Katrin Grabe 26.12.2012 21:53

Mein nächster Vorschlag wäre, Firefox nochmal komplett zu desinstallieren und nicht mehr eine Beta, sondern die aktuelle Version zu verwenden. Ich habe die Beta installiert, weil der Update Checker mir das empfohlen hatte :/

ryder 26.12.2012 21:54

Nein, hat damit nix zu tun.

Katrin Grabe 26.12.2012 22:31

So, die OTL. TXT:
(Bemerkung: Sag mal, dieses komische Amazon for Desktop oder so habe ich aber nicht installiert )


OTL logfile created on: 26.12.2012 21:56:20 - Run 1
OTL by OldTimer - Version    Folder = C:\Users\Windows 7\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 76,56% Memory free
9,74 Gb Paging File | 8,96 Gb Available in Paging File | 91,98% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 190,88 Gb Free Space | 82,00% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 52,45 Gb Free Space | 35,19% Space Free | Partition Type: NTFS
Drive F: | 13,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: WINDOWS7-PC | User Name: Windows 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Windows 7\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Stickies\stickies.exe (Zhorn Software)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Stickies\shook70.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (CodeMeter.exe) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x86\Sandra.sys File not found
DRV - (DigiNet) -- system32\DRIVERS\diginet.sys File not found
DRV - (catchme) -- C:\Users\WINDOW~1\AppData\Local\Temp\catchme.sys File not found
DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetnd6.sys (VIA Technologies, Inc.              )
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc.              )
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://{searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 74 2A D2 9B 85 CC 01  [binary data]
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\..\SearchScopes\{F3D27D94-9B5A-464E-98D7-BF88A0D63F86}: "URL" = hxxp://{searchTerms}
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1007\..\SearchScopes,DefaultScope =
========== FireFox ==========
FF - false
FF - true
FF - prefs.js..browser.startup.homepage: "hxxp://"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7BC0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9%7D:0.7.2
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - 4
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\ C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_108.dll ()
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\ Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.26 14:59:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.24 22:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.15 17:59:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 18.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.24 22:43:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 18.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011.11.22 22:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\Extensions
[2012.12.26 13:51:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\Firefox\Profiles\uwyw5m4j.default\extensions
[2012.09.27 17:18:27 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Windows 7\AppData\Roaming\mozilla\Firefox\Profiles\uwyw5m4j.default\extensions\
[2012.12.26 00:50:47 | 000,368,105 | ---- | M] () (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\extensions\
[2012.12.24 22:42:41 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\extensions\
[2012.08.29 20:16:47 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.10.03 20:20:46 | 000,202,016 | ---- | M] () (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi
[2012.12.26 01:04:00 | 000,005,998 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\discogs.xml
[2012.12.26 00:56:05 | 000,002,359 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\ebay-com.xml
[2012.12.26 01:07:52 | 000,004,915 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\flickr-commercial-licence.xml
[2012.12.26 00:57:05 | 000,007,814 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\google-bg.xml
[2012.12.26 00:59:10 | 000,002,315 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\google-default.xml
[2012.12.26 01:10:03 | 000,001,831 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\leo-deu-eng.xml
[2012.12.26 00:10:29 | 000,001,026 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\soundcloud.xml
[2012.12.26 00:10:29 | 000,001,094 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\urban-dictionary.xml
[2012.12.26 01:01:48 | 000,001,030 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\wikipedia-de.xml
[2012.12.26 00:10:29 | 000,002,168 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\youtube-videosuche.xml
[2012.12.26 13:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.24 22:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.12.19 21:12:50 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.12.26 00:10:29 | 000,001,853 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome  ==========
CHR - homepage: hxxp://
CHR - homepage: hxxp://
CHR - Extension: YouTube = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Erster Nutzer = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\
CHR - Extension: Erster Nutzer = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2012.12.26 14:45:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-2494939295-118947492-3605075000-1001..\Run: [] C:\Program Files\\UpdateChecker.exe (
O4 - HKU\S-1-5-21-2494939295-118947492-3605075000-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Programme\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2494939295-118947492-3605075000-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F55F180-1D97-457A-8BA5-B2CF2F1C38C2}: DhcpNameServer =
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {133B6B28-981D-25E5-598E-1D66090A5BA5} - Browser Customizations
