GVU "ihr computer wurde gesperrt"

cosinus · 23.12.2012, 22:13

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

showmaker · 23.12.2012, 22:27

ich habe alles fenster und programme geschlossen. und den CF geöffnet. Er hat mich darauf hingewiesen dass Avast Antivirus noch läuft und evtl die Arbeit von CF behindern kann. Wie du es auch schon angekündigt hast. Bevor ich auf Ok klicke soll ich also dieses Programm beenden. Ich finde aber nicht wo. Unten rechts in der Leiste wird mir das Avast symbol nicht angezeigt. Im task manager unter anwendungen und prozesse taucht es auch nicht auf. Unter Dienste wird mir der status avast antivirus mit beendet angezeigt.

habe es jetzt hinbekommen

hier der cf log

Code:

ATTFilter

ComboFix 12-12-23.01 - Jonas 24.12.2012   0:23.1.2 - x86 NETWORK
Microsoft Windows 7 Enterprise   6.1.7600.0.1252.49.1033.18.1917.1387 [GMT 1:00]
ausgeführt von:: c:\users\Jonas\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Jonas\AppData\Roaming\ImgBurn.exe
c:\users\Jonas\AppData\Roaming\Local
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\b7e86afd0b5e5248fc837c745a35c344.ddr
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\FILE4D5EC042E7FFA.plong.ddr
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\sight_sbrueder_extended_cd1.avi.ddr
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\b7e86afd0b5e5248fc837c745a35c344
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4BA175F8ECDE7.plong(2).ddp
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4BA175F8ECDE7.plong(3).ddp
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4BA175F8ECDE7.plong(4).ddp
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4BA175F8ECDE7.plong.ddp
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4D5EC042E7FFA.plong.ddp
c:\users\Jonas\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\sight_sbrueder_extended_cd1.avi
c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
c:\users\Jonas\AppData\Roaming\yuvcodecs-1.3.exe
c:\users\Jonas\wgsdgsdgdsgsd.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-23 bis 2012-12-23  ))))))))))))))))))))))))))))))
.
.
2012-12-23 23:31 . 2012-12-23 23:32	--------	d-----w-	c:\users\Jonas\AppData\Local\temp
2012-12-23 23:31 . 2012-12-23 23:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-23 23:20 . 2012-12-23 23:20	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF01631D-13B0-4846-811B-76EBCF0BD717}\offreg.dll
2012-12-23 19:03 . 2012-12-23 19:03	--------	d-----w-	C:\_OTL
2012-12-21 22:01 . 2012-12-21 22:02	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-12-21 19:53 . 2012-12-21 19:53	2889	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2012-12-21 15:12 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF01631D-13B0-4846-811B-76EBCF0BD717}\mpengine.dll
2012-12-17 21:22 . 2012-11-22 07:43	2344960	----a-w-	c:\windows\system32\win32k.sys
2012-12-17 21:20 . 2012-09-06 16:48	245616	----a-w-	c:\windows\system32\drivers\volsnap.sys
2012-12-17 21:20 . 2012-11-09 04:49	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-17 21:50 . 2012-04-01 12:21	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-17 21:50 . 2011-05-17 16:22	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-07-12 06:52	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-07-12 06:52	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-07-12 06:52	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-07-12 06:52	58680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-07-12 06:52	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-07-12 06:52	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-07-12 06:52	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-23 19:45 . 2012-10-23 19:45	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-10-23 19:45 . 2010-04-19 08:13	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-16 20:34 . 2012-12-17 21:21	559104	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-07-12 06:52	44784	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-10-02 18:58 . 2012-07-03 08:23	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-25 21:55 . 2012-11-17 13:03	78336	----a-w-	c:\windows\system32\synceng.dll
2012-07-18 20:29 . 2011-05-07 07:58	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jonas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPhoneExplorer.lnk]
path=c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPhoneExplorer.lnk
backup=c:\windows\pss\MyPhoneExplorer.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 20:43	926896	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
2011-09-09 09:09	523216	----a-w-	c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15	63360	----a-w-	c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40	155648	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44	37888	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Realtime Audio Engine"="mmrtkrnl.exe" /i
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Skytel"=Skytel.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [x]
R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:50]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 16:03]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 16:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.mydrive.ch/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BBA62752-B2D6-47CE-B7D9-310A699621FA}: NameServer = 192.168.2.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - vpnweb.cab
FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\
FF - prefs.js: browser.startup.homepage - spiegelonline.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-CarboniteSetupLite - c:\program files\Carbonite\CarbonitePreinstaller.exe
MSConfigStartUp-MaxMenuMgr - c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-24  00:34:17
ComboFix-quarantined-files.txt  2012-12-23 23:34
.
Vor Suchlauf: 3.685.961.728 Bytes frei
Nach Suchlauf: 3.580.018.688 Bytes frei
.
- - End Of File - - D14A6179200C460520686E6F089B8263

cosinus · 24.12.2012, 15:58

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

showmaker · 24.12.2012, 20:10

Code:

ATTFilter

# AdwCleaner v2.102 - Logfile created 12/24/2012 at 20:07:14
# Updated 23/12/2012 by Xplode
# Operating system : Windows 7 Enterprise  (32 bits)
# User : Jonas - JONAS-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\searchplugins\11-suche.xml
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Ilivid
Folder Found : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Found : C:\Users\Jonas\AppData\Local\Ilivid Player
Folder Found : C:\Users\Jonas\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Jonas\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\Conduit
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\ConduitCommon
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\ConduitEngine
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\CT2319825
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\engine@conduit.com
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\WinampToolbarData

***** [Registry] *****

Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\Software\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (de)

File : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\prefs.js

Found : user_pref("CT2319825..clientLogIsEnabled", false);
Found : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2319825.CTID", "CT2319825");
Found : user_pref("CT2319825.CurrentServerDate", "22-5-2012");
Found : user_pref("CT2319825.DialogsAlignMode", "LTR");
Found : user_pref("CT2319825.DialogsGetterLastCheckTime", "Tue May 22 2012 15:16:25 GMT+0200");
Found : user_pref("CT2319825.DownloadReferralCookieData", "");
Found : user_pref("CT2319825.EMailNotifierPollDate", "Fri Jan 07 2011 00:39:59 GMT+0100");
Found : user_pref("CT2319825.FeedPollDate11908299", "Fri Jan 07 2011 00:40:00 GMT+0100");
Found : user_pref("CT2319825.FirstServerDate", "25-12-2010");
Found : user_pref("CT2319825.FirstTime", true);
Found : user_pref("CT2319825.FirstTimeFF3", true);
Found : user_pref("CT2319825.FirstTimeSettingsDone", true);
Found : user_pref("CT2319825.FixPageNotFoundErrors", false);
Found : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2319825.HasUserGlobalKeys", true);
Found : user_pref("CT2319825.Initialize", true);
Found : user_pref("CT2319825.InitializeCommonPrefs", true);
Found : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2319825.InstallationType", "Unknown");
Found : user_pref("CT2319825.InstalledDate", "Sat Dec 25 2010 21:16:20 GMT+0100");
Found : user_pref("CT2319825.InvalidateCache", false);
Found : user_pref("CT2319825.IsGrouping", false);
Found : user_pref("CT2319825.IsMulticommunity", false);
Found : user_pref("CT2319825.IsOpenThankYouPage", true);
Found : user_pref("CT2319825.IsOpenUninstallPage", true);
Found : user_pref("CT2319825.LanguagePackLastCheckTime", "Tue May 22 2012 16:40:23 GMT+0200");
Found : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2319825.LastLogin_2.7.2.0", "Fri Jan 07 2011 00:39:59 GMT+0100");
Found : user_pref("CT2319825.LastLogin_3.12.2.3", "Tue May 22 2012 20:44:01 GMT+0200");
Found : user_pref("CT2319825.LatestVersion", "3.12.2.3");
Found : user_pref("CT2319825.Locale", "de");
Found : user_pref("CT2319825.LoginCache", 4);
Found : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Found : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Found : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2319825.RadioIsPodcast", false);
Found : user_pref("CT2319825.RadioLastCheckTime", "Fri Jan 07 2011 00:40:00 GMT+0100");
Found : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Found : user_pref("CT2319825.RadioMediaID", "11949532");
Found : user_pref("CT2319825.RadioMediaType", "Media Player");
Found : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Found : user_pref("CT2319825.RadioShrinked", "shrinked");
Found : user_pref("CT2319825.RadioStationName", "1Live");
Found : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Found : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Found : user_pref("CT2319825.SearchInNewTabEnabled", true);
Found : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Tue May 22 2012 16:40:20 GMT+0200");
Found : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2319825.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2319825.ServiceMapLastCheckTime", "Tue May 22 2012 16:40:20 GMT+0200");
Found : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2319825.SettingsLastCheckTime", "Tue May 22 2012 20:44:00 GMT+0200");
Found : user_pref("CT2319825.SettingsLastUpdate", "1337169810");
Found : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sat Dec 25 2010 21:16:15 GMT+0100");
Found : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2319825.ToolbarDisabled", true);
Found : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Found : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2319825.UserID", "UN38099116315418047");
Found : user_pref("CT2319825.ValidationData_Toolbar", 1);
Found : user_pref("CT2319825.WeatherNetwork", "");
Found : user_pref("CT2319825.WeatherPollDate", "Fri Jan 07 2011 00:40:00 GMT+0100");
Found : user_pref("CT2319825.WeatherUnit", "C");
Found : user_pref("CT2319825.alertChannelId", "715912");
Found : user_pref("CT2319825.backendstorage.id", "32363338343838");
Found : user_pref("CT2319825.clientLogIsEnabled", false);
Found : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2319825.initDone", true);
Found : user_pref("CT2319825.myStuffEnabled", true);
Found : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2319825.revertSettingsEnabled", true);
Found : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Found : user_pref("CT2319825.testingCtid", "");
Found : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Tue May 22 2012 16:40:23 GMT+0200");
Found : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"1-194[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"f9b[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2319825,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Mar 26 2011 09:12:42 GMT+01[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 15:17:48 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 15:17:34 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "{f348f11a-3bf6-4b55-b8d6-7e71fcc48427}");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 07 2011 00:39:59 GMT+0100");
Found : user_pref("CommunityToolbar.globalUserId", "027e544e-1419-4d9d-aa89-c43f80750bed");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 23 2011 10:20:01 GMT+0200");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Found : user_pref("ConduitEngine.FirstServerDate", "03/26/2011 11");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Sat Mar 26 2011 09:12:44 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Mar 26 2011 09:12:44 GMT+0100");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 26 2011 09:12:42 GMT+0100");
Found : user_pref("ConduitEngine.UserID", "UN47740451014137897");
Found : user_pref("ConduitEngine.componentAlertEnabled", false);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 26 2011 09:12:44 GMT+0100");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 1);

-\\ Opera v [Unable to get version]

File : C:\Users\Jonas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [15358 octets] - [24/12/2012 20:07:14]

########## EOF - C:\AdwCleaner[R1].txt - [15419 octets] ##########

cosinus · 26.12.2012, 21:17

Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

showmaker · 26.12.2012, 21:34

ich hatte awd cleaner vorher nicht. hatte also letztes mal eigtl die neue/aktuelle version runtergeladen. habe die exe datei jetzt aber wieder gelöscht und bin dann wieder dem link gefolgt und habe es neu heruntergeladen. hier die log. falls ich was falsch gemacht hab sag mir bitte noch mal bescheid.

Code:

ATTFilter

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 21:31:50
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Enterprise  (32 bits)
# User : Jonas - JONAS-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\searchplugins\11-suche.xml
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Ilivid
Folder Found : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Found : C:\Users\Jonas\AppData\Local\Ilivid Player
Folder Found : C:\Users\Jonas\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Jonas\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\Conduit
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\ConduitCommon
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\ConduitEngine
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\CT2319825
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\engine@conduit.com
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\WinampToolbarData

***** [Registry] *****

Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\Software\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (de)

File : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\prefs.js

Found : user_pref("CT2319825..clientLogIsEnabled", false);
Found : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2319825.CTID", "CT2319825");
Found : user_pref("CT2319825.CurrentServerDate", "22-5-2012");
Found : user_pref("CT2319825.DialogsAlignMode", "LTR");
Found : user_pref("CT2319825.DialogsGetterLastCheckTime", "Tue May 22 2012 15:16:25 GMT+0200");
Found : user_pref("CT2319825.DownloadReferralCookieData", "");
Found : user_pref("CT2319825.EMailNotifierPollDate", "Fri Jan 07 2011 00:39:59 GMT+0100");
Found : user_pref("CT2319825.FeedPollDate11908299", "Fri Jan 07 2011 00:40:00 GMT+0100");
Found : user_pref("CT2319825.FirstServerDate", "25-12-2010");
Found : user_pref("CT2319825.FirstTime", true);
Found : user_pref("CT2319825.FirstTimeFF3", true);
Found : user_pref("CT2319825.FirstTimeSettingsDone", true);
Found : user_pref("CT2319825.FixPageNotFoundErrors", false);
Found : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2319825.HasUserGlobalKeys", true);
Found : user_pref("CT2319825.Initialize", true);
Found : user_pref("CT2319825.InitializeCommonPrefs", true);
Found : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2319825.InstallationType", "Unknown");
Found : user_pref("CT2319825.InstalledDate", "Sat Dec 25 2010 21:16:20 GMT+0100");
Found : user_pref("CT2319825.InvalidateCache", false);
Found : user_pref("CT2319825.IsGrouping", false);
Found : user_pref("CT2319825.IsMulticommunity", false);
Found : user_pref("CT2319825.IsOpenThankYouPage", true);
Found : user_pref("CT2319825.IsOpenUninstallPage", true);
Found : user_pref("CT2319825.LanguagePackLastCheckTime", "Tue May 22 2012 16:40:23 GMT+0200");
Found : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2319825.LastLogin_2.7.2.0", "Fri Jan 07 2011 00:39:59 GMT+0100");
Found : user_pref("CT2319825.LastLogin_3.12.2.3", "Tue May 22 2012 20:44:01 GMT+0200");
Found : user_pref("CT2319825.LatestVersion", "3.12.2.3");
Found : user_pref("CT2319825.Locale", "de");
Found : user_pref("CT2319825.LoginCache", 4);
Found : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Found : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Found : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2319825.RadioIsPodcast", false);
Found : user_pref("CT2319825.RadioLastCheckTime", "Fri Jan 07 2011 00:40:00 GMT+0100");
Found : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Found : user_pref("CT2319825.RadioMediaID", "11949532");
Found : user_pref("CT2319825.RadioMediaType", "Media Player");
Found : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Found : user_pref("CT2319825.RadioShrinked", "shrinked");
Found : user_pref("CT2319825.RadioStationName", "1Live");
Found : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Found : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Found : user_pref("CT2319825.SearchInNewTabEnabled", true);
Found : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Tue May 22 2012 16:40:20 GMT+0200");
Found : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2319825.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2319825.ServiceMapLastCheckTime", "Tue May 22 2012 16:40:20 GMT+0200");
Found : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2319825.SettingsLastCheckTime", "Tue May 22 2012 20:44:00 GMT+0200");
Found : user_pref("CT2319825.SettingsLastUpdate", "1337169810");
Found : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sat Dec 25 2010 21:16:15 GMT+0100");
Found : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2319825.ToolbarDisabled", true);
Found : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Found : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2319825.UserID", "UN38099116315418047");
Found : user_pref("CT2319825.ValidationData_Toolbar", 1);
Found : user_pref("CT2319825.WeatherNetwork", "");
Found : user_pref("CT2319825.WeatherPollDate", "Fri Jan 07 2011 00:40:00 GMT+0100");
Found : user_pref("CT2319825.WeatherUnit", "C");
Found : user_pref("CT2319825.alertChannelId", "715912");
Found : user_pref("CT2319825.backendstorage.id", "32363338343838");
Found : user_pref("CT2319825.clientLogIsEnabled", false);
Found : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2319825.initDone", true);
Found : user_pref("CT2319825.myStuffEnabled", true);
Found : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2319825.revertSettingsEnabled", true);
Found : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Found : user_pref("CT2319825.testingCtid", "");
Found : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Tue May 22 2012 16:40:23 GMT+0200");
Found : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"1-194[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"f9b[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2319825,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Mar 26 2011 09:12:42 GMT+01[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 15:17:48 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 15:17:34 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "{f348f11a-3bf6-4b55-b8d6-7e71fcc48427}");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 07 2011 00:39:59 GMT+0100");
Found : user_pref("CommunityToolbar.globalUserId", "027e544e-1419-4d9d-aa89-c43f80750bed");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 23 2011 10:20:01 GMT+0200");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Found : user_pref("ConduitEngine.FirstServerDate", "03/26/2011 11");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Sat Mar 26 2011 09:12:44 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Mar 26 2011 09:12:44 GMT+0100");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 26 2011 09:12:42 GMT+0100");
Found : user_pref("ConduitEngine.UserID", "UN47740451014137897");
Found : user_pref("ConduitEngine.componentAlertEnabled", false);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 26 2011 09:12:44 GMT+0100");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 1);

