch unter Beobachtung!
wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes:

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes: also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► für Win 7 das Service Pack 1 bitte aufspielen!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!
-> Installiere jedes Update das Dir angeboten wird, wiederhole den Vorgang so oft, bis nicht mehr gibt

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!
Zitat:
Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
    - Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    so wird oft Art von Adware/Spyware mitinstalliert!
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
    - Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 08.10.2012, 20:48   #15
EmHe
 
starterfenster.com nach vlc player download von vlc.de - Standard

starterfenster.com nach vlc player download von vlc.de



Liebe Kira, so werd ich's machen. Aber schonmal vielen, vielen lieben Dank für die Hilfe!
Es ist echt super, dass ihr diese Hilfe im Internet anbietet! -Ich wäre da sonst nicht durchgestiegen
Also: Danke, danke, danke!

Lieben Gruß,
Gesa

Antwort

Themen zu starterfenster.com nach vlc player download von vlc.de
192.168.0.2, 7-zip, adobe, adware/adware.gen, antivirus, autorun, avg, avira, bho, bonjour, converter, defender, desktop, firefox, flash player, format, helper, home, lightning, logfile, mozilla, mp3, plug-in, popup, realtek, scan, security, usb, wlan, www.startfenster.com




Ähnliche Themen: starterfenster.com nach vlc player download von vlc.de


  1. Download-Player.com entfernen
    Anleitungen, FAQs & Links - 11.06.2014 (2)
  2. Umleitung auf sm.de nach Installation VCL-Player
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (8)
  3. Nach VLC-Player Installation habe ich SM.de als Suchmaschine
    Log-Analyse und Auswertung - 19.03.2014 (9)
  4. Windows XP: Schadsoftware durch VLC-Player-Download
    Plagegeister aller Art und deren Bekämpfung - 27.02.2014 (3)
  5. Schadsoftware durch VLC-Player-Download
    Plagegeister aller Art und deren Bekämpfung - 11.01.2014 (12)
  6. Windows 8.1: Browserstartseite wird durch Startfenster.de umgeleitet nach VLC Player download
    Log-Analyse und Auswertung - 03.01.2014 (16)
  7. flash player required for this website, click download now - Internetseite (meine) kann nicht betreten werden
    Plagegeister aller Art und deren Bekämpfung - 22.12.2013 (9)
  8. Nach Download einer Amazon-Rechnung (nicht geöffnet) TR/Buzus Trojaner per Avira gefunden nach Virenprüfung hier der Bericht
    Log-Analyse und Auswertung - 16.09.2013 (6)
  9. startfenster.com Windows 8 vcl player download
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (17)
  10. Startfenster.com nach vlc.player download
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (2)
  11. Nach VLC-Player Installation von Vlc.de Problem mit www.startfenster.com
    Log-Analyse und Auswertung - 22.10.2012 (14)
  12. startfenster.de nach vlc-player installation von vlc.de
    Log-Analyse und Auswertung - 05.10.2012 (9)
  13. Nach Download VLC-Player erscheint startfenster.com
    Log-Analyse und Auswertung - 28.09.2012 (7)
  14. startfenster.com nach VLC-Player Download
    Log-Analyse und Auswertung - 27.09.2012 (18)
  15. Startfenster.com nach VLC-Player Download
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (29)
  16. antivir findet trojaner nach download, ist mein pc sicher nach Dateilöschung
    Log-Analyse und Auswertung - 19.02.2010 (11)
  17. Nach Flash Player Download kann ich keine runtergeladen exe-dateien mehr öffnen!
    Plagegeister aller Art und deren Bekämpfung - 09.06.2008 (3)

Zum Thema starterfenster.com nach vlc player download von vlc.de - Hallo zusammen! Blöderweise habe ich, wie viele andere hier, den vlc player von vlc.de runtergeladen und jetzt öffnet sich immer www.startfenster.com, wenn ich Mozilla oder GoogleChrome öffne. Ich habe den - starterfenster.com nach vlc player download von vlc.de...
Archiv
Du betrachtest: starterfenster.com nach vlc player download von vlc.de auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.