Auf Vista pup.installbrain und pup.dealio.TB gefunden!

Knirschi · 21.01.2013, 22:26

Liebes Forum!

Problem:
Nachdem meiin Medion Notebook nicht nur langsam ist, sondern ich seit längerem auch mit einem springenden Cursor kämpfe, der beim Schreiben zu Zeilensprüngen führt, gab es seit einigen Tagen Probleme Dateien zu öffnen. Es erschien das Fenster "Speichern unter" anstatt die Datei zu öffnen. Auf anderem Pfad konnte die Datei noch geöffnet werden. Jetzt ist sie unter dem normalen Pfad nicht zu finden und das "speichern unter"-Fenster erscheint auch bei anderen Dateien.

Was hab ich gemacht:
Gestern hab ich recherchiert und bin auf diese Seite gestoßen. Ich habe die Malwarebytes runtergeladen, auf dem einfachen Modus gescannt und es wurden zunächst zwei Dateien entdeckt, beide pup.installbrain.
Ich hab sie vor Schreck gleich gelöscht

; aber die Logdatei ist ja noch da, glaub ich.
Vorher ließ ich den CCleaner laufen (mach ich regelmäßig). Und dann hab ich gestern auch noch Daten gesichert, das hab ich aber abgebrochen. Ich hab auch McAfee gelöscht (Ich hab Antivir Premium) und babylon toolbar und weitere unnötige Programme deinstalliert. Ich glaube, alles vor den Malwarebytes.

Was hab ich gestern zuletzt gemacht:
Bei einem kompletten Durchgang von Malwarbytes wurde noch pup.dealio.TB entdeckt. Da das in einer windows.old Datei ist, würde ich die beim Neustart auch wieder bekommen? Ich hab das Log kopiert und den PC heute morgen ausgemacht.

Jetzt versuch ich euren Anleitungen zu folgen...und die Logdateien an die richtige Stelle zu kopieren. Soll ja nicht in den Anhang, oder? Es folgen 5 Logdateien für 2 Durchgänge. Ich schick das mal so ab und hole mir dann den defogger und OTL...
Danke für eure Hilfe im Voraus!

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.20.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kathrin :: KATHRIN-PC [Administrator]

Schutz: Aktiviert

20.01.2013 22:46:38
mbam-log-2013-01-20 (22-46-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 191769
Laufzeit: 4 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 1
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
/code

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.20.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kathrin :: KATHRIN-PC [Administrator]

Schutz: Aktiviert

20.01.2013 23:01:30
mbam-log-2013-01-20 (23-01-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 435919
Laufzeit: 3 Stunde(n), 21 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows.old\Program Files\Application Updater\ApplicationUpdater.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.20.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kathrin :: KATHRIN-PC [Administrator]

Schutz: Aktiviert

20.01.2013 23:01:30
MBAM-log-2013-01-21 (05-52-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 435919
Laufzeit: 3 Stunde(n), 21 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows.old\Program Files\Application Updater\ApplicationUpdater.exe (PUP.Dealio.TB) -> Keine Aktion durchgeführt.