-\\ Opera v [Unable to get version]

File : C:\Users\Jonas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [15489 octets] - [24/12/2012 20:07:14]
AdwCleaner[R2].txt - [15419 octets] - [26/12/2012 21:31:50]

########## EOF - C:\AdwCleaner[R2].txt - [15480 octets] ##########

cosinus · 26.12.2012, 22:03

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

showmaker · 26.12.2012, 22:46

Adw

Code:

ATTFilter

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 22:08:16
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Enterprise  (32 bits)
# User : Jonas - JONAS-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\searchplugins\11-suche.xml
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Deleted : C:\Users\Jonas\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Jonas\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Jonas\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\Conduit
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\ConduitCommon
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\ConduitEngine
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\CT2319825
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\WinampToolbarData

***** [Registry] *****

Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (de)

File : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\prefs.js

Deleted : user_pref("CT2319825..clientLogIsEnabled", false);
Deleted : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2319825.CTID", "CT2319825");
Deleted : user_pref("CT2319825.CurrentServerDate", "22-5-2012");
Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2319825.DialogsGetterLastCheckTime", "Tue May 22 2012 15:16:25 GMT+0200");
Deleted : user_pref("CT2319825.DownloadReferralCookieData", "");
Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Fri Jan 07 2011 00:39:59 GMT+0100");
Deleted : user_pref("CT2319825.FeedPollDate11908299", "Fri Jan 07 2011 00:40:00 GMT+0100");
Deleted : user_pref("CT2319825.FirstServerDate", "25-12-2010");
Deleted : user_pref("CT2319825.FirstTime", true);
Deleted : user_pref("CT2319825.FirstTimeFF3", true);
Deleted : user_pref("CT2319825.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2319825.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2319825.HasUserGlobalKeys", true);
Deleted : user_pref("CT2319825.Initialize", true);
Deleted : user_pref("CT2319825.InitializeCommonPrefs", true);
Deleted : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2319825.InstallationType", "Unknown");
Deleted : user_pref("CT2319825.InstalledDate", "Sat Dec 25 2010 21:16:20 GMT+0100");
Deleted : user_pref("CT2319825.InvalidateCache", false);
Deleted : user_pref("CT2319825.IsGrouping", false);
Deleted : user_pref("CT2319825.IsMulticommunity", false);
Deleted : user_pref("CT2319825.IsOpenThankYouPage", true);
Deleted : user_pref("CT2319825.IsOpenUninstallPage", true);
Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Tue May 22 2012 16:40:23 GMT+0200");
Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2319825.LastLogin_2.7.2.0", "Fri Jan 07 2011 00:39:59 GMT+0100");
Deleted : user_pref("CT2319825.LastLogin_3.12.2.3", "Tue May 22 2012 20:44:01 GMT+0200");
Deleted : user_pref("CT2319825.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2319825.Locale", "de");
Deleted : user_pref("CT2319825.LoginCache", 4);
Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2319825.RadioIsPodcast", false);
Deleted : user_pref("CT2319825.RadioLastCheckTime", "Fri Jan 07 2011 00:40:00 GMT+0100");
Deleted : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Deleted : user_pref("CT2319825.RadioMediaID", "11949532");
Deleted : user_pref("CT2319825.RadioMediaType", "Media Player");
Deleted : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Deleted : user_pref("CT2319825.RadioShrinked", "shrinked");
Deleted : user_pref("CT2319825.RadioStationName", "1Live");
Deleted : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Deleted : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Tue May 22 2012 16:40:20 GMT+0200");
Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2319825.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2319825.ServiceMapLastCheckTime", "Tue May 22 2012 16:40:20 GMT+0200");
Deleted : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Tue May 22 2012 20:44:00 GMT+0200");
Deleted : user_pref("CT2319825.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sat Dec 25 2010 21:16:15 GMT+0100");
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2319825.ToolbarDisabled", true);
Deleted : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Deleted : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2319825.UserID", "UN38099116315418047");
Deleted : user_pref("CT2319825.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2319825.WeatherNetwork", "");
Deleted : user_pref("CT2319825.WeatherPollDate", "Fri Jan 07 2011 00:40:00 GMT+0100");
Deleted : user_pref("CT2319825.WeatherUnit", "C");
Deleted : user_pref("CT2319825.alertChannelId", "715912");
Deleted : user_pref("CT2319825.backendstorage.id", "32363338343838");
Deleted : user_pref("CT2319825.clientLogIsEnabled", false);
Deleted : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2319825.initDone", true);
Deleted : user_pref("CT2319825.myStuffEnabled", true);
Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2319825.revertSettingsEnabled", true);
Deleted : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2319825.testingCtid", "");
Deleted : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Tue May 22 2012 16:40:23 GMT+0200");
Deleted : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"1-194[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"f9b[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2319825,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Mar 26 2011 09:12:42 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 15:17:48 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 15:17:34 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{f348f11a-3bf6-4b55-b8d6-7e71fcc48427}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 07 2011 00:39:59 GMT+0100");
Deleted : user_pref("CommunityToolbar.globalUserId", "027e544e-1419-4d9d-aa89-c43f80750bed");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 23 2011 10:20:01 GMT+0200");
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/26/2011 11");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Mar 26 2011 09:12:44 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Mar 26 2011 09:12:44 GMT+0100");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 26 2011 09:12:42 GMT+0100");
Deleted : user_pref("ConduitEngine.UserID", "UN47740451014137897");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Mar 26 2011 09:12:43 GMT+0100");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 26 2011 09:12:44 GMT+0100");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 1);

-\\ Opera v [Unable to get version]

File : C:\Users\Jonas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [15489 octets] - [24/12/2012 20:07:14]
AdwCleaner[R2].txt - [15550 octets] - [26/12/2012 21:31:50]
AdwCleaner[S1].txt - [15711 octets] - [26/12/2012 22:08:16]

########## EOF - C:\AdwCleaner[S1].txt - [15772 octets] ##########

OTL.txt

Code:

ATTFilter

OTL logfile created on: 26.12.2012 22:34:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 70,15% Memory free
3,74 Gb Paging File | 3,30 Gb Available in Paging File | 88,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,44 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\PROGRA~1\7-PDF\7-PDFM~1\7p.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Jonas\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (EverestDriver) -- C:\Users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt ()
DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (SISAGP) -- C:\Windows\System32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (SiS Corporation)
DRV - (QCDonner) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mydrive.ch/
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE B2 5D A1 13 B6 CA 01  [binary data]
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "spiegelonline.de"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 10:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 10:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.17 22:14:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.24 20:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 00:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 17:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.12.25 21:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.12.26 22:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions
[2010.01.02 20:19:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\moveplayer@movenetworks.com
[2012.12.26 21:30:14 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\autofillForms@blueimp.net.xpi
[2012.12.17 22:17:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 14:21:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011.12.19 19:26:34 | 000,002,419 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 19:26:33 | 000,010,525 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\gmx-suche.xml
[2011.12.19 19:26:34 | 000,002,457 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\lastminute.xml
[2010.08.17 13:18:24 | 000,001,549 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\scroogle-ssl-search.xml
[2011.12.19 19:26:33 | 000,005,508 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\webde-suche.xml
[2010.05.04 18:27:51 | 000,002,057 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\youtube-videosuche.xml
[2012.10.02 19:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.24 20:05:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.12.17 22:14:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.12.24 20:05:34 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2006.10.26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2012.09.23 21:43:40 | 000,208,008 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.12.24 20:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.24 20:05:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.24 20:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.24 20:05:30 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012.12.24 20:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.24 20:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.24 20:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.24 00:31:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000..\RunOnce: [Report] C:\AdwCleaner[S1].txt File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000070 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000071 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000072 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000073 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000074 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000075 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000076 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000077 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000078 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000079 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000080 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000081 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000082 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000083 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000084 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000085 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000086 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000087 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000088 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000089 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000090 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000091 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000092 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000093 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000094 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000095 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000096 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000097 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000098 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261848450419 (MUCatalogWebControl Class)
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2073B93A-1295-4A0C-B5D2-AF75A32FB6EE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{445430A2-0344-48B1-8063-6CC744AB258A}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{525A024D-D79A-4E23-B717-B0331FF1101D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BFBFD2-0D9F-4EC1-9735-2DA3B8ACDA44}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9278B28F-449C-44B6-9264-7BF6339F15BF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E755811-115D-4DCF-A28D-50D81B4CC90A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBA62752-B2D6-47CE-B7D9-310A699621FA}: NameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.03 11:15:14 | 000,000,026 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.24 00:34:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\temp
[2012.12.24 00:20:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.24 00:20:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.24 00:20:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.23 22:19:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 22:19:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.23 22:17:42 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe
[2012.12.23 21:18:50 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012.12.23 21:10:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012.12.23 20:03:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.22 23:53:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.21 23:01:12 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.20 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\endnote styles
[2012.12.18 00:48:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.18 00:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.18 00:48:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.18 00:48:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.18 00:48:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.18 00:48:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.18 00:48:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.18 00:48:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.18 00:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.12.17 22:22:03 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.17 22:21:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.17 22:21:46 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.17 22:21:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.17 22:21:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.17 22:21:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.17 22:21:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.17 22:21:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.17 22:21:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.17 22:21:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.17 22:21:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.17 22:20:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.05.07 10:35:08 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Jonas\AppData\Roaming\SetupGFD.exe
[2012.05.07 10:34:41 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Jonas\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.26 22:15:29 | 000,659,732 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.26 22:15:29 | 000,623,078 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.26 22:15:29 | 000,133,070 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.26 22:15:29 | 000,109,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.26 22:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.26 22:10:59 | 1507,725,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.26 22:10:00 | 000,449,895 | ---- | M] () -- C:\SiSKmd_1.dmp
[2012.12.26 21:31:15 | 000,550,017 | ---- | M] () -- C:\Users\Jonas\Desktop\adwcleaner.exe
[2012.12.24 20:05:36 | 000,002,001 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.12.24 00:31:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.23 22:18:26 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe
[2012.12.23 22:03:51 | 000,000,512 | ---- | M] () -- C:\Users\Jonas\Desktop\MBR.dat
[2012.12.23 21:19:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012.12.23 21:11:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012.12.23 00:11:27 | 000,302,592 | ---- | M] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe
[2012.12.22 23:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.22 23:52:39 | 000,000,020 | ---- | M] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.22 22:47:36 | 000,014,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.22 22:47:36 | 000,014,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.22 22:45:22 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.21 20:53:21 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.21 20:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.21 20:14:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 16:20:18 | 002,588,453 | ---- | M] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 07:33:06 | 000,491,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.18 00:05:12 | 000,002,067 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012.12.17 22:50:19 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.17 22:50:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.17 22:15:07 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.15 18:20:19 | 000,001,236 | ---- | M] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | M] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.26 22:09:52 | 000,449,895 | ---- | C] () -- C:\SiSKmd_1.dmp
[2012.12.26 21:31:09 | 000,550,017 | ---- | C] () -- C:\Users\Jonas\Desktop\adwcleaner.exe
[2012.12.24 00:20:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.24 00:20:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.24 00:20:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.24 00:20:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.24 00:20:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.23 22:03:51 | 000,000,512 | ---- | C] () -- C:\Users\Jonas\Desktop\MBR.dat
[2012.12.23 00:11:26 | 000,302,592 | ---- | C] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe
[2012.12.22 23:52:22 | 000,000,020 | ---- | C] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:36 | 000,050,477 | ---- | C] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.21 20:53:21 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.18 16:20:14 | 002,588,453 | ---- | C] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 00:25:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.15 18:20:19 | 000,001,236 | ---- | C] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | C] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
[2012.05.07 10:36:14 | 000,034,936 | ---- | C] () -- C:\Windows\System32\uninstHelixYUV.exe
[2012.05.07 10:34:59 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Jonas\AppData\Roaming\AvsP.exe
[2012.05.07 10:34:57 | 001,357,348 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\MatroskaSplitter.exe
[2012.04.11 17:31:41 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sysmwwod.dll
[2011.05.19 10:34:25 | 000,021,844 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010.12.03 10:37:20 | 000,001,075 | ---- | C] () -- C:\Users\Jonas\windvi.cnf
[2010.09.13 13:14:09 | 000,002,068 | ---- | C] () -- C:\Users\Jonas\.powerupdate.user.properties
[2010.08.27 17:31:32 | 000,002,631 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\SerialClonerPrefs
[2010.07.31 15:26:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

otlextras

Code:

ATTFilter

OTL Extras logfile created on: 26.12.2012 22:34:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 70,15% Memory free
3,74 Gb Paging File | 3,30 Gb Available in Paging File | 88,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,44 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C9B5D1-6E41-41EC-BD6D-60D5E874FB15}" = rport=138 | protocol=17 | dir=out | app=system | 
"{24605008-600D-4C0E-B402-5CB9E8EA9B99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{289023B5-5E3C-4450-82AB-F0F6883A2DF8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{46878158-6868-412E-9883-77F7F9D127BD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4B1B2C89-F250-46A2-BB8C-76D9676A5748}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5408B885-D42E-448B-96D8-AD63F566C271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5BDB6C3A-65B5-4CAD-8ADC-1C9F52CD7F75}" = lport=139 | protocol=6 | dir=in | app=system | 
"{68D83906-47FC-4BF0-A21C-C52EB04A42DE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{868252F7-6AE4-4DAE-9990-C1A2E16BAA79}" = lport=445 | protocol=6 | dir=in | app=system | 
"{89E5E605-D087-4EEF-9BCF-DBBCB3961AD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{906EF994-6B6F-4C28-A67C-B909D6A0B5B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{963EAE72-BDDB-4355-AEDB-5DE2BEE0E85A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{98A6D47B-AD2C-488F-A5BF-B0962415FD41}" = rport=445 | protocol=6 | dir=out | app=system | 
"{992C22BD-6EC4-4471-B882-0C4FDC6C29B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9E66EB8A-9E55-4D70-B5D1-BBC67073C822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A07133DA-FF42-476A-A013-0BEA2AF1EECF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7CEFE26-BE85-42F6-985B-4BE9693672F2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B5A3D81A-0C94-4372-900E-C99865E5C024}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C00E2282-0EF6-4451-9E3B-618D4E5B1C1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C163F148-C055-42D1-BA9A-4C227C03D896}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{CBC77997-A192-4CCB-BB76-95025763FC58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CC6481D4-AA4F-4349-98D6-546B68768E81}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DC80F653-715A-4E8D-BE3E-9CBA07827881}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ECC4A6A4-383D-4F9D-A72B-BC7E0A078FE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D88CDF9-E23F-4171-87AF-BB3AB1162D17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{140615D6-31B3-464D-8CD9-AF7AF543BB0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2143A449-9D25-4882-BC7F-D1B6C0E84547}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{22D0FFC0-A9D8-4D08-B0B9-ADD8B456E3F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{37EB659F-CF44-4315-B9FB-B430F5733DB6}" = protocol=6 | dir=out | app=system | 
"{3CAE0B1D-A63B-4A0C-BD52-42A0666E423B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A411ABA-5AFA-4B33-9935-0D2C3B526F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4AD65AD0-805E-4495-8E9D-9747C555AB08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4AE6AD95-6411-47D6-971B-790F5482C2F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5BCEBE53-3B52-4AF6-862B-02078189B871}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{6A7F40C9-A15D-4B2C-BBE2-11C019FA6EA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{721AD6E3-3232-4CBD-A3CA-0A283B200EF1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{7651EDA7-6F2C-4B36-820C-3C8553DF21F5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{791207DB-087D-4117-AF87-3835C03D5D66}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{7B349BB7-1396-4D7F-AD94-D06D1BA808EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CC9C40E-5D08-4A9D-8B26-7C709A775424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C073300-E818-42B5-973E-8A285991F42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8CE52A2E-F4EF-491E-BA6C-D8E6C78FDBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AF3FCBF3-AE75-47EA-9200-9CB8305C228E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BC0D4800-CEAE-41D5-97C9-7B045EB00982}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CDA1C6F6-50C9-4EFF-B0DA-9BE182C560CD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{D86B0A22-4EDF-4710-BAC4-4DDF888EC6A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D8ECE471-98D9-4104-8758-6C7A60167086}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DCB9D527-406F-4DF5-93DC-AF7ADB9FA6CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DFA9F490-AFDD-4867-B8D0-17EBD840C2CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1D0918F-A368-4AE1-AE05-08193424D4CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC9299BB-77FC-4C4C-9E73-72901AAFB808}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F7916E78-24CD-4CA6-8945-96D8347CA92C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{F964743A-1B2F-4D82-8548-0F7CB6ABE234}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FB419F9F-DAD6-4097-B3AD-5A6E23D97646}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{0E468104-B5E8-48FC-9AB8-67B887A5710A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{12A8883D-7AF3-44CB-8F1E-6BB324C4442F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"TCP Query User{1FDA32B4-10DC-4E4C-829B-2F59D995CF05}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"TCP Query User{324C8D71-35B9-445A-86E6-D178611CF781}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{3AB53E31-E1C7-4B58-A620-5C23152F70F1}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{50F74B36-7F8D-4334-A039-955B50CD507B}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{8B0F688E-F7DD-49C1-A528-9CF8D3A79F3A}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{99C75F91-BF5C-4B4E-828A-93D9E470D53D}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{99D55528-F1A3-4BD6-98A3-6E6900DE1312}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"TCP Query User{A5C631A8-6A58-473F-B009-A4012010371D}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"TCP Query User{A916F8AD-62D8-44B1-AA12-6243BCF61714}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{AD6D6C5B-8339-44D7-A800-3A4A539F8EAC}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{B57C896E-0A15-4CA6-9EAA-A3DA0639E18E}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{DD025112-52A7-46B5-8DA4-A8CCCDBE6989}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{0184D19D-A757-4516-B089-ABF6986AA517}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"UDP Query User{13EC64BF-4903-4A9D-B091-79CEBF869A1B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{3BC53E47-4F07-4AA3-9A54-48B7EB96D4BC}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{3E6C39EA-74CB-43D9-9FA2-95F4F3CA2387}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{4B61D362-EADA-467F-9B05-ACEB2E7BCB8D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{6E8BCE1F-E925-477E-8762-FD945CAA1934}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"UDP Query User{73DF5814-E9F6-4103-BFBA-5042F21AA2C3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{8053D382-F606-4692-BF7E-BB3AC4A60F12}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"UDP Query User{854645EE-4500-4E2A-954C-2D3A0A261DE6}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"UDP Query User{9EDBADBC-56F7-4571-8D3B-AF8A8BB7CD58}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"UDP Query User{A65F599C-9545-4324-A859-384B3BF381BF}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"UDP Query User{C2D17091-3C5A-419A-B589-B78CBA022FB8}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{C71AB11B-327A-4815-AF6C-1A2ED9BDBCFB}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"UDP Query User{C90BCF2B-2364-44CF-90BB-8247329AB955}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC580549-5EFA-4F2C-90B9-C74DD7727C22}" = Leica Confocal Software (LCS Lite)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A2A29-5606-4FFE-BA05-7495314B42CB}" = Nitro PDF Reader 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.8 (Build 116)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.6
"AvsP_is1" = AvsP
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"IHMC CmapTools v4.12" = IHMC CmapTools v4.12
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SiS163u" = 802.11 USB Wireless LAN Adapter
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2011 04:11:53 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:57 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:14:40 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:31:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.08.2011 11:00:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 5.0.0.4192,
 Zeitstempel: 0x4e051153  Name des fehlerhaften Moduls: xul.dll, Version: 5.0.0.4192,
 Zeitstempel: 0x4e050fc7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a631ab  ID des fehlerhaften
 Prozesses: 0xf50  Startzeit der fehlerhaften Anwendung: 0x01cc5a8a6c128337  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll  Berichtskennung:
 23b37e5e-c686-11e0-bb3e-00030d9779cd
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 21.12.2012 11:23:28 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 8524 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 6206 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5933
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5895
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5649 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
5584 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 22.12.2012 17:45:32 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
[ Media Center Events ]
Error - 13.09.2010 14:58:20 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:19 - Error connecting to the internet.  20:58:19 -     Unable 
to contact server..  
 
Error - 13.09.2010 14:58:41 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:28 - Error connecting to the internet.  20:58:28 -     Unable 
to contact server..  
 
Error - 14.09.2010 03:43:19 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 09:43:14 - Error connecting to the internet.  09:43:14 -     Unable 
to contact server..  
 
Error - 18.09.2010 14:38:54 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:54 - Error connecting to the internet.  20:38:54 -     Unable 
to contact server..  
 
Error - 18.09.2010 14:39:02 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:59 - Error connecting to the internet.  20:38:59 -     Unable 
to contact server..  
 
Error - 26.09.2010 10:06:42 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 16:06:42 - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 27.09.2010 16:00:22 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:22 - Error connecting to the internet.  22:00:22 -     Unable 
to contact server..  
 
Error - 27.09.2010 16:00:36 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:27 - Error connecting to the internet.  22:00:27 -     Unable 
to contact server..  
 
Error - 04.10.2010 14:33:18 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:18 - Error connecting to the internet.  20:33:18 -     Unable 
to contact server..  
 
Error - 04.10.2010 14:33:28 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:23 - Error connecting to the internet.  20:33:23 -     Unable 
to contact server..  
 
[ OSession Events ]
Error - 21.02.2010 08:41:08 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3107
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 13.09.2010 04:27:26 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2112
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 16.05.2011 10:43:22 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 24406
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 27.06.2011 11:49:36 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11605
 seconds with 5640 seconds of active time.  This session ended with a crash.
 
Error - 09.02.2012 07:44:37 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 79696 seconds with 7980 seconds of active time.  This session ended with 
a crash.
 
Error - 30.04.2012 16:38:00 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1848
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2012 13:13:07 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 37455 seconds with 720 seconds of active time.  This session ended with a
 crash.
 
Error - 09.07.2012 13:25:56 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 754 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.12.2012 17:27:38 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 17:32:18 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 17:32:18 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 17:32:18 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 17:34:18 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 17:34:18 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 17:34:18 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 17:39:24 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 17:39:24 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 17:39:24 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

habe den browser geschlossen gehabt und sonst auch alles. bin ich es schuld dass es zu so vielen error meldungen gekommen ist?

cosinus · 27.12.2012, 08:59

Wieso bist du denn noch die ganze Zeit im abgesicherten Modus drin?!
Geht der normale Modus immer noch nicht oder hast du den noch nicht getestet bisher?

showmaker · 27.12.2012, 09:22

hatte ich mich bisher nicht getraut. bin jetzt im normalen modus drin und die meldung öffnet sich nicht mehr.

cosinus · 27.12.2012, 09:42

Dann mach bitte im normalen Modus das Log mit OTL

showmaker · 27.12.2012, 10:04

otl

Code:

ATTFilter

OTL logfile created on: 27.12.2012 09:46:52 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 61,69% Memory free
3,74 Gb Paging File | 2,83 Gb Available in Paging File | 75,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 4,06 Gb Free Space | 10,38% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\PROGRA~1\7-PDF\7-PDFM~1\7p.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Jonas\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (EverestDriver) -- C:\Users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt ()
DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (SISAGP) -- C:\Windows\System32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (SiS Corporation)
DRV - (QCDonner) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mydrive.ch/
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE B2 5D A1 13 B6 CA 01  [binary data]
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "spiegelonline.de"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 10:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 10:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.17 22:14:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.24 20:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 00:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 17:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions
[2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.26 22:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions
[2010.01.02 20:19:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\moveplayer@movenetworks.com
[2012.12.26 21:30:14 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\autofillForms@blueimp.net.xpi
[2012.12.17 22:17:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 14:21:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011.12.19 19:26:34 | 000,002,419 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 19:26:33 | 000,010,525 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\gmx-suche.xml
[2011.12.19 19:26:34 | 000,002,457 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\lastminute.xml
[2010.08.17 13:18:24 | 000,001,549 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\scroogle-ssl-search.xml
[2011.12.19 19:26:33 | 000,005,508 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\webde-suche.xml
[2010.05.04 18:27:51 | 000,002,057 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\youtube-videosuche.xml
[2012.10.02 19:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.17 22:14:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.12.24 20:05:34 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.12.24 20:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.24 20:05:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.24 20:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.24 20:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.24 20:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.24 20:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.24 00:31:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261848450419 (MUCatalogWebControl Class)
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2073B93A-1295-4A0C-B5D2-AF75A32FB6EE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{445430A2-0344-48B1-8063-6CC744AB258A}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{525A024D-D79A-4E23-B717-B0331FF1101D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BFBFD2-0D9F-4EC1-9735-2DA3B8ACDA44}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9278B28F-449C-44B6-9264-7BF6339F15BF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E755811-115D-4DCF-A28D-50D81B4CC90A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBA62752-B2D6-47CE-B7D9-310A699621FA}: NameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.03 11:15:14 | 000,000,026 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.24 00:34:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\temp
[2012.12.24 00:20:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.24 00:20:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.24 00:20:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.23 22:19:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 22:19:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.23 22:17:42 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe
[2012.12.23 21:18:50 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012.12.23 21:10:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012.12.23 20:03:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.22 23:53:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.21 23:01:12 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.20 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\endnote styles
[2012.12.18 00:48:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.18 00:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.18 00:48:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.18 00:48:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.18 00:48:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.18 00:48:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.18 00:48:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.18 00:48:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.18 00:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.12.17 22:22:03 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.17 22:21:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.17 22:21:46 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.17 22:21:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.17 22:21:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.17 22:21:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.17 22:21:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.17 22:21:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.17 22:21:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.17 22:21:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.17 22:21:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.17 22:20:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.05.07 10:35:08 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Jonas\AppData\Roaming\SetupGFD.exe
[2012.05.07 10:34:41 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Jonas\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 09:49:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.27 09:24:54 | 000,014,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 09:24:54 | 000,014,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 09:22:13 | 000,659,982 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.27 09:22:13 | 000,623,288 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.27 09:22:13 | 000,133,288 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.27 09:22:13 | 000,109,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.27 09:15:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.27 09:14:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.27 09:14:21 | 1507,725,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.26 21:31:15 | 000,550,017 | ---- | M] () -- C:\Users\Jonas\Desktop\adwcleaner.exe
[2012.12.24 20:05:36 | 000,002,001 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.12.24 00:31:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.23 22:18:26 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe
[2012.12.23 22:03:51 | 000,000,512 | ---- | M] () -- C:\Users\Jonas\Desktop\MBR.dat
[2012.12.23 21:19:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012.12.23 21:11:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012.12.23 00:11:27 | 000,302,592 | ---- | M] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe
[2012.12.22 23:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.12.22 23:52:39 | 000,000,020 | ---- | M] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.21 20:53:21 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.21 20:14:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 16:20:18 | 002,588,453 | ---- | M] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 07:33:06 | 000,491,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.18 00:05:12 | 000,002,067 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012.12.17 22:50:19 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.17 22:50:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.17 22:15:07 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.15 18:20:19 | 000,001,236 | ---- | M] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | M] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.26 21:31:09 | 000,550,017 | ---- | C] () -- C:\Users\Jonas\Desktop\adwcleaner.exe
[2012.12.24 00:20:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.24 00:20:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.24 00:20:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.24 00:20:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.24 00:20:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.23 22:03:51 | 000,000,512 | ---- | C] () -- C:\Users\Jonas\Desktop\MBR.dat
[2012.12.23 00:11:26 | 000,302,592 | ---- | C] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe
[2012.12.22 23:52:22 | 000,000,020 | ---- | C] () -- C:\Users\Jonas\defogger_reenable
[2012.12.22 23:51:36 | 000,050,477 | ---- | C] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.12.21 20:53:21 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.18 16:20:14 | 002,588,453 | ---- | C] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3
[2012.12.18 00:25:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.15 18:20:19 | 000,001,236 | ---- | C] () -- C:\Users\Jonas\Desktop\internship.lnk
[2012.12.15 17:58:51 | 000,000,640 | ---- | C] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk
[2012.05.07 10:36:14 | 000,034,936 | ---- | C] () -- C:\Windows\System32\uninstHelixYUV.exe
[2012.05.07 10:34:59 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Jonas\AppData\Roaming\AvsP.exe
[2012.05.07 10:34:57 | 001,357,348 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\MatroskaSplitter.exe
[2012.04.11 17:31:41 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sysmwwod.dll
[2011.05.19 10:34:25 | 000,021,844 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010.12.03 10:37:20 | 000,001,075 | ---- | C] () -- C:\Users\Jonas\windvi.cnf
[2010.09.13 13:14:09 | 000,002,068 | ---- | C] () -- C:\Users\Jonas\.powerupdate.user.properties
[2010.08.27 17:31:32 | 000,002,631 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\SerialClonerPrefs
[2010.07.31 15:26:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

extras

Code:

ATTFilter

OTL Extras logfile created on: 27.12.2012 09:46:52 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jonas\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 61,69% Memory free
3,74 Gb Paging File | 2,83 Gb Available in Paging File | 75,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 4,06 Gb Free Space | 10,38% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C9B5D1-6E41-41EC-BD6D-60D5E874FB15}" = rport=138 | protocol=17 | dir=out | app=system | 
"{24605008-600D-4C0E-B402-5CB9E8EA9B99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{289023B5-5E3C-4450-82AB-F0F6883A2DF8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{46878158-6868-412E-9883-77F7F9D127BD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4B1B2C89-F250-46A2-BB8C-76D9676A5748}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5408B885-D42E-448B-96D8-AD63F566C271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5BDB6C3A-65B5-4CAD-8ADC-1C9F52CD7F75}" = lport=139 | protocol=6 | dir=in | app=system | 
"{68D83906-47FC-4BF0-A21C-C52EB04A42DE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{868252F7-6AE4-4DAE-9990-C1A2E16BAA79}" = lport=445 | protocol=6 | dir=in | app=system | 
"{89E5E605-D087-4EEF-9BCF-DBBCB3961AD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{906EF994-6B6F-4C28-A67C-B909D6A0B5B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{963EAE72-BDDB-4355-AEDB-5DE2BEE0E85A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{98A6D47B-AD2C-488F-A5BF-B0962415FD41}" = rport=445 | protocol=6 | dir=out | app=system | 
"{992C22BD-6EC4-4471-B882-0C4FDC6C29B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9E66EB8A-9E55-4D70-B5D1-BBC67073C822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A07133DA-FF42-476A-A013-0BEA2AF1EECF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7CEFE26-BE85-42F6-985B-4BE9693672F2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B5A3D81A-0C94-4372-900E-C99865E5C024}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C00E2282-0EF6-4451-9E3B-618D4E5B1C1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C163F148-C055-42D1-BA9A-4C227C03D896}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{CBC77997-A192-4CCB-BB76-95025763FC58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CC6481D4-AA4F-4349-98D6-546B68768E81}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DC80F653-715A-4E8D-BE3E-9CBA07827881}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ECC4A6A4-383D-4F9D-A72B-BC7E0A078FE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D88CDF9-E23F-4171-87AF-BB3AB1162D17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{140615D6-31B3-464D-8CD9-AF7AF543BB0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2143A449-9D25-4882-BC7F-D1B6C0E84547}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{22D0FFC0-A9D8-4D08-B0B9-ADD8B456E3F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{37EB659F-CF44-4315-B9FB-B430F5733DB6}" = protocol=6 | dir=out | app=system | 
"{3CAE0B1D-A63B-4A0C-BD52-42A0666E423B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A411ABA-5AFA-4B33-9935-0D2C3B526F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4AD65AD0-805E-4495-8E9D-9747C555AB08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4AE6AD95-6411-47D6-971B-790F5482C2F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5BCEBE53-3B52-4AF6-862B-02078189B871}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{6A7F40C9-A15D-4B2C-BBE2-11C019FA6EA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{721AD6E3-3232-4CBD-A3CA-0A283B200EF1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{7651EDA7-6F2C-4B36-820C-3C8553DF21F5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{791207DB-087D-4117-AF87-3835C03D5D66}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{7B349BB7-1396-4D7F-AD94-D06D1BA808EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CC9C40E-5D08-4A9D-8B26-7C709A775424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C073300-E818-42B5-973E-8A285991F42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8CE52A2E-F4EF-491E-BA6C-D8E6C78FDBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AF3FCBF3-AE75-47EA-9200-9CB8305C228E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BC0D4800-CEAE-41D5-97C9-7B045EB00982}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CDA1C6F6-50C9-4EFF-B0DA-9BE182C560CD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{D86B0A22-4EDF-4710-BAC4-4DDF888EC6A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D8ECE471-98D9-4104-8758-6C7A60167086}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DCB9D527-406F-4DF5-93DC-AF7ADB9FA6CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DFA9F490-AFDD-4867-B8D0-17EBD840C2CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1D0918F-A368-4AE1-AE05-08193424D4CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC9299BB-77FC-4C4C-9E73-72901AAFB808}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F7916E78-24CD-4CA6-8945-96D8347CA92C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{F964743A-1B2F-4D82-8548-0F7CB6ABE234}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FB419F9F-DAD6-4097-B3AD-5A6E23D97646}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{0E468104-B5E8-48FC-9AB8-67B887A5710A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{12A8883D-7AF3-44CB-8F1E-6BB324C4442F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"TCP Query User{1FDA32B4-10DC-4E4C-829B-2F59D995CF05}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"TCP Query User{324C8D71-35B9-445A-86E6-D178611CF781}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{3AB53E31-E1C7-4B58-A620-5C23152F70F1}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{50F74B36-7F8D-4334-A039-955B50CD507B}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{8B0F688E-F7DD-49C1-A528-9CF8D3A79F3A}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{99C75F91-BF5C-4B4E-828A-93D9E470D53D}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{99D55528-F1A3-4BD6-98A3-6E6900DE1312}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"TCP Query User{A5C631A8-6A58-473F-B009-A4012010371D}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"TCP Query User{A916F8AD-62D8-44B1-AA12-6243BCF61714}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{AD6D6C5B-8339-44D7-A800-3A4A539F8EAC}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{B57C896E-0A15-4CA6-9EAA-A3DA0639E18E}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{DD025112-52A7-46B5-8DA4-A8CCCDBE6989}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{0184D19D-A757-4516-B089-ABF6986AA517}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"UDP Query User{13EC64BF-4903-4A9D-B091-79CEBF869A1B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{3BC53E47-4F07-4AA3-9A54-48B7EB96D4BC}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{3E6C39EA-74CB-43D9-9FA2-95F4F3CA2387}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{4B61D362-EADA-467F-9B05-ACEB2E7BCB8D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{6E8BCE1F-E925-477E-8762-FD945CAA1934}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"UDP Query User{73DF5814-E9F6-4103-BFBA-5042F21AA2C3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{8053D382-F606-4692-BF7E-BB3AC4A60F12}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"UDP Query User{854645EE-4500-4E2A-954C-2D3A0A261DE6}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"UDP Query User{9EDBADBC-56F7-4571-8D3B-AF8A8BB7CD58}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"UDP Query User{A65F599C-9545-4324-A859-384B3BF381BF}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"UDP Query User{C2D17091-3C5A-419A-B589-B78CBA022FB8}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{C71AB11B-327A-4815-AF6C-1A2ED9BDBCFB}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"UDP Query User{C90BCF2B-2364-44CF-90BB-8247329AB955}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC580549-5EFA-4F2C-90B9-C74DD7727C22}" = Leica Confocal Software (LCS Lite)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A2A29-5606-4FFE-BA05-7495314B42CB}" = Nitro PDF Reader 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.8 (Build 116)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.6
"AvsP_is1" = AvsP
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"IHMC CmapTools v4.12" = IHMC CmapTools v4.12
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SiS163u" = 802.11 USB Wireless LAN Adapter
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2011 04:11:53 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:11:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:12:57 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 04:14:40 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.08.2011 05:31:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.08.2011 11:00:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 5.0.0.4192,
 Zeitstempel: 0x4e051153  Name des fehlerhaften Moduls: xul.dll, Version: 5.0.0.4192,
 Zeitstempel: 0x4e050fc7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a631ab  ID des fehlerhaften
 Prozesses: 0xf50  Startzeit der fehlerhaften Anwendung: 0x01cc5a8a6c128337  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll  Berichtskennung:
 23b37e5e-c686-11e0-bb3e-00030d9779cd
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 8524 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 6206 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5933
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5895
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5649 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
5584 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 22.12.2012 17:45:32 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.12.2012 04:15:28 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
[ Media Center Events ]
Error - 13.09.2010 14:58:20 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:19 - Error connecting to the internet.  20:58:19 -     Unable 
to contact server..  
 
Error - 13.09.2010 14:58:41 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:28 - Error connecting to the internet.  20:58:28 -     Unable 
to contact server..  
 
Error - 14.09.2010 03:43:19 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 09:43:14 - Error connecting to the internet.  09:43:14 -     Unable 
to contact server..  
 
Error - 18.09.2010 14:38:54 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:54 - Error connecting to the internet.  20:38:54 -     Unable 
to contact server..  
 
Error - 18.09.2010 14:39:02 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:59 - Error connecting to the internet.  20:38:59 -     Unable 
to contact server..  
 
Error - 26.09.2010 10:06:42 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 16:06:42 - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 27.09.2010 16:00:22 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:22 - Error connecting to the internet.  22:00:22 -     Unable 
to contact server..  
 
Error - 27.09.2010 16:00:36 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:27 - Error connecting to the internet.  22:00:27 -     Unable 
to contact server..  
 
Error - 04.10.2010 14:33:18 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:18 - Error connecting to the internet.  20:33:18 -     Unable 
to contact server..  
 
Error - 04.10.2010 14:33:28 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:23 - Error connecting to the internet.  20:33:23 -     Unable 
to contact server..  
 
[ OSession Events ]
Error - 21.02.2010 08:41:08 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3107
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 13.09.2010 04:27:26 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2112
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 16.05.2011 10:43:22 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 24406
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 27.06.2011 11:49:36 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11605
 seconds with 5640 seconds of active time.  This session ended with a crash.
 
Error - 09.02.2012 07:44:37 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 79696 seconds with 7980 seconds of active time.  This session ended with 
a crash.
 
Error - 30.04.2012 16:38:00 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1848
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 09.07.2012 13:13:07 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 37455 seconds with 720 seconds of active time.  This session ended with a
 crash.
 
Error - 09.07.2012 13:25:56 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 754 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.12.2012 19:16:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 19:16:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 19:16:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 19:18:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 19:18:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.12.2012 19:18:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 27.12.2012 04:15:03 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Remote Access Connection Manager" ist vom Dienst "Telephony"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 27.12.2012 04:15:04 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote
 Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%1068
 
Error - 27.12.2012 04:15:17 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst vpnagent erreicht.
 
Error - 27.12.2012 04:18:34 | Computer Name = Jonas-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >

cosinus · 27.12.2012, 10:13

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:Files
C:\Windows\System32\uninstHelixYUV.exe
C:\Users\Jonas\AppData\Roaming\AvsP.exe
C:\Users\Jonas\AppData\Roaming\MatroskaSplitter.exe
C:\Users\Jonas\Desktop\MBR.dat
C:\ProgramData\dsgsdgdsgdsgw.*
C:\Windows\System32\sysmwwod.dll
C:\Users\Jonas\AppData\Roaming\SetupGFD.exe
C:\Users\Jonas\AppData\Roaming\Avisynth.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

showmaker · 27.12.2012, 10:45

Code:

ATTFilter

All processes killed
========== FILES ==========
C:\Windows\System32\uninstHelixYUV.exe moved successfully.
C:\Users\Jonas\AppData\Roaming\AvsP.exe moved successfully.
C:\Users\Jonas\AppData\Roaming\MatroskaSplitter.exe moved successfully.
C:\Users\Jonas\Desktop\MBR.dat moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
C:\Windows\System32\sysmwwod.dll moved successfully.
C:\Users\Jonas\AppData\Roaming\SetupGFD.exe moved successfully.
C:\Users\Jonas\AppData\Roaming\Avisynth.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jonas\Desktop\cmd.bat deleted successfully.
C:\Users\Jonas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jonas
->Temp folder emptied: 36085 bytes
->Temporary Internet Files folder emptied: 10350368 bytes
->Java cache emptied: 1431690 bytes
->FireFox cache emptied: 109548135 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2851 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 329309 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 116,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 12272012_104100

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 27.12.2012, 10:56

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

27.12.2012, 08:59	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU "ihr computer wurde gesperrt" Wieso bist du denn noch die ganze Zeit im abgesicherten Modus drin?! Geht der normale Modus immer noch nicht oder hast du den noch nicht getestet bisher? __________________ Logfiles bitte immer in CODE-Tags posten

27.12.2012, 09:42	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU "ihr computer wurde gesperrt" Dann mach bitte im normalen Modus das Log mit OTL __________________ Logfiles bitte immer in CODE-Tags posten

GVU "ihr computer wurde gesperrt"

Log-Analyse und Auswertung: GVU "ihr computer wurde gesperrt"