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EEE08017-8036-2658-0CE9-8B71872528E7} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodeMeter Control Center.lnk - C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe - (WIBU-SYSTEMS AG)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Windows 7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ 3.4.1.lnk - C:\Programme\ 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Users^Windows 7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ 3.4.lnk - C:\Programme\ 3\program\quickstart.exe - ()
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll ()
Drivers32: wave1 - Digi32.dll File not found
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.12.26 21:53:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Windows 7\Desktop\OTL.exe
[2012.12.26 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.12.26 15:00:09 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.12.26 15:00:09 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.12.26 15:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.12.26 15:00:05 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.12.26 15:00:02 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.12.26 15:00:01 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.12.26 14:59:59 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.12.26 14:59:48 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.12.26 14:59:47 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.12.26 14:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.12.26 14:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.12.26 14:46:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.26 14:46:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.26 14:37:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.26 14:37:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.26 14:37:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.26 14:37:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.26 14:37:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.26 00:10:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2012.12.25 23:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2012.12.25 23:40:55 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.12.25 23:06:46 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Opera
[2012.12.25 23:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MicrosoftC:\Windows\System32\dhRichClient3.dll
[2012.12.25 23:05:13 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.12.25 23:05:03 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\DesktopIconForAmazon
[2012.12.25 23:04:58 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\OCS
[2012.12.25 22:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations
[2012.12.25 22:15:54 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\OfficeRecovery.d7cc0641
[2012.12.25 21:50:44 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\OfficeRecovery
[2012.12.24 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Foxit Reader
[2012.12.24 22:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012.12.24 22:37:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012.12.24 22:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.12.24 22:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.12.23 13:31:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012.12.23 13:27:30 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ 3.4.1
[2012.12.16 11:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012.12.16 11:38:06 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\System32\CamCodec.dll
[2012.12.16 11:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.6b
[2012.12.13 14:58:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.13 14:58:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.13 14:58:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.13 14:58:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.13 14:58:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.13 14:58:37 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.13 14:58:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.13 14:58:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.13 12:17:02 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.13 12:16:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.13 12:16:54 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.13 12:16:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 12:16:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 12:16:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 12:16:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 12:16:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 12:16:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 12:16:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 12:16:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 12:16:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 12:16:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 12:16:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 12:16:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 12:16:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 12:16:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 12:16:44 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.13 12:16:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
========== Files - Modified Within 30 Days ==========
[2012.12.26 21:53:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows 7\Desktop\OTL.exe
[2012.12.26 21:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.26 21:19:42 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.26 21:19:42 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.26 21:12:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.26 21:12:21 | 2615,861,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.26 14:59:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.26 14:45:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.26 13:39:32 | 297,037,157 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.26 00:41:45 | 000,004,489 | -H-- | M] () -- C:\Windows\System32\BTImages.dat