(Ende)
2013/01/20 22:45:41 +0100 KATHRIN-PC Kathrin MESSAGE Executing scheduled update: Daily
2013/01/20 22:45:47 +0100 KATHRIN-PC Kathrin MESSAGE Starting protection
2013/01/20 22:45:47 +0100 KATHRIN-PC Kathrin MESSAGE Protection started successfully
2013/01/20 22:45:47 +0100 KATHRIN-PC Kathrin MESSAGE Starting IP protection
2013/01/20 22:45:52 +0100 KATHRIN-PC Kathrin MESSAGE IP Protection started successfully
2013/01/20 22:45:58 +0100 KATHRIN-PC Kathrin MESSAGE Starting database refresh
2013/01/20 22:45:58 +0100 KATHRIN-PC Kathrin MESSAGE Stopping IP protection
2013/01/20 22:45:58 +0100 KATHRIN-PC Kathrin MESSAGE Scheduled update executed successfully: database updated from version v2012.12.14.11 to version v2013.01.20.07
2013/01/20 22:45:58 +0100 KATHRIN-PC Kathrin MESSAGE IP Protection stopped successfully
2013/01/20 22:46:02 +0100 KATHRIN-PC Kathrin MESSAGE Database refreshed successfully
2013/01/20 22:46:02 +0100 KATHRIN-PC Kathrin MESSAGE Starting IP protection
2013/01/20 22:46:05 +0100 KATHRIN-PC Kathrin MESSAGE IP Protection started successfully
2013/01/20 22:46:08 +0100 KATHRIN-PC Kathrin MESSAGE Starting database refresh
2013/01/20 22:46:08 +0100 KATHRIN-PC Kathrin MESSAGE Stopping IP protection
2013/01/20 22:46:08 +0100 KATHRIN-PC Kathrin MESSAGE IP Protection stopped successfully
2013/01/20 22:46:13 +0100 KATHRIN-PC Kathrin MESSAGE Database refreshed successfully
2013/01/20 22:46:13 +0100 KATHRIN-PC Kathrin MESSAGE Starting IP protection
2013/01/20 22:46:18 +0100 KATHRIN-PC Kathrin MESSAGE IP Protection started successfully
2013/01/20 22:54:41 +0100 KATHRIN-PC (null) MESSAGE Starting protection
2013/01/20 22:54:41 +0100 KATHRIN-PC (null) MESSAGE Protection started successfully
2013/01/20 22:54:41 +0100 KATHRIN-PC (null) MESSAGE Starting IP protection
2013/01/20 22:54:46 +0100 KATHRIN-PC (null) MESSAGE IP Protection started successfully

2013/01/21 05:56:05 +0100 KATHRIN-PC (null) MESSAGE Starting protection
2013/01/21 05:56:05 +0100 KATHRIN-PC (null) MESSAGE Protection started successfully
2013/01/21 05:56:05 +0100 KATHRIN-PC (null) MESSAGE Starting IP protection
2013/01/21 05:56:08 +0100 KATHRIN-PC Kathrin MESSAGE IP Protection started successfully
2013/01/21 19:21:44 +0100 KATHRIN-PC (null) MESSAGE Starting protection
2013/01/21 19:21:44 +0100 KATHRIN-PC (null) MESSAGE Protection started successfully
2013/01/21 19:21:44 +0100 KATHRIN-PC (null) MESSAGE Starting IP protection
2013/01/21 19:21:49 +0100 KATHRIN-PC (null) MESSAGE IP Protection started successfully
2013/01/21 19:28:24 +0100 KATHRIN-PC (null) MESSAGE Executing scheduled update: Daily
2013/01/21 19:28:26 +0100 KATHRIN-PC (null) ERROR Scheduled update failed: Host not found failed with error code 0

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.01.2013 22:47:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kathrin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,46% Memory free
6,23 Gb Paging File | 5,18 Gb Available in Paging File | 83,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,80 Gb Total Space | 149,47 Gb Free Space | 55,61% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 9,49 Gb Free Space | 32,42% Space Free | Partition Type: FAT32
 