[2012.12.25 23:12:04 | 000,000,224 | ---- | M] () -- C:\Windows\System32\9B13A86D.plf
[2012.12.24 22:44:37 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.12.24 22:42:30 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.24 09:11:06 | 002,334,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.23 13:27:30 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\ 3.4.1.lnk
[2012.12.23 12:19:57 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.22 23:44:59 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.22 23:44:59 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.22 23:44:59 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.22 23:44:59 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========
[2012.12.26 14:37:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.26 14:37:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.26 14:37:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.26 14:37:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.26 14:37:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.26 13:39:32 | 297,037,157 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.25 23:24:12 | 000,004,489 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2012.12.25 23:05:14 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.12.25 22:24:47 | 000,000,224 | ---- | C] () -- C:\Windows\System32\9B13A86D.plf
[2012.12.23 13:27:30 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\ 3.4.1.lnk
[2012.11.04 14:35:45 | 000,001,456 | ---- | C] () -- C:\Users\Windows 7\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.09.27 18:48:55 | 000,017,408 | ---- | C] () -- C:\Users\Windows 7\AppData\Local\WebpageIcons.db
[2012.05.06 09:33:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012.03.13 13:22:23 | 000,007,608 | ---- | C] () -- C:\Users\Windows 7\AppData\Local\Resmon.ResmonCfg
[2012.02.06 15:12:07 | 000,005,632 | ---- | C] () -- C:\Users\Windows 7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.25 21:37:15 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.01.25 21:37:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.01.25 21:37:12 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.01.25 21:31:41 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.01.15 22:27:46 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.01.15 22:19:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.12.03 14:52:49 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.10.09 18:46:34 | 002,334,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.10.18 06:29:13 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\CheckPoint
[2012.01.21 21:53:11 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Bigasoft Audio Converter
[2012.12.24 22:38:06 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\CheckPoint
[2011.12.18 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DeepBurner
[2011.12.18 00:37:47 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DeepBurner Pro
[2012.12.25 23:05:09 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DesktopIconForAmazon
[2012.06.07 19:42:08 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\FileZilla
[2012.12.24 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Foxit Reader
[2012.06.12 23:14:00 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Mp3tag
[2012.12.25 23:04:58 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OCS
[2012.12.25 21:50:44 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OfficeRecovery
[2012.12.25 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OfficeRecovery.d7cc0641
[2011.10.07 14:40:38 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\
[2012.12.25 23:06:46 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Opera
[2011.12.20 15:09:34 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\ProtectDisc
[2012.01.26 10:32:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Publish Providers
[2012.02.26 20:40:24 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\stickies
[2011.11.22 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Thunderbird
[2012.05.24 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\Windows
========== Purity Check ==========
========== Custom Scans ==========
[2012.12.26 14:46:31 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.03.14 20:27:22 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.03.13 13:26:26 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.26 21:10:28 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.26 21:12:21 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.26 14:46:30 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.10.07 14:31:51 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.12.26 21:57:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.26 13:29:52 | 000,000,000 | ---D | M] -- C:\Temp
[2012.12.26 14:38:16 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.26 14:59:48 | 000,000,000 | ---D | M] -- C:\Windows
[2012.12.26 13:51:36 | 000,021,449 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012.12.26 14:46:28 | 000,012,832 | ---- | M] () -- C:\ComboFix.txt
[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012.12.26 21:12:21 | 2615,861,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.26 21:12:32 | 3487,817,728 | -HS- | M] () -- C:\pagefile.sys
[2012.12.25 19:46:06 | 000,212,523 | ---- | M] () -- C:\Rapvideos Semesterarbeit.odt
[2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
Invalid Environment Variable: PROGRAMFILES(X86)
< %appdata%\*.  >
[2012.05.20 00:22:12 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Adobe
[2012.02.21 14:50:14 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Apple Computer
[2012.01.21 21:53:11 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Bigasoft Audio Converter
[2012.12.24 22:38:06 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\CheckPoint
[2011.12.18 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DeepBurner
[2011.12.18 00:37:47 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DeepBurner Pro