Computer Name: KATHRIN-PC | User Name: Kathrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.21 22:42:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathrin\Desktop\OTL.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.14 14:22:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 22:37:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 22:37:33 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.14 22:37:33 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 22:37:33 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 22:37:33 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.03.16 01:24:02 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbccoms.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.20 10:34:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.10 06:10:39 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.14 22:37:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 22:37:33 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.14 22:37:33 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 22:37:33 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.03.16 01:24:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbccoms.exe -- (lxbc_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.14 22:37:34 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 22:37:34 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:03:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.05 18:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 18:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 18:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=115935&tt=5212_2&babsrc=HP_ss&mntrId=ca977a3d0000000000000016d38b9fd2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=115935&tt=5212_2&babsrc=SP_ss&mntrId=ca977a3d0000000000000016d38b9fd2
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE472
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://startpage.com/deu/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 10:34:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 10:34:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.03.01 22:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Extensions
[2013.01.20 20:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Firefox\Profiles\tg1lbb8p.default\extensions
[2012.12.31 00:07:16 | 000,002,432 | ---- | M] () -- C:\Users\Kathrin\AppData\Roaming\mozilla\firefox\profiles\tg1lbb8p.default\searchplugins\babylon1.xml
[2012.12.31 00:07:16 | 000,002,432 | ---- | M] () -- C:\Users\Kathrin\AppData\Roaming\mozilla\firefox\profiles\tg1lbb8p.default\searchplugins\BrowserProtect.xml
[2012.12.08 19:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.08 19:31:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.08 19:31:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.20 10:34:08 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.07 22:21:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.31 00:07:03 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.09.09 16:55:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.07 22:21:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.07 22:21:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.07 22:21:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.07 22:21:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=115935&tt=5212_2&babsrc=HP_ss&mntrId=ca977a3d0000000000000016d38b9fd2
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.babylon.com/?affID=115935&tt=5212_2&babsrc=HP_ss&mntrId=ca977a3d0000000000000016d38b9fd2
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kathrin\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kathrin\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kathrin\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: BrowserProtect = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: Google Mail = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96D9F2AC-EEE4-4648-B770-437062DBE0A0}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261040~1.25\{c16c1~1\browse~1.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kathrin\Pictures\2012\2012_12_Sachsenflur\2012_12_06\IMG_8288.JPG
O24 - Desktop BackupWallPaper: C:\Users\Kathrin\Pictures\2012\2012_12_Sachsenflur\2012_12_06\IMG_8288.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.21 22:42:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kathrin\Desktop\OTL.exe
[2013.01.20 22:45:33 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Roaming\Malwarebytes
[2013.01.20 22:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.20 22:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.20 22:45:23 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.20 22:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.20 22:15:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.31 00:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller
[2012.12.31 00:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.12.31 00:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.12.31 00:06:49 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Roaming\Babylon
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.21 22:44:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.21 22:42:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathrin\Desktop\OTL.exe
[2013.01.21 22:40:38 | 000,000,000 | ---- | M] () -- C:\Users\Kathrin\defogger_reenable
[2013.01.21 22:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.21 21:21:34 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 21:21:34 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 19:44:55 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.21 19:44:46 | 000,000,680 | ---- | M] () -- C:\Users\Kathrin\AppData\Local\d3d9caps.dat
[2013.01.21 19:21:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.21 19:21:27 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.20 22:45:25 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.12 11:15:46 | 000,298,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.12 10:47:10 | 000,627,994 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.12 10:47:10 | 000,595,584 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.12 10:47:10 | 000,125,882 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.12 10:47:10 | 000,103,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.01.21 22:40:38 | 000,000,000 | ---- | C] () -- C:\Users\Kathrin\defogger_reenable
[2013.01.20 22:45:25 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.04 21:03:21 | 000,000,057 | ---- | C] () -- C:\Windows\ARTup.ini
[2012.03.19 18:55:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.03.18 18:33:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.03.18 18:33:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.03.17 22:21:35 | 000,170,654 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012.03.17 22:21:35 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2012.03.03 07:11:20 | 000,005,632 | ---- | C] () -- C:\Users\Kathrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.02 23:12:58 | 000,004,854 | ---- | C] () -- C:\Users\Kathrin\AppData\Roaming\wklnhst.dat
[2012.02.26 20:19:33 | 000,000,142 | ---- | C] () -- C:\Windows\Lexstat.ini
[2012.02.26 20:17:42 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2012.02.26 20:17:42 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2012.02.26 20:17:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2012.02.26 20:17:42 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2012.02.26 20:17:42 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2012.02.26 20:17:42 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2012.02.26 20:17:41 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2012.02.26 20:17:41 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2012.02.26 20:17:41 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2012.02.26 20:17:41 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2012.02.26 20:17:41 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[2012.02.26 20:17:40 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2012.02.26 20:17:40 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbccoms.exe
[2012.02.26 20:17:40 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2012.02.26 20:17:40 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbcih.exe
[2012.02.26 20:17:39 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2012.02.26 20:17:39 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbccfg.exe
[2012.02.26 19:15:13 | 000,000,552 | ---- | C] () -- C:\Users\Kathrin\AppData\Local\d3d8caps.dat
[2012.02.20 10:39:12 | 000,000,680 | ---- | C] () -- C:\Users\Kathrin\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.03.09 20:57:07 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Amazon
[2012.07.18 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Audacity
[2012.12.31 00:06:49 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Babylon
[2012.03.02 23:07:34 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Canon
[2012.03.11 19:44:18 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\eType
[2012.03.10 00:07:34 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\FreeCommander
[2012.03.02 06:40:48 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\OpenOffice.org
[2012.03.03 07:15:24 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Template
[2013.01.03 11:06:41 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.01.20 20:48:58 | 000,000,000 | ---D | M](C:\ProgramData\?s?s????????????????????p?) -- C:\ProgramData\脈ś踠ś楬整灡獰洮慣敦⹥潣⽭灡獰洯獳㌯〮栯汥⹰獡p灳
[2013.01.20 20:48:58 | 000,000,000 | ---D | M](C:\ProgramData\?s?s????????????????????p?) -- C:\ProgramData\脈ś踠ś楬整灡獰洮慣敦⹥潣⽭灡獰洯獳㌯〮栯汥⹰獡p灳
[2013.01.20 20:48:58 | 000,000,000 | ---D | C](C:\ProgramData\?s?s????????????????????p?) -- C:\ProgramData\脈ś踠ś楬整灡獰洮慣敦⹥潣⽭灡獰洯獳㌯〮栯汥⹰獡p灳
[2013.01.20 12:34:35 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐Ȃ㱰Ȃ
[2013.01.20 12:34:35 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐Ȃ㱰Ȃ
[2013.01.20 12:34:35 | 000,000,000 | ---D | C](C:\ProgramData\????) -- C:\ProgramData\㽐Ȃ㱰Ȃ