[2012.12.25 23:05:09 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DesktopIconForAmazon
[2012.06.07 19:42:08 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\FileZilla
[2012.12.24 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Foxit Reader
[2012.06.12 23:14:00 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Foxit Software
[2011.10.07 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Identities
[2011.12.03 01:12:26 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Media Center Programs
[2012.12.21 00:42:56 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Media Player Classic
[2012.02.14 20:44:08 | 000,000,000 | --SD | M] -- C:\Users\Windows 7\AppData\Roaming\Microsoft
[2011.11.22 22:12:14 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Mozilla
[2012.07.16 22:52:46 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Mp3tag
[2011.11.29 00:34:08 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\NVIDIA
[2012.12.25 23:04:58 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OCS
[2012.12.25 21:50:44 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OfficeRecovery
[2012.12.25 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OfficeRecovery.d7cc0641
[2011.10.07 14:40:38 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\
[2012.12.25 23:06:46 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Opera
[2011.12.20 15:09:34 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\ProtectDisc
[2012.01.26 10:32:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Publish Providers
[2011.11.30 16:10:37 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Realtime Soft
[2012.02.26 20:40:24 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\stickies
[2011.11.22 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Thunderbird
[2012.12.16 11:38:42 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\vlc
[2012.05.24 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Winamp
[2011.12.02 17:20:57 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\WinRAR
< %appdata%\*.*  >
< %localappdata%\*.  >
[2012.04.04 11:26:19 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Adobe
[2011.10.07 14:32:01 | 000,000,000 | -HSD | M] -- C:\Users\Windows 7\AppData\Local\Anwendungsdaten
[2012.02.21 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Apple
[2012.04.24 01:05:35 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Apple Computer
[2012.12.25 22:35:19 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Apps
[2012.02.16 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\DFX
[2012.12.24 22:36:03 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Diagnostics
[2011.12.07 12:51:01 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Downloaded Installations
[2012.12.24 22:36:11 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\ElevatedDiagnostics
[2012.10.01 09:16:03 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Facebook
[2012.06.12 20:20:32 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Google
[2012.06.09 08:23:09 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Macromedia
[2012.01.28 01:05:39 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Microsoft
[2011.11.22 22:12:14 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Mozilla
[2012.11.09 14:55:41 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Programs
[2011.12.03 01:03:42 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Temp
[2011.10.07 14:32:01 | 000,000,000 | -HSD | M] -- C:\Users\Windows 7\AppData\Local\Temporary Internet Files
[2012.06.09 13:07:52 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Thinstall
[2012.12.24 22:43:48 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Thunderbird
[2012.11.09 15:45:06 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Unity
[2011.10.07 14:32:01 | 000,000,000 | -HSD | M] -- C:\Users\Windows 7\AppData\Local\Verlauf
[2012.06.15 00:05:05 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\VirtualStore
[2012.09.27 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Zattoo
< %localappdata%\*.* >
[2012.11.04 14:35:45 | 000,001,456 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.06.14 23:17:52 | 000,005,632 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.23 23:52:27 | 000,116,488 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.12.26 21:11:37 | 008,448,508 | -H-- | M] () -- C:\Users\Windows 7\AppData\Local\IconCache.db
[2012.03.13 13:22:23 | 000,007,608 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\Resmon.ResmonCfg
[2012.09.27 18:49:49 | 000,017,408 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\WebpageIcons.db
< %allusersprofile%\*.  >
[2012.09.27 18:48:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012.02.21 12:27:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2012.02.21 12:23:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012.12.26 14:59:37 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2012.12.25 22:21:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Cached Installations
[2012.03.14 15:23:01 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.02.21 11:32:05 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet
[2011.12.18 12:52:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012.05.06 09:34:25 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012.04.25 13:32:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2012.12.26 21:12:29 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2011.10.07 15:07:24 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011.10.07 14:39:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2012.12.24 22:32:08 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012.01.25 21:29:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Win7codecs
< %allusersprofile%\*.* >
[2012.01.15 22:27:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
========== Alternate Data Streams ==========
@Alternate Data Stream - 1288 bytes -> C:\ProgramData\Microsoft:FDUDNXZGOnVo2KkJszdkQL

< End of report >

Und die Extras.txt:


OTL Extras logfile created on: 26.12.2012 21:56:20 - Run 1
OTL by OldTimer - Version    Folder = C:\Users\Windows 7\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 76,56% Memory free
9,74 Gb Paging File | 8,96 Gb Available in Paging File | 91,98% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 190,88 Gb Free Space | 82,00% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 52,45 Gb Free Space | 35,19% Space Free | Partition Type: NTFS
Drive F: | 13,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: WINDOWS7-PC | User Name: Windows 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
========== Vista Active Open Ports Exception List ==========
"{008CB89E-5CF5-4850-A985-F7E3D0005796}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{09123A01-6FD6-45B9-A475-8D76CDEEF17A}" = rport=137 | protocol=17 | dir=out | app=system |
"{0F8DCDB1-3FC7-4238-96D0-5A0EC0070F91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{16FF2226-CA5C-45F9-A0A2-D98441501B06}" = rport=445 | protocol=6 | dir=out | app=system |
"{2E0220F3-7502-4AE6-9300-A96403C4AF4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3CE69D1B-0F94-422B-A3AB-412A2174937B}" = rport=139 | protocol=6 | dir=out | app=system |
"{47BCF276-AC3C-4CF9-B010-9F5B548E2FC8}" = lport=139 | protocol=6 | dir=in | app=system |
"{5294FE72-C824-4F63-A390-78487B148357}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56A2B222-457F-4943-B8D4-EBF3AD71E43B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{652A44C5-B0CC-4D82-9E00-5CC3D8361597}" = lport=445 | protocol=6 | dir=in | app=system |
"{85086E54-F96D-4155-948B-78B8D79FAC57}" = lport=138 | protocol=17 | dir=in | app=system |
"{8A026B16-E4A1-444D-B2CC-1505B862EC53}" = rport=138 | protocol=17 | dir=out | app=system |
"{AC0D9412-59E0-4B71-80D6-930E560E3DF4}" = lport=137 | protocol=17 | dir=in | app=system |
"{CD01C810-0D83-4468-BFB5-6127158C4676}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
"{26CC261A-131C-4CFE-B5A4-D2CDA1847F03}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{59D1045C-2E10-40A0-AC0E-B4030A4CE86E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5DB42C2A-0209-4B30-BA43-ECB8B7CDE6AC}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{82AF60C2-3919-48D5-9143-2389BB4E7CC9}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{897BE1A4-150D-4074-B66E-6FD39282EFE8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{960F8E06-D23C-4165-B1A4-01B20D6B074F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D8382DD7-B435-4B72-86D8-E11CA2632463}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{F925A354-D7CA-4565-965F-9C2DAA5A8FFE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{2D2461BD-E260-41B6-AF9A-FFAACD7E6698}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{52F24447-4DD4-4081-9407-89529686599A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{3498525E-AC75-48E7-8DB8-9A707DDDCF13}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7ED5CCCF-021A-4903-B517-F61145779910}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0E49A356-E4F2-4A3F-8243-2FF7A2588066}" = Authorizer Ignition Key Support
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6D8A751-F5E6-11E0-9DE8-005056C00008}" = MSVCRT Redists
"{C0E3B891-B7C3-11E0-A2BD-001320F83A25}" = MSVCRT Redists
"{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9627240-E930-11E0-8690-F04DA23A5C58}" = MSVCRT Redists
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"ESET Online Scanner" = ESET Online Scanner v3
"" = Update Checker
"Foxit Reader_is1" = Foxit Reader
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)
"Mozilla Thunderbird 18.0 (x86 en-US)" = Mozilla Thunderbird 18.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.51
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"VLC media player" = VLC media player 2.0.2
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"ZhornStickies" = Stickies 7.1b
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== HKEY_USERS Uninstall List ==========
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.11.2012 17:54:00 | Computer Name = Windows7-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 03.12.2012 04:55:55 | Computer Name = Windows7-PC | Source = Windows Backup | ID = 4103
Description =
Error - 05.12.2012 17:54:01 | Computer Name = Windows7-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a278  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000017  Fehleroffset: 0x0007dcc9  ID des fehlerhaften
 Prozesses: 0x424  Startzeit der fehlerhaften Anwendung: 0x01cdd3173d6e5f01  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 47169e8c-3f26-11e2-98d6-001e90b7e486
Error - 06.12.2012 21:32:30 | Computer Name = Windows7-PC | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1db0    Startzeit:
 01cdd41a73e5f039    Endzeit: 20    Anwendungspfad: C:\Program Files\Winamp\winamp.exe    Berichts-ID:
Error - 06.12.2012 22:10:47 | Computer Name = Windows7-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_5_502_131.exe,
 Version: 11.5.502.131, Zeitstempel: 0x50b2d900  Name des fehlerhaften Moduls: ntdll.dll,
 Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0001f9ea  ID des fehlerhaften Prozesses: 0x88c  Startzeit der fehlerhaften Anwendung:
 0x01cdd3e9320bd564  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_131.exe
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 503a41e9-4013-11e2-a736-001e90b7e486
Error - 09.12.2012 14:00:01 | Computer Name = Windows7-PC | Source = Windows Backup | ID = 4103
Description =
Error - 09.12.2012 15:34:09 | Computer Name = Windows7-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 13.12.2012 19:13:25 | Computer Name = Windows7-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a278  Name des fehlerhaften Moduls: audioeng.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bd97c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00047e13  ID des fehlerhaften
 Prozesses: 0x430  Startzeit der fehlerhaften Anwendung: 0x01cdd964a850ebb6  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\System32\audioeng.dll  Berichtskennung: b18f9bbd-457a-11e2-b5b9-001e90b7e486
[ System Events ]

Error - 26.12.2012 09:38:16 | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7005
Description = Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen:
Error - 26.12.2012 09:39:24 | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 26.12.2012 09:42:47 | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 26.12.2012 09:45:15 | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 26.12.2012 16:10:17 | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Routing Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 26.12.2012 16:10:19 | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
< End of report >

ryder 26.12.2012 22:34

Dann kannst du das schon mal entfernen, während ich das hier durchsehe.

Katrin Grabe 26.12.2012 22:42

Interessant. Ich hab die Datei mehrfach löschen wollen und bin dann auf folgendes gestoßen: . Auf dem Desktop war kein Symbol oder sowas. Ich hab die Spur weiter verfolgt und folgendes Verzeichnis gefunden (Nein ich benutze kein Zattoo und weiß nicht, was der Rest sein soll):

Mein erster Impuls wäre jetzt, den ganzen Driss zu löschen :D :D

ryder 26.12.2012 22:49

Na man muss die Driss leider erstmal richtig einkreisen ...

Hast du vor ein paar Tagen den Foxit Reader installiert?

ryder 26.12.2012 22:50


Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    C:\Users\Windows 7\AppData\Roaming\Opera
    C:\Program Files\InstallShield Installation Information
    C:\Users\Windows 7\AppData\Roaming\DesktopIconForAmazon
    C:\Users\Windows 7\AppData\Roaming\OCS
    C:\ProgramData\Cached Installations
    C:\Users\Windows 7\AppData\Roaming\OfficeRecovery.d7cc0641
    C:\Users\Windows 7\AppData\Roaming\OfficeRecovery
    C:\Users\Windows 7\AppData\Roaming\Foxit Reader

  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Katrin Grabe 26.12.2012 22:51

Den Foxit habe ich vor etwa 2 Tagen aktualisiert. Soll ich diese Dateien jetzt löschen oder nicht ?

Hier das Logfile:


SystemLook 30.07.11 by jpshortstuff
Log created at 22:51 on 26/12/2012 by Windows 7
Administrator - Elevation successful

No Context: Code:

========== dir ==========

C:\Users\Windows 7\AppData\Roaming\Opera - Parameters: "(none)"

None found.

Opera        d------        [22:06 25/12/2012]

C:\ProgramData\MicrosoftC:\Windows\System32\dhRichClient3.dll - Unable to find folder.

C:\Program Files\InstallShield Installation Information - Parameters: "(none)"

None found.

None found.

C:\Users\Windows 7\AppData\Roaming\DesktopIconForAmazon - Parameters: "(none)"

ama.ico        --a---- 360518 bytes        [22:05 25/12/2012]        [22:05 25/12/2012]
IconForAmazon.exe        --a---- 753664 bytes        [22:05 25/12/2012]        [22:05 25/12/2012]

None found.

C:\Users\Windows 7\AppData\Roaming\OCS - Parameters: "(none)"

None found.

SM        d------        [22:04 25/12/2012]

C:\ProgramData\Cached Installations - Parameters: "(none)"

None found.

{E472E726-B8D2-4B6D-9A37-0AE08EA2B042}        d------        [21:21 25/12/2012]

C:\Users\Windows 7\AppData\Roaming\OfficeRecovery.d7cc0641 - Parameters: "(none)"

None found.

psr        d------        [20:50 25/12/2012]
Reports        d------        [20:51 25/12/2012]

C:\Users\Windows 7\AppData\Roaming\OfficeRecovery - Parameters: "(none)"

None found.

psr        d------        [20:50 25/12/2012]

C:\Users\Windows 7\AppData\Roaming\Foxit Reader - Parameters: "(none)"

reader_update_req.xml        --a---- 503 bytes        [21:51 24/12/2012]        [21:51 24/12/2012]

None found.

 - Unable to find folder.

-= EOF =-

ryder 26.12.2012 22:52

Du machst bitte nichts alleine. Das ist eine neue Infektion und ich will die Dateien auf jedenfall noch untersuchen, also sei bitte geduldig, du hilft damit sehr vielen Leuten nach dir :)

Katrin Grabe 26.12.2012 22:53

Sorry :D


SystemLook 30.07.11 by jpshortstuff
Log created at 22:51 on 26/12/2012 by Windows 7
Administrator - Elevation successful

No Context: Code:

========== dir ==========

C:\Users\Windows 7\AppData\Roaming\Opera - Parameters: "(none)"

None found.

Opera        d------        [22:06 25/12/2012]

C:\ProgramData\MicrosoftC:\Windows\System32\dhRichClient3.dll - Unable to find folder.

C:\Program Files\InstallShield Installation Information - Parameters: "(none)"

None found.

None found.

C:\Users\Windows 7\AppData\Roaming\DesktopIconForAmazon - Parameters: "(none)"

ama.ico        --a---- 360518 bytes        [22:05 25/12/2012]        [22:05 25/12/2012]
IconForAmazon.exe        --a---- 753664 bytes        [22:05 25/12/2012]        [22:05 25/12/2012]

None found.

C:\Users\Windows 7\AppData\Roaming\OCS - Parameters: "(none)"

None found.

SM        d------        [22:04 25/12/2012]

C:\ProgramData\Cached Installations - Parameters: "(none)"

None found.

{E472E726-B8D2-4B6D-9A37-0AE08EA2B042}        d------        [21:21 25/12/2012]

C:\Users\Windows 7\AppData\Roaming\OfficeRecovery.d7cc0641 - Parameters: "(none)"

None found.

psr        d------        [20:50 25/12/2012]
Reports        d------        [20:51 25/12/2012]

C:\Users\Windows 7\AppData\Roaming\OfficeRecovery - Parameters: "(none)"

None found.

psr        d------        [20:50 25/12/2012]

C:\Users\Windows 7\AppData\Roaming\Foxit Reader - Parameters: "(none)"

reader_update_req.xml        --a---- 503 bytes        [21:51 24/12/2012]        [21:51 24/12/2012]

None found.

 - Unable to find folder.

-= EOF =-

ryder 26.12.2012 23:06

Das ist echt ein kompliziertes Ding ... ich schaue morgen weiter, was wir da machen.

Katrin Grabe 26.12.2012 23:07

Meinst du ich kann jetzt wieder surfen oder sollte es erstmal komplett lassen? Ich mach mir Sorgen wegen Phishing.

ryder 26.12.2012 23:09

Im Moment würde ich das nicht empfehlen.

Was du mal probieren kannst:

Kommen die Umleitungen auch in anderen Browsern? Also Internetexplorer oder zb. Opera?
Wenn du abgesichert bootest, kommt es dann auch?

Bis morgen.

Katrin Grabe 26.12.2012 23:18

Sorry, letzte Frage für Heute: Wiekomm ich denn in den abgesicherten Modus ? Habe während dem Start beim ersten Versuch F5 und beim zweiten F8 gedrückt, hat nix gebracht.

Gute Nacht mein Lieber :heilig:

Guten Morgen!

Heute schaffen wir es :)

ryder 27.12.2012 10:25

Hast du dir ein FF Plugin installiert namens Fast Video Download?