[2013.01.20 10:16:21 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐‘㱰‘
[2013.01.20 10:16:21 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐‘㱰‘
[2013.01.20 10:16:21 | 000,000,000 | ---D | C](C:\ProgramData\????) -- C:\ProgramData\㽐‘㱰‘
[2013.01.19 14:59:32 | 000,000,000 | ---D | M](C:\ProgramData\?C?C) -- C:\ProgramData\㽐Ć㱰Ć
[2013.01.19 14:59:32 | 000,000,000 | ---D | M](C:\ProgramData\?C?C) -- C:\ProgramData\㽐Ć㱰Ć
[2013.01.19 14:59:32 | 000,000,000 | ---D | C](C:\ProgramData\?C?C) -- C:\ProgramData\㽐Ć㱰Ć
[2013.01.17 18:32:48 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐ǯ㱰ǯ
[2013.01.17 18:32:48 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐ǯ㱰ǯ
[2013.01.17 18:32:48 | 000,000,000 | ---D | C](C:\ProgramData\????) -- C:\ProgramData\㽐ǯ㱰ǯ
[2013.01.16 17:47:20 | 000,000,000 | ---D | M](C:\ProgramData\?g?g) -- C:\ProgramData\㽐ǥ㱰ǥ
[2013.01.16 17:47:20 | 000,000,000 | ---D | M](C:\ProgramData\?g?g) -- C:\ProgramData\㽐ǥ㱰ǥ
[2013.01.16 17:47:20 | 000,000,000 | ---D | C](C:\ProgramData\?g?g) -- C:\ProgramData\㽐ǥ㱰ǥ
[2013.01.12 19:38:27 | 000,000,000 | ---D | M](C:\ProgramData\?²?²) -- C:\ProgramData\㽐²㱰²
[2013.01.12 19:38:27 | 000,000,000 | ---D | M](C:\ProgramData\?²?²) -- C:\ProgramData\㽐²㱰²
[2013.01.12 19:38:27 | 000,000,000 | ---D | C](C:\ProgramData\?²?²) -- C:\ProgramData\㽐²㱰²
[2013.01.12 11:17:54 | 000,000,000 | ---D | M](C:\ProgramData\?¡?¡) -- C:\ProgramData\㽐¡㱰¡
[2013.01.12 11:17:54 | 000,000,000 | ---D | M](C:\ProgramData\?¡?¡) -- C:\ProgramData\㽐¡㱰¡
[2013.01.12 11:17:54 | 000,000,000 | ---D | C](C:\ProgramData\?¡?¡) -- C:\ProgramData\㽐¡㱰¡
[2013.01.12 10:35:53 | 000,000,000 | ---D | M](C:\ProgramData\?A?A) -- C:\ProgramData\㽐Ǟ㱰Ǟ
[2013.01.12 10:35:53 | 000,000,000 | ---D | M](C:\ProgramData\?A?A) -- C:\ProgramData\㽐Ǟ㱰Ǟ
[2013.01.12 10:35:53 | 000,000,000 | ---D | C](C:\ProgramData\?A?A) -- C:\ProgramData\㽐Ǟ㱰Ǟ
[2013.01.10 21:56:58 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐Ƭ㱰Ƭ
[2013.01.10 21:56:58 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐Ƭ㱰Ƭ
[2013.01.10 21:56:58 | 000,000,000 | ---D | C](C:\ProgramData\????) -- C:\ProgramData\㽐Ƭ㱰Ƭ
[2013.01.10 06:06:18 | 000,000,000 | ---D | M](C:\ProgramData\?C?C) -- C:\ProgramData\㽐Ċ㱰Ċ
[2013.01.10 06:06:18 | 000,000,000 | ---D | M](C:\ProgramData\?C?C) -- C:\ProgramData\㽐Ċ㱰Ċ
[2013.01.10 06:06:18 | 000,000,000 | ---D | C](C:\ProgramData\?C?C) -- C:\ProgramData\㽐Ċ㱰Ċ
[2013.01.09 16:46:17 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐ǁ㱰ǁ
[2013.01.09 16:46:17 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐ǁ㱰ǁ
[2013.01.09 16:46:17 | 000,000,000 | ---D | C](C:\ProgramData\????) -- C:\ProgramData\㽐ǁ㱰ǁ
[2013.01.06 10:12:58 | 000,000,000 | ---D | M](C:\ProgramData\?G?G) -- C:\ProgramData\㽐G㱰G
[2013.01.06 10:12:58 | 000,000,000 | ---D | M](C:\ProgramData\?G?G) -- C:\ProgramData\㽐G㱰G
[2013.01.06 10:12:58 | 000,000,000 | ---D | C](C:\ProgramData\?G?G) -- C:\ProgramData\㽐G㱰G
[2013.01.05 21:06:57 | 000,000,000 | ---D | M](C:\ProgramData\?Â?Â) -- C:\ProgramData\㽐Â㱰Â
[2013.01.05 21:06:57 | 000,000,000 | ---D | M](C:\ProgramData\?Â?Â) -- C:\ProgramData\㽐Â㱰Â
[2013.01.05 21:06:57 | 000,000,000 | ---D | C](C:\ProgramData\?Â?Â) -- C:\ProgramData\㽐Â㱰Â
[2013.01.05 13:35:26 | 000,000,000 | ---D | M](C:\ProgramData\?ß?ß) -- C:\ProgramData\㽐ß㱰ß
[2013.01.05 13:35:26 | 000,000,000 | ---D | M](C:\ProgramData\?ß?ß) -- C:\ProgramData\㽐ß㱰ß
[2013.01.05 13:35:26 | 000,000,000 | ---D | C](C:\ProgramData\?ß?ß) -- C:\ProgramData\㽐ß㱰ß
[2013.01.03 17:45:18 | 000,000,000 | ---D | M](C:\ProgramData\?I?I) -- C:\ProgramData\㽐Ǐ㱰Ǐ
[2013.01.03 17:45:18 | 000,000,000 | ---D | M](C:\ProgramData\?I?I) -- C:\ProgramData\㽐Ǐ㱰Ǐ
[2013.01.03 17:45:18 | 000,000,000 | ---D | C](C:\ProgramData\?I?I) -- C:\ProgramData\㽐Ǐ㱰Ǐ
[2013.01.03 07:36:53 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐ſ㱰ſ
[2013.01.03 07:36:53 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐ſ㱰ſ
[2013.01.03 07:36:53 | 000,000,000 | ---D | C](C:\ProgramData\????) -- C:\ProgramData\㽐ſ㱰ſ
[2013.01.02 11:19:53 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\Ꮘʎ縐ʧ
[2013.01.02 11:19:53 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\Ꮘʎ縐ʧ
[2013.01.02 11:19:53 | 000,000,000 | ---D | C](C:\ProgramData\????) -- C:\ProgramData\Ꮘʎ縐ʧ
[2013.01.01 22:36:10 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐Š㱰Š
[2013.01.01 22:36:10 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐Š㱰Š
[2013.01.01 22:36:10 | 000,000,000 | ---D | C](C:\ProgramData\????) -- C:\ProgramData\㽐Š㱰Š
[2013.01.01 15:27:01 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐Ǵ㱰Ǵ
[2013.01.01 15:27:01 | 000,000,000 | ---D | M](C:\ProgramData\????) -- C:\ProgramData\㽐Ǵ㱰Ǵ
[2013.01.01 15:27:01 | 000,000,000 | ---D | C](C:\ProgramData\????) -- C:\ProgramData\㽐Ǵ㱰Ǵ
[2012.12.31 16:57:00 | 000,000,000 | ---D | M](C:\ProgramData\?O?O) -- C:\ProgramData\㽐Ǫ㱰Ǫ
[2012.12.31 16:57:00 | 000,000,000 | ---D | M](C:\ProgramData\?O?O) -- C:\ProgramData\㽐Ǫ㱰Ǫ
[2012.12.31 16:57:00 | 000,000,000 | ---D | C](C:\ProgramData\?O?O) -- C:\ProgramData\㽐Ǫ㱰Ǫ

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 21.01.2013 22:47:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kathrin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,46% Memory free
6,23 Gb Paging File | 5,18 Gb Available in Paging File | 83,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,80 Gb Total Space | 149,47 Gb Free Space | 55,61% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 9,49 Gb Free Space | 32,42% Space Free | Partition Type: FAT32
 
Computer Name: KATHRIN-PC | User Name: Kathrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17776693-C9D1-4ECE-8635-B241DF8D4F22}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5C26153A-575E-4A16-AACC-6B8548490FD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{77F4A0E9-E3F3-4F47-889F-2BA7E32D405A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{85619743-ADEC-47D1-BC36-61B46CB852FB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8E5D6D85-9A3C-4A45-BED8-F96F8C853F46}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9279C376-F582-4119-804C-40318914C9E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A6720EE3-F6B2-442E-9982-49569404305E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B73DF83C-ED23-4589-8E5B-4DC441853B5D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BE689D0B-EC8C-4E47-85FE-615B04F01290}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BFCB4B43-CE45-42F0-8C55-F58C3AC57CE3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C1004B16-0E6F-4106-A38D-513C09D3CA95}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C51505B1-74D9-42DB-AB22-F99249E1F883}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C97A52C6-3825-40CE-B2E8-B058A4D3DF52}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D14DBB2C-C9FD-4294-BAFF-29758423DAB6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D6002B5C-3421-4077-A5D0-6E6F6BDC77E0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D6251A0D-9F7F-48F4-8396-0669B8B5F71B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E60755B6-CB57-4914-B14C-C9EDE8572AA2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E749C033-3572-4860-83D8-445CC38E2D35}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EA3CD4A-1CB3-4FD4-87A9-A6F4046FA518}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0ED9232C-63C0-40D4-9045-192F3F177883}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B46213D-8305-4CC8-AFA7-976DF8195B99}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe | 
"{1D4D8963-3D19-4271-86EA-02FD1EDA2F30}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe | 
"{42459598-475D-44F0-A357-41F1C09B2D7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{4C7D3525-AACA-48BF-B8DE-01E8A7B8035D}" = dir=out | app=c:\users\kathrin\downloads\etype_setup.exe | 
"{510B6182-00D8-4D26-BDA0-0B6944798F79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{621A7B4A-6CC7-487D-A907-31AC0F59E03B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{70487D36-5AA1-4840-A9ED-3AAE70A73BBF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{7CADC19D-40DD-43C9-8B21-1D07020918F4}" = dir=in | app=c:\users\kathrin\appdata\local\temp\etype setup403402.exe | 
"{96FDA2F8-6D23-4F38-9161-4F582BF1AF38}" = dir=out | app=c:\users\kathrin\appdata\local\temp\etype setup403402.exe | 
"{A084D3D3-DB68-44A5-8C84-2C6C45E9EE1F}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe | 
"{D223F3FD-F898-4040-BF31-AC0038D117E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{E3C759C8-CFFA-49DF-9FFB-B08CE5BD697C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E60F0AE5-0138-4E4B-B330-5369C8E16556}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe | 
"{FCA2C1CE-5B6D-4B98-B47E-B2CB02BFCA5C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FFD3B879-76C7-47A1-836D-425A3C0AAC88}" = dir=in | app=c:\users\kathrin\downloads\etype_setup.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2A8F9255-F4AB-4a37-8F39-7C6E15B5158B}" = 4500G510nz_web
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{843BD817-4551-451C-AB7A-EF113BF9C036}" = 4500_G510nz_Help_Web
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F27CFD16-939A-4232-98CD-180898D14713}" = HP Officejet 4500 G510n-z
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"FreeCommander_is1" = FreeCommander 2009.02b
"iMove ActiveX Control" = iMove ActiveX Control
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"QuickTime" = QuickTime
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Updater Service" = Updater Service
"VideoConverter" = VideoConverter
"VLC media player" = VLC media player 2.0.0
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"XnView_is1" = XnView 1.99
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.11.2012 16:02:53 | Computer Name = Kathrin-PC | Source = VSS | ID = 8194
Description = 
 
Error - 01.12.2012 15:42:50 | Computer Name = Kathrin-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 09.12.2012 04:35:51 | Computer Name = Kathrin-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 16.12.2012 11:25:09 | Computer Name = Kathrin-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 30.12.2012 17:42:48 | Computer Name = Kathrin-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 02.01.2013 06:08:26 | Computer Name = Kathrin-PC | Source = Application Hang | ID = 1002
Description = Programm logon.scr, Version 6.0.6001.18000 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 156c  Anfangszeit: 01cde8c977436307  Zeitpunkt
 der Beendigung: 17597
 
Error - 09.01.2013 11:43:29 | Computer Name = Kathrin-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 10.01.2013 01:31:09 | Computer Name = Kathrin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 17.0.1.4715, Zeitstempel
 0x50b71a4b, fehlerhaftes Modul MSVCR100.dll, Version 10.0.30319.1, Zeitstempel 
0x4ba1dbbe, Ausnahmecode 0x40000015, Fehleroffset 0x0008d635,  Prozess-ID 0x768, Anwendungsstartzeit
 01cdeef33a735006.
 
Error - 16.01.2013 12:47:19 | Computer Name = Kathrin-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 20.01.2013 15:54:13 | Computer Name = Kathrin-PC | Source = VSS | ID = 8194
Description = 
 
[ System Events ]
Error - 17.01.2013 13:36:18 | Computer Name = Kathrin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 19.01.2013 10:00:27 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 05:13:42 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 07:35:40 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 12:21:06 | Computer Name = Kathrin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.01.2013 14:33:11 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 16:08:17 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 17:55:56 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.01.2013 00:57:29 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.01.2013 14:23:11 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

Schritt 3 GMER scan hat nix ergeben, save kann nichts abspeichern - hab ich was falsch gemacht? Es gab keine Warnung, Haken bei IAT/EAT hab ich weggemacht, nur C:\ angehakt, show all ließ sich nicht anhaken.

Danke für weitere Tipps
Gute Nacht

Auf Vista pup.installbrain und pup.dealio.TB gefunden!

Plagegeister aller Art und deren Bekämpfung: Auf Vista pup.installbrain und pup.dealio.TB gefunden!

Auf Vista pup.installbrain und pup.dealio.TB gefunden!

Ähnliche Themen: Auf Vista pup.installbrain und pup.dealio.TB gefunden